Hardware Malware

C. Krieg, A. Dabrowski, H. Hobel, K. Krombholz, E. Weippl:
"Hardware Malware";
Synthesis Lectures on Information Security, Privacy, and Trust,4(2013), 2; S. 1 - 115.

[ Publication Database ]

Abstract:


In our digital world, integrated circuits are present in nearly every moment of our daily life. Even
when using the coffee machine in the morning, or driving our car to work, we interact with integrated
circuits.e increasing spread of information technology in virtually all areas of life in the
industrialized world offers a broad range of attack vectors. So far, mainly software-based attacks
have been considered and investigated, while hardware-based attacks have attracted comparatively
little interest.e design and production process of integrated circuits is mostly decentralized due
to financial and logistical reasons.erefore, a high level of trust has to be established between
the parties involved in the hardware development lifecycle. During the complex production chain,
malicious attackers can insert non-specified functionality by exploiting untrusted processes and
backdoors.is work deals with the ways in which such hidden, non-specified functionality can
be introduced into hardware systems. After briefly outlining the development and production
process of hardware systems, we systematically describe a new type of threat, the hardware Trojan.
We provide a historical overview of the development of research activities in this field to show
the growing interest of international research in this topic. Current work is considered in more
detail. We discuss the components that make up a hardware Trojan as well as the parameters that
are relevant for an attack. Furthermore, we describe current approaches for detecting, localizing,
and avoiding hardware Trojans to combat them effectively. Moreover, this work develops a comprehensive
taxonomy of countermeasures and explains in detail how specific problems are solved.
In a final step, we provide an overview of related work and offer an outlook on further research
in this field.