idw – Informationsdienst Wissenschaft

Nachrichten, Termine, Experten

Grafik: idw-Logo
Science Video Project
idw-Abo

idw-News App:

AppStore

Google Play Store



Instanz:
Teilen: 
26.06.2024 18:13

Threat from Hardware Trojans: Study shows Manipulation Possibilities

Franziska Wegner Presse
IHP - Leibniz-Institut für innovative Mikroelektronik

    On behalf of the German Federal Office for Information Security (BSI), experts from the IHP - Leibniz Institute for High Performance Microelectronics prepared the study "Analysis of Hardware Manipulations in Distributed Manufacturing Processes (PANDA)". The result: Safety properties or functionality can be negatively affected in all sub-steps.

    Hardware Trojans could become a threat. On behalf of the German Federal Office for Information Security (BSI), experts from the IHP - Leibniz Institute for High Performance Microelectronics prepared the study "Analysis of Hardware Manipulations in Distributed Manufacturing Processes (PANDA)". The result: Safety properties or functionality can be negatively affected in all sub-steps. In order to increase security in the IT landscape, the experts inform IT manufacturers and service providers about the potential threat and advise companies to invest in trustworthy manufacturing processes and providers as well as in their own employees.

    "Software Trojans are common knowledge, most of us use anti-virus software, check senders carefully before opening email attachments and only download apps to our mobile phones from official sources. However, when the journal Bloomberg Businessweek first reported on a Hardware Trojan in 2018, there was a great deal of uncertainty, especially among companies," says Prof Peter Langendörfer, project leader for the recently published PANDA study. Trojans, the term goes back to the Greek legend of the Trojan horse, are deliberate manipulations that are inserted by an attacker.

    "Globalisation means that more and more steps in the production chain are being outsourced, and the cheapest suppliers are often awarded the contract. When IT companies send their chip designs to production, they could still be modified. When assembling circuit boards, they could be manipulated, for example by attaching additional chips that then pick up and send information," says Prof Peter Langendörfer, outlining two possible scenarios. The IT security expert heads the "Wireless Systems" department at IHP and is also a professor specialising in "Wireless Systems" at BTU Cottbus-Senftenberg.

    The BSI made a conscious decision in favour of IHP for the PANDA study. On the one hand, the research institute can map numerous steps in the production chain thanks to its vertical concept. On the other hand, a relationship of trust already existed due to previous collaboration. The IHP experts based the study on both literature research and practical experiments in the production chain, particularly in the implementation of cryptographic functions in FPGAs and in the production of circuit boards. For example, the mainboard of a laptop was prepared in order to test whether these manipulations could be detected by optical methods, e.g. in quality control on receipt of a delivery. Additional chips were hidden under coils and capacitors. These are barely noticeable on microscopic examination and even on X-ray due to the numerous metal layers. Solder points and additional conductor tracks can reveal the additional chips. However, if these are wired as chip-on-board with aluminium bonds, they are almost invisible.

    "Our study makes it clear: manipulation is possible at any time and IT manufacturers must react. Because once a hardware Trojan is there, it is incredibly difficult to find," says Prof Peter Langendörfer.


    Wissenschaftliche Ansprechpartner:

    Prof. Dr. Peter Langendörfer


    Originalpublikation:

    https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/PANDA/P...


    Bilder

    IHP scientist Hon. Prof. Zoya Dyka shows the BSI employees where the mainboard of a laptop could be manipulated.
    IHP scientist Hon. Prof. Zoya Dyka shows the BSI employees where the mainboard of a laptop could be ...
    Franziska Wegner

    The changes on the board are not visible to the naked eye.
    The changes on the board are not visible to the naked eye.
    Franziska Wegner
    IHP


    Merkmale dieser Pressemitteilung:
    Journalisten
    Informationstechnik
    überregional
    Forschungsergebnisse, Kooperationen
    Englisch


     

    IHP scientist Hon. Prof. Zoya Dyka shows the BSI employees where the mainboard of a laptop could be manipulated.


    Zum Download

    x

    The changes on the board are not visible to the naked eye.


    Zum Download

    x

    Hilfe

    Die Suche / Erweiterte Suche im idw-Archiv
    Verknüpfungen

    Sie können Suchbegriffe mit und, oder und / oder nicht verknüpfen, z. B. Philo nicht logie.

    Klammern

    Verknüpfungen können Sie mit Klammern voneinander trennen, z. B. (Philo nicht logie) oder (Psycho und logie).

    Wortgruppen

    Zusammenhängende Worte werden als Wortgruppe gesucht, wenn Sie sie in Anführungsstriche setzen, z. B. „Bundesrepublik Deutschland“.

    Auswahlkriterien

    Die Erweiterte Suche können Sie auch nutzen, ohne Suchbegriffe einzugeben. Sie orientiert sich dann an den Kriterien, die Sie ausgewählt haben (z. B. nach dem Land oder dem Sachgebiet).

    Haben Sie in einer Kategorie kein Kriterium ausgewählt, wird die gesamte Kategorie durchsucht (z.B. alle Sachgebiete oder alle Länder).