When it comes to cyberthreats, people tend to think in terms of software vulnerabilities and malware attacks, such as last year’s WannaCry attack that crippled businesses and hospitals in 150 countries.
But recently, another threat has emerged—one that’s even harder to detect and poses risks ranging from national defense to healthcare. The threat comes from hardware Trojans that can be embedded into electronic devices during chip manufacturing.
Marvin Onabajo, assistant professor of electrical and computer engineering at Northeastern, has set out to solve this problem, working under a three-year Young Investigator Award from the Army Research Office. The fact that the Army is funding his work speaks to the level of threat posed by the sabotage of chips in communication and computing devices.
“The main concern is with chips that are involved in critical operations such as those in airplanes, medical devices, and national defense,” he says.
“The main concern is with chips that are involved in critical operations such as those in airplanes, medical devices, and national defense.”
Onabajo, who is an expert in integrated circuit design, came upon this line of research almost by accident. He was developing a temperature sensing method to test and verify the performance of circuits on the same chip. Since the activity of circuits affects the temperature of the silicon area surrounding them, changes in performance can be monitored with nearby sensors within the chip.
While he was doing this research, Onabajo kept reading about the growing concern about chip sabotage and how hard it is to detect.
“I thought about the issue and realized that it’s a power detection problem,” he says. “And now I’m applying this on-chip temperature sensing methodology to detect the unwanted activity of Trojan circuits that have been maliciously inserted in chips.”
Origin of the threat
Onabajo explains that the problem arises because there is inadequate control over chip manufacturing. Even when products are designed by reputable companies, many outsource the manufacturing of component parts, including chips that perform critical functions.
“This practice presents opportunities to alter the chip design,” he says. “If the fabrication is not conducted in a highly controlled environment, there’s an opportunity to alter the design with malicious intent.”
For example, the saboteur may want to create a window for hacking into banks or personal computers for monetary gain—or to access defense systems or national intelligence data. Still others may want to tamper with chips that are essential to running hospital equipment or entire transportation systems.
The saboteurs may design the Trojan to automatically shut down the circuitry at a designated time, or set it up to be triggered by a certain chain of user activities. Sometimes the Trojan creates a window for a hacker to activate it remotely.
What makes hardware Trojans particularly hard to detect is that they might not change the typical operation of a chip in a way that’s detectable by the user or even by standard functionality tests.
A new approach
One existing approach for detecting performance changes is to connect monitoring circuits directly to the chip being tested. However, this can affect the accuracy of the test because the additional circuitry can compromise chip performance in demanding applications.
Another approach has been to test chips with external measurement equipment after fabrication. This presents another challenge, because these measurements must be extremely accurate and raises the overall cost of chip testing. It also presents interference and reliability problems because it’s difficult to tell whether the problem is in the circuit being tested or at the interface between the chip and the measurement equipment.
Onabajo’s methodology is based on the principle that electronic activity produces heat, which makes it possible to detect any unexpected activity in the chip with temperature sensors in the chip. If this occurs, the sensor can automatically alert users about the suspicious activity. It can also be set up to immediately deactivate the hardware to prevent leakage of important information.
“When you measure temperature changes on the chip, you don’t have to connect to the circuit,” he says. “The technique we’re developing just involves the placement of sensors close to the chip so they don’t affect performance.”