Stealthy Dopant-Level Hardware Trojans

With the increase in outsourcing manufacturing of integrated circuits to di erent countries, the topic of trust and security becomes more and more important. The built circuits could contain some malicious modi cations introduced during production, known as hardware trojans. Common ways of detecting these modi cation include optical inspection with electron-microscopes, comparing side-channel information to a known trojan-free golden chip, and just plain functional testing. This seminar paper, based on [1] by Becker, Regazzoni, Paar, and Burleson, describes a method of implementing hardware trojans on the dopant-level without being detectable by the aforementioned methods. The trojans circuits look physically the same as a trojan-free one, with modi cations in only the physical composition of the materials used. The attack is demonstrated on two casestudies: reducing the quality of random numbers generated by Intel's Ivy Bridge processors random number generator, and introducing a power side-channel to an AES SBox implemented in side-channel resistant logic. To understand the operation of transistors and how these dopant-level hardware trojans work, it is rst necessary to have a basic understanding of semiconductor doping this will be brie y introduced in Section 2. Section 3 explains the construction and operation of most transistors used today and how logic gates are built from them. Section 4 describes the dopant-level attack on a simple component and Section 5 gives an overview of the two case studies to see practical applicability of the attack. The last section summarizes the results and gives conclusions.