Hardware backdoor

Last updated

Hardware backdoors are backdoors in hardware, such as code inside hardware or firmware of computer chips. [1] The backdoors may be directly implemented as hardware Trojans in the integrated circuit.

Contents

Hardware backdoors are intended to undermine security in smartcards and other cryptoprocessors unless investment is made in anti-backdoor design methods. [2] They have also been considered for car hacking. [3]

Severity

Hardware backdoors are considered to be highly problematic for several reasons. [1] For instance, they cannot be removed by conventional means such as antivirus software. They can also circumvent other types of security, such as disk encryption. Lastly, they can also be injected during production where the user has no control.

Examples

Countermeasures

Skorobogatov has developed a technique capable of detecting malicious insertions into chips. [9]

New York University Tandon School of Engineering researchers have developed a way to corroborate a chip's operation using verifiable computing whereby "manufactured for sale" chips contain an embedded verification module that proves the chip's calculations are correct and an associated external module validates the embedded verification module. [8] Another technique developed by researchers at University College London (UCL) relies on distributing trust between multiple identical chips from disjoint supply chains. Assuming that at least one of those chips remains honest the security of the device is preserved. [20]

Researchers at the University of Southern California Ming Hsieh Department of Electrical and Computer Engineering and the Photonic Science Division at the Paul Scherrer Institute have developed a new technique called Ptychographic X-ray laminography. [21] This technique is the only current method that allows for verification of the chips blueprint and design without destroying or cutting the chip. It also does so in significantly less time than other current methods. Anthony F. J. Levi Professor of electrical and computer engineering at University of Southern California explains “It’s the only approach to non-destructive reverse engineering of electronic chips—[and] not just reverse engineering but assurance that chips are manufactured according to design. You can identify the foundry, aspects of the design, who did the design. It’s like a fingerprint.” [21] This method currently is able to scan chips in 3D and zoom in on sections and can accommodate chips up to 12 millimeters by 12 millimeters easily accommodating an Apple A12 chip but not yet able to scan a full Nvidia Volta GPU. [21] "Future versions of the laminography technique could reach a resolution of just 2 nanometers or reduce the time for a low-resolution inspection of that 300-by-300-micrometer segment to less than an hour, the researchers say." [21]

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer software, systems and networks from threats that may result in unauthorized information disclosure, theft of hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Industrial espionage</span> Use of espionage for commercial purposes rather than security

Industrial espionage, also known as economic espionage, corporate spying, or corporate espionage, is a form of espionage conducted for commercial purposes instead of purely national security.

<span class="mw-page-title-main">Firmware</span> Low-level computer software

In computing, firmware is software that provides low-level control of computing device hardware. For a relatively simple device, firmware may perform all control, monitoring and data manipulation functionality. For a more complex device, firmware may provide relatively low-level control as well as hardware abstraction services to higher-level software such as an operating system.

<span class="mw-page-title-main">Secure cryptoprocessor</span> Device used for encryption

A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike cryptographic processors that output decrypted data onto a bus in a secure environment, a secure cryptoprocessor does not output decrypted data or decrypted program instructions in an environment where security cannot always be maintained.

Computer and network surveillance is the monitoring of computer activity and data stored locally on a computer or data being transferred over computer networks such as the Internet. This monitoring is often carried out covertly and may be completed by governments, corporations, criminal organizations, or individuals. It may or may not be legal and may or may not require authorization from a court or other independent government agencies. Computer and network surveillance programs are widespread today and almost all Internet traffic can be monitored.

<span class="mw-page-title-main">Huawei</span> Chinese multinational technology company

Huawei Technologies Co., Ltd. is a Chinese multinational conglomerate technology corporation headquartered in Longgang District, Shenzhen, Guangdong province. It designs, develops, manufactures and sells digital telecommunications equipment, consumer electronics, smart devices, distributed operating systems, electric vehicle autonomous driving systems, and various rooftop solar products. The corporation was founded in 1987 by Ren Zhengfei, a former officer in the People's Liberation Army (PLA).

<span class="mw-page-title-main">RSA Security</span> American computer security company

RSA Security LLC, formerly RSA Security, Inc. and trade name RSA, is an American computer and network security company with a focus on encryption and encryption standards. RSA was named after the initials of its co-founders, Ron Rivest, Adi Shamir and Leonard Adleman, after whom the RSA public key cryptography algorithm was also named. Among its products is the SecurID authentication token. The BSAFE cryptography libraries were also initially owned by RSA. RSA is known for incorporating backdoors developed by the NSA in its products. It also organizes the annual RSA Conference, an information security conference.

A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment. Backdoors are most often used for securing remote access to a computer, or obtaining access to plaintext in cryptosystems. From there it may be used to gain access to privileged information like passwords, corrupt or delete data on hard drives, or transfer information within autoschediastic networks.

<span class="mw-page-title-main">ZTE</span> Chinese telecommunication company

ZTE Corporation is a Chinese partially state-owned technology company that specializes in telecommunication. Founded in 1985, ZTE is listed on both the Hong Kong and Shenzhen Stock Exchanges.

<span class="mw-page-title-main">Tailored Access Operations</span> Unit of the U.S. National Security Agency

The Office of Tailored Access Operations (TAO), now Computer Network Operations, and structured as S32, is a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA). It has been active since at least 1998, possibly 1997, but was not named or structured as TAO until "the last days of 2000," according to General Michael Hayden.

<span class="mw-page-title-main">Bullrun (decryption program)</span> Code name of a decryption program run by the NSA

Bullrun is a clandestine, highly classified program to crack encryption of online communications and data, which is run by the United States National Security Agency (NSA). The British Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the Bullrun classification guide published by The Guardian, the program uses multiple methods including computer network exploitation, interdiction, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques.

<span class="mw-page-title-main">ANT catalog</span> Classified catalog of hacking tools by the NSA

The ANT catalog is a classified product catalog by the U.S. National Security Agency (NSA) of which the version written in 2008–2009 was published by German news magazine Der Spiegel in December 2013. Forty-nine catalog pages with pictures, diagrams and descriptions of espionage devices and spying software were published. The items are available to the Tailored Access Operations unit and are mostly targeted at products from US companies such as Apple, Cisco and Dell. The source is believed to be someone different than Edward Snowden, who is largely responsible for the global surveillance disclosures during the 2010s. Companies whose products could be compromised have denied any collaboration with the NSA in developing these capabilities. In 2014, a project was started to implement the capabilities from the ANT catalog as open-source hardware and software.

<span class="mw-page-title-main">Intel Management Engine</span> Autonomous computer subsystem

The Intel Management Engine (ME), also known as the Intel Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. It is located in the Platform Controller Hub of modern Intel motherboards.

<span class="mw-page-title-main">Vault 7</span> CIA files on cyber war and surveillance

Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, detailing the activities and capabilities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare. The files, dating from 2013 to 2016, include details on the agency's software capabilities, such as the ability to compromise cars, smart TVs, web browsers including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, the operating systems of most smartphones including Apple's iOS and Google's Android, and computer operating systems including Microsoft Windows, macOS, and Linux. A CIA internal audit identified 91 malware tools out of more than 500 tools in use in 2016 being compromised by the release. The tools were developed by the Operations Support Branch of the CIA.

Hardware security is a discipline originated from the cryptographic engineering and involves hardware design, access control, secure multi-party computation, secure key storage, ensuring code authenticity, measures to ensure that the supply chain that built the product is secure among other things.

<span class="mw-page-title-main">Supermicro</span> American supplier of servers and other information technology products

Super Micro Computer, Inc., dba Supermicro, is an American information technology company based in San Jose, California. The company is one of the largest producers of high-performance and high-efficiency servers, while also providing server management software, and storage systems for various markets, including enterprise data centers, cloud computing, artificial intelligence, 5G and edge computing. Supermicro was founded on November 1, 1993, and has manufacturing operations in Silicon Valley, the Netherlands, and in Taiwan at its Science and Technology Park.

Government hacking permits the exploitation of vulnerabilities in electronic products, especially software, to gain remote access to information of interest. This information allows government investigators to monitor user activity and interfere with device operation. Government attacks on security may include malware and encryption backdoors. The National Security Agency's PRISM program and Ethiopia's use of FinSpy are notable examples.

The Chinese multinational information technology and consumer electronics company Huawei has faced numerous criticisms for various aspects of its operations, particularly in regards to cybersecurity, intellectual property, and human rights violations.

Concerns over Chinese involvement in 5G wireless networks stem from allegations that cellular network equipment sourced from vendors from the People's Republic of China may contain backdoors enabling surveillance by the Chinese government and Chinese laws, such as the Cybersecurity Law of the People's Republic of China, which compel companies and individuals to assist the state intelligence agency on the collection of information whenever requested. The allegations came against the backdrop of the rising prominence of Chinese telecommunication vendors Huawei and ZTE in the 5G equipment market, and the controversy has led to other countries debating whether Chinese vendors should be allowed to participate in 5G deployments.

<span class="mw-page-title-main">Jonathan Brossard</span> French computer scientist

Jonathan Brossard also known under the username endrazine, is a French hacker, Engineer and Professor of computer science at the Conservatoire National des Arts et Metiers. He is best known as a pioneer in firmware cybersecurity, having presented the first public example of a Hardware backdoor. The MIT Technology Review called it "undetectable and uncurable". He has presented multiple times at conferences such as Defcon and Blackhat, as the Director of Security at Salesforce.

References

  1. 1 2 3 "Rakshasa: The hardware backdoor that China could embed in every computer - ExtremeTech". ExtremeTech. 1 August 2012. Retrieved 22 January 2017.
  2. Waksman, Adam (2010), "Tamper Evident Microprocessors" (PDF), Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, archived from the original (PDF) on 2013-09-21, retrieved 2019-08-27
  3. Smith, Craig (2016-03-24). The Car Hacker's Handbook: A Guide for the Penetration Tester. No Starch Press. ISBN   9781593277031 . Retrieved 22 January 2017.
  4. Wagner, David (2008-07-30). Advances in Cryptology - CRYPTO 2008: 28th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2008, Proceedings. Springer Science & Business Media. ISBN   9783540851738 . Retrieved 22 January 2017.
  5. Mishra, Prabhat; Bhunia, Swarup; Tehranipoor, Mark (2017-01-02). Hardware IP Security and Trust. Springer. ISBN   9783319490250 . Retrieved 22 January 2017.
  6. "Hardware-Hack: Backdoor in China-Chips entdeckt?" (in German). CHIP Online. Archived from the original on 2 February 2017. Retrieved 22 January 2017.
  7. "Hackers Could Access US Weapons Systems Through Chip". CNBC. 8 June 2012. Retrieved 22 January 2017.
  8. 1 2 "Self-checking chips could eliminate hardware security issues - TechRepublic". Tech Republic. 31 August 2016. Retrieved 22 January 2017.
  9. 1 2 "Cambridge Scientist Defends Claim That US Military Chips Made In China Have 'Backdoors'". Business Insider. Retrieved 22 January 2017.
  10. Lee, Michael. "Researchers find backdoor on ZTE Android phones". ZDNet. Retrieved 22 January 2017.
  11. Schoen, Douglas E.; Kaylan, Melik (9 September 2014). The Russia-China Axis: The New Cold War and America's Crisis of Leadership. Encounter Books (published 2014). ISBN   9781594037573 . Retrieved 2020-05-16. Hardware-encoded backdoors are more threatening than software-encoded ones [...] In October 2012, the U.S. House Permanent Select Committee on Intelligence recommended that U.S. companies avoid hardware made by Chinese telecom giants Huawei and ZTE, saying that its use constitutes a risk to national security. Huawei and ZTE manufacture network hardware for telecommunications systems.
  12. "Researchers find new, ultra-low-level method of hacking CPUs - and there's no way to detect it - ExtremeTech". ExtremeTech. 16 September 2013. Retrieved 22 January 2017.
  13. "Photos of an NSA "upgrade" factory show Cisco router getting implant". Ars Technica. 2014-05-14. Retrieved 22 January 2017.
  14. "NSA's Secret Toolbox: Unit Offers Spy Gadgets for Every Need". Der Spiegel. SPIEGEL ONLINE. 30 December 2013. Retrieved 22 January 2017.
  15. "Your USB cable, the spy: Inside the NSA's catalog of surveillance magic". Ars Technica. 2013-12-31. Retrieved 22 January 2017.
  16. Greenberg, Andy (June 2016). "This 'Demonically Clever' Backdoor Hides In a Tiny Slice of a Computer Chip". WIRED. Retrieved 22 January 2017.
  17. Storm, Darlene (2016-06-06). "Researchers built devious, undetectable hardware-level backdoor in computer chips". Computerworld. Retrieved 22 January 2017.
  18. "Hardware hack defeats iPhone passcode security". BBC News. 19 September 2016. Retrieved 22 January 2017.
  19. Robertson, Jordan; Riley, Michael (4 October 2018). "The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies". Bloomberg. Retrieved 2022-03-06.
  20. Vasilios Mavroudis; et al. "A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components" (PDF). backdoortolerance.org. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security.
  21. 1 2 3 4 Moore, Samuel (2019-10-07). "X-Ray Tech Lays Chip Secrets Bare". IEEE Spectrum: Technology, Engineering, and Science News. Retrieved 2019-10-08.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.