Demonstration of Hardware Trojans

Presented at DEF CON 16 (2008), Aug. 9, 2008, 5:30 p.m. (20 minutes)

Recent developments such as the FBI operation "Cisco Raider" that resulted in the discovery of 3,500 counterfeit Cisco network components show the growing concern of U.S. government about an electronic hardware equivalent of a "Trojan horse". In an electronic Trojan attack, extra circuitry is illicitly added to hardware during its manufacture. When triggered, the hardware Trojan performs an illicit action such as leaking secret information, allowing attackers clandestine access or control, or disabling or reducing functionality of the device. The growing use of programmable hardware devices (such as FPGAs) coupled with the increasing push to manufacture most electronic devices overseas means that our hardware is increasingly vulnerable to a Trojan attack from potential enemies. This talk explores three possible methods that a hardware Trojan can use to leak secret information to the outside world: thermal, optical and radio. The hardware platform for our demonstration is a $149 Spartan-3E Starter Kit from XILINX. The application used in our demonstration is AES encryption. The objective of our Trojan is to illicitly leak the AES encryption keys once triggered. In the thermal Trojan demo, we use an infrared camera to show how electronic components or exposed connector pins can be used to transmit illicit information thermally. In the optical Trojan demo, we use an optical-to-audio converter to show how a power-on LED can be used to transmit illicit information using signal frequencies undetectable by human eyes. Finally, in the radio Trojan demo, we use a radio receiver to show how an external connector can be used to transmit illicit information using AM radio transmission. We finish our talk with a demonstration of an optical Trojan that leaks the encryption keys from a popular commercial network router (e.g. Cisco-Linksys WRT54GS).

Presenters:

• Ryan Hoover - Graduate Student
  Ryan Hoover is a graduate student in professor Kiamilev's research group at the University of Delaware. Ryan completed his undergraduate Bachelor's degree in Computer Engineering in May there. Ryan minored in Computer Science and was one of two students who carried out the hardware Trojan research for the CVORG research group.
• Fouad Kiamilev - Professor, Electrical & Computer Engineering Dept., University of Delaware
  Fouad Kiamilev is a professor in the Department Electrical and Computer Engineering at the University of Delaware where he directs a group of pirates who call themselves CVORG (which stands for CMOS VLSI Optimization Research Group). Fouad's main mission is to train students to become successful participants in the 21st century global economy. Since 1997, he has advised 12 Ph.D. students and 16 M.S. students. His graduates are employed by leading academic and industrial organizations in the United States. Fouad's research group, CVORG, specializes in custom hardware design for special applications. Present CVORG projects include tester for world-record performance solar module, 512x512 mid-wave and long-wave infrared display chip, and red-team hacking.

Links:

• https://defcon.org/html/defcon-16/dc-16-speakers.html#Kiamilev
• https://www.youtube.com/watch?v=z9QXRQy01hE

Similar Presentations:

• Black Hat Asia 2014 / Building Trojan Hardware at Home
• DEF CON 10 (2002) / Setiri: Advances in Trojan Technology
• NolaCon 2015 / The Great Trojan Demo