Intelligence agencies spy on our data by manipulating computer chips
governments during the cold war. It later emerged that the National Security Agency, short NSA, had made sure the devices were manipulated in such a manner that the NSA was able to break the encryption.
Experts refer to those integrated security gaps as backdoors. “Academics have known for a long time that security solutions can be manipulated,” says Paar. Yet, he and his colleagues were surprised by the extent to which the NSA has implemented attacks against crypto-solutions. That was reason enough for Paar to investigate the issue in detail. Financed by the ERC Grant, he is now able to do so.
The research problem that Paar will tackle together with a team of PhD students is made up of two parts: in the first step, the researchers assume the perspective of the attackers and will investigate which hardware Trojans are possible. This knowledge is necessary for the researchers in order to develop effective countermeasures. A particular difficulty is that modern chips are often made of up to dozens of millions of elementary components, so-called logic gates. An attacker only has to perform miniscule alterations of a few of those components in order to realize a Trojan. In the second part, the researchers intend to develop solutions that would prevent such manipulations.
Paar doesn’t lack ideas of how hardware Trojans might be used. The manipulated chip could, for example, perform an incorrect computation only if a certain trigger is present. “In a drone or in a car, that might consist of specific GPS coordinates,” says Paar. “The Trojan would be activated only if the user was in a certain region.”
A particularly sophisticated approach on the part of the attackers, as Paar explains, would be if they did not swap the logic gates, i.e. change the circuits. Such an attack might possibly be detected by clever users, for example if they inspected the chips with dedicated microscopes. Manipulations of the computer’s basic components, namely so-called transistors, on the other hand, are virtually invisible. As many as a billion of those microscopically small computing devices are integrated in modern chips. “For example, it is very easy to make a transistor slightly slower,” says Paar. To this end, it is enough to alter a few atoms in the semiconductor that makes up the transistor. Or make the width of the miniscule connection lines between the transistors narrower by a few nanometers.
The 52-year-old researcher does not worry that intelligence agencies might interfere with his research. “In Europe, my research is viewed quite positively. After all, my objective is to understand what kind of damage might be caused by determined attackers with sound financial backing. Today, most European countries are in agreement that hardware manipulations pose a serious threat for citizens, the economy, and governments.”
