Researchers at Polytechnic Institute of New York University (NYU-Poly) and the University of Connecticut hope to address some of these concerns with new techniques designed to protect against malicious manufacturing flaws and vulnerabilities in the electronics supply chain.
According to The White House’s Cyber Policy Review, samples of imported hardware and software have been discovered that have deliberately been infected with spyware and malware before being imported. “The challenge with supply chain attacks is that a sophisticated adversary might narrowly focus on particular systems and make manipulation virtually impossible to discover,” the report warns.
The researchers' new "design for trust" techniques add to the established "design for manufacturability" and "design for testability" mantras and build on existing design and testing methods.
One such technique involves ring oscillators, which are sets of odd numbered, inverting logic gates that designers use to ensure an integrated circuit's reliability. Circuits with ring oscillators produce specific frequencies based on the arrangement of ring oscillators. Trojans alter the original design's frequencies and alert testers to a compromised circuit. However, sophisticated criminals could account for the frequency change in their Trojan design and implementation, the researchers warn. The researchers suggest designers thwart their tactics by creating more variants of ring oscillator arrangements than criminals can keep track of, making it harder for them to implant a Trojan without testers detecting it.....[More]