Detecting Trojan Circuits in Chips via Side-Channel Analysis - overview
Security Accomplishment | 2007
Where the work was done: IBM T.J. Watson Research Center
What we accomplished: For a system to be secure, not only the software must be trusted and free of malware, but also the hardware. This work proposes an efficient means of detecting viruses implanted in chips.
Related links: IBM Research Report. From Trojan Detection Using IC Fingerprinting at the 2007 IEEE Symposium on Security and Privacy: "Hardware manufacturers are increasingly outsourcing their IC [Integrated Circuit, aka computer chip] fabrication work overseas due to their much lower cost structure. This poses a significant security risk for ICs used for critical military and business applications. Attackers can exploit this loss of control to substitute Trojan ICs for genuine ones or insert a Trojan circuit into the design or mask used for fabrication.
"We show that a technique borrowed from side-channel cryptanalysis can be used to mitigate this problem. Our approach uses noise modeling to construct a set of fingerprints/or an IC family utilizing side- channel information such as power, temperature, and electromagnetic (EM) profiles. The set of fingerprints can be developed using a few ICs from a batch and only these ICs would have to be invasively tested to ensure that they were all authentic. The remaining ICs are verified using statistical tests against the fingerprints."