- Mark Anderson for IEEE Spectrum January 5th, 2010
- Source: http://spectrum.ieee.org/semiconductors/design/cre...
In November, engineering students from five top universities gathered at the Polytechnic Institute of NYU, in Brooklyn, N.Y., for the Embedded Systems Challenge. The aim was to test new attacks and defenses against an underappreciated breed of Trojan horse — embedded malware built into integrated circuits.
The winning team’s results, set to appear in journals and at conference proceedings in 2010, reveal how vulnerable many systems are to "chip attacks."
"It’s something that people aren’t really much aware of," says contest judge Jim Howard, director and chief engineer of information assurance at Camden, N.J.–based L-3 Communications, which makes application-specific integrated circuits for high-security applications, such as military communications and GPS systems.
The first-place team in this year’s Embedded Systems Challenge used one of the most deceptively simple attacks imaginable, Howard says. Led by NYU-Poly graduate student Jeyavijayan Rajendran, the team devised attacks that, when activated, simply connected the input wire to the output wire and bypassed the encryption circuitry altogether.
“It’s the most obvious approach," says Rajendran’s faculty advisor, Ramesh Karri, associate professor of electrical and computer engineering at NYU-Poly. But it’s not foolproof. Bypassing all the encryption logic means that the output signal appears suspiciously soon after the input. So "if somebody’s taking a fingerprint of the [chip’s] delay, then this may not even work. It depends on the defense, too."
Karri, who organized this year’s contest along with NYU-Poly computer science graduate student Kurt Rosenfeld, says that they intentionally weighted the competition to favor a strong defense.