Hardware Trojans: An Emerging Threat for the Internet of Things

Historically, IT security concentrated on attack scenarios targeting software and communication networks, but more recently, the system hardware moved into the focus of attackers. Hardware-related threats are relevant even for extremely software-dominated systems, which still contain some amount of hardware on which the software runs; compromising this hardware makes the entire system vulnerable. Even worse, many software-centric security solutions rely on a hardware-based root of trust which stores secret keys and provides essential security functions; successful attacks on such root-of-trust blocks renders the entire security concept ineffective. With the emergence of paradigms like cyberphysical systems, internet of things, or Industrie 4.0 that connect the physical world, IT systems and global connectivity, hardware blocks are at risk to become the Achille's heel of entire infrastructures.

The presentation will focus on one emerging attack scenario: Hardware Trojans. These are malicious modification of system hardware with the purpose to gain control over its functionality and, e.g., be able to deactivate the affected block at the attacker's will ("kill switch"), or establish a side-channel to access confidential data processed by the device ("backdoor"). Hardware Trojans may be planted by an external foundry who manufactures the integrated circuit, by a rogue in-house designer, by an external provider of intellectual property blocks integrated into the design, or even by an electronic design automation tool. Even though hard evidence of their occurrence in actual systems is largely lacking, hardware Trojans are receiving substantial attention by academia and by governmental agencies. The presentation will discuss the feasibility of such attacks, recapitulate early proof-of-concept demonstrations, and explain novel, more sophisticated Trojans on all levels. It will also discuss the capability of various kinds of countermeasures, from silicon measurements and runtime monitoring to formal methods, to detect the presence of Trojans and/or prevent the attacks when they happen.

Ilia Polian is a Professor of Computer Engineering at the University of Passau, Germany. He received his PhD degree from the University of Freiburg, Germany, in 2003. He is Senior Member of IEEE, co-authored over 120 scientific publications, including a textbook on test methods for digital integrated circuits, and received two best paper awards.

Prof. Polian was Dean of the Faculty of Computer Science and Mathematics from 2013 to 2015 and conceptualized Passau's new Mobile and Embedded System curriculum. His research interests are on hardware security, test methods, and emerging architectures.