Stopping Hardware Trojans in Their Tracks

Hardware trojans are a little-known yet critical threat to the security of modern computing systems. Software trojans are a well-known class of malware, where a victim is fooled into running software that appears innocuous but is actually malicious. In contrast, hardware trojans are an undetectable change to the hardware itself. When a hardware trojan is introduced into a chip’s design, the normal functionality of the chip is preserved, but a hidden threat is introduced which can be triggered by the attacker at a later date. Potential threats posed by hardware trojans include externally triggerable chip failures, theft of encryption keys, and exfiltration of private data. There are wide-ranging opportunities to introduce hardware trojans throughout the chip design and manufacturing process, which is heavily dependent on global supply chains and outsourcing. Detecting these trojans is extremely challenging in practice, since the complexity of modern chips makes visual inspection near impossible. In this article, the authors suggest potential changes to mitigate risk via changes to both low-level chip design and restructuring of global supply chains.