Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hardware Trojans: The Hidden Malicious Insider

Published byCaren Gibson Modified over 6 years ago

Similar presentations

Presentation on theme: "Hardware Trojans: The Hidden Malicious Insider"— Presentation transcript:

1 Hardware Trojans: The Hidden Malicious Insider
Cyber Security Forum 06-07 Feb, 2018 – Amman, Jordan Malek Al-Zewairi ©2018

2 Malek Al-Zewairi مالك الزويري
About the Presenter Malek Al-Zewairi مالك الزويري Education PhD. Computer Science at PSUT – Intelligence and Security Informatics (2015-) MSc. Information Systems Security & Digital Criminology ( ) BSc. Computer Information Systems ( ) Professional Experience Senior Security Consultant and Professional Trainer – Precise Thinking TCT Head of Information Security – University of Jordan (2 Years) Information Security & Risk Administrator – Orange Telecom (+2 years) Certification 16+ Professional Security Certificates

3 What are Hardware Trojans
Analogous to Software Trojan (i.e. malicious software masquerade as a benign application) Hardware Trojans are malicious modifications (malicious circuit) to the hardware design or implementation Stays dormant during normal operation Once triggered by internal or external event, it causes the hardware to Fail!!!

4 What are Hardware Trojans
Injected by intelligent adversary Have very small probability of occurrence Have very small hardware overhead Extremely hard to detect IT IS NOT LIKE Meltdown or Spectre

5 Example of Hardware Trojan

6 Main Targets of Hardware Trojans
Military & Government Systems Critical Infrastructure (e.g. Power Grid, Nuclear Power Plant, …) Transportations (e.g. plans, trains, …) Telecommunication (e.g. Satellite, … ) Banking Systems

7 Real World Examples…

8 Case 1: Operation Orchard (عملية البستان)
On 5th Sep 2007 at 23:00, Ten Israeli F-15 fighters were tasked with a supposed emergency exercise At 23:30 three jet fighters were called off the exercise, the remaining 7 fighters were ordered to change course to a new undisclosed coordination The Syrian Radar system in Tall al-Abuad (تل الأبيض) was deactivated by a secret built-in kill switch * Syria’s air defense systems, were showing a false sky-picture At 23:58, Syria's al-Kibar (موقع الكُبر) Nuclear Reactor was targeted with 17 tons of explosives using laser-guided bombs Syrian Radar systems SoCs have been fabricated with Hardware Trojan * The Hunt for the Kill Switch, IEEE Spectrum,

9 More Cases… Hardware Trojan was discovered on some Dell EdgePower servers motherboards firmware ROM during testing, 2008 Operation Cisco Raider, USA, 2008 Hardware Trojan attack on Intel’s CSRNG reduces its entropy from 128- bits to 32-bits, 2010 Spy-chips hidden in electric irons and kettles from China were discovered by Russian technician, 2013

10 A Hardware Trojans can be injected at
Pre Silicon Design, testing and debugging tools Malicious IP design Example: changing the thickness of wires, tampering with the clock speed Silicon Add malicious circuits, reconnect wires Fake or counterfeit chips Example: adding a simple ring oscillator Trojan to cause power dissipation Post Silicon Add malicious ICs in packaging Malicious 3rd party testers Example: Dynamic Partial Reconfiguration (DPR) of FPGA

11 Does your organization have an active source-code review policy?

12 Hardware Trojan Detection Methods

13 Problem with current detection methods
Lack of general detection techniques/frameworks Most proposed techniques cannot guarantee Trojan detection Destructive methods are not practical Searching for something that is Unknown! Test time is expensive (e.g. 2billion States!!!) Trojans are designed to be stealthy

14 Q&A Thank You 

15 References Hardware Trojan: Threats and Emerging Solutions, Chakraborty et al Understanding Integrated Circuit Security Threats, Asif Iqbal The Hunt for the Kill Switch, Sally Adee Stealthy Dopant-Level Hardware Trojans, Becker et al homeland-security-announce-30-convictions-more-than-143-million-in-seizures-from- initiative-targeting-traffickers-in-counterfeit-network-hardware

Download ppt "Hardware Trojans: The Hidden Malicious Insider"

Similar presentations

1 Protecting the Long Island Business Community A Public Safety Partnership.

1 Protecting the Long Island Business Community A Public Safety Partnership.
Cyberspace - A Global Battlespace? Joel Ebrahimi Solutions Architect Bivio Networks, Inc.

Cyberspace - A Global Battlespace? Joel Ebrahimi Solutions Architect Bivio Networks, Inc.
Tamper Evident Microprocessors Adam Waksman Simha Sethumadhavan Computer Architecture & Security Technologies Lab (CASTL) Department of Computer Science.

Tamper Evident Microprocessors Adam Waksman Simha Sethumadhavan Computer Architecture & Security Technologies Lab (CASTL) Department of Computer Science.
Physical Unclonable Functions and Applications

Physical Unclonable Functions and Applications
Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.

Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Introduction to digital signal processing T he development is a result of advances in digital computer technology and integrated circuit fabrication. Computers.

Introduction to digital signal processing T he development is a result of advances in digital computer technology and integrated circuit fabrication. Computers.
CYBERSPACE A Global War-fighting Domain Every minute of every day, Airmen in the United States Air Force are flying and fighting in cyberspace.

CYBERSPACE A Global War-fighting Domain Every minute of every day, Airmen in the United States Air Force are flying and fighting in cyberspace.
1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.
Jeff Williams 2015.  Intro  Awesome Times  Security Briefing  Service with Security.

Jeff Williams  Intro  Awesome Times  Security Briefing  Service with Security.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.

Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.
FACULTY OF ELECTRICAL ENGINEERING DEPT. OF TELECOMMUNICATION ENGINEERING CZECH TECHNICAL UNIVERSITY IN PRAGUE ITU Centre of the Czech Technical.

FACULTY OF ELECTRICAL ENGINEERING DEPT. OF TELECOMMUNICATION ENGINEERING CZECH TECHNICAL UNIVERSITY IN PRAGUE ITU Centre of the Czech Technical.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.
Securing the core root of trust (research in secure hardware design and test) Ramesh Karri ECE Department.

Securing the core root of trust (research in secure hardware design and test) Ramesh Karri ECE Department.

Similar presentations

Ads by Google