Hardware components can contain malicious, illegal modifications that can siphon sensitive information to transmit to adversaries or shutdown critical operations. Such modifications to the hardware - the root of trust in computing - can compromise trustworthiness of systems. A malicious modification (backdoor) can find its way into a design through a core component implemented by a malicious insider on the team, or through a third-party intellectual property (IP). This research investigates techniques to build trustworthy hardware systems even with such untrustworthy, malicious hardware components.
A key insight used in this study is that while a large number of digital backdoor implementations are feasible they can be all classified into four simple categories with unique behavioral characteristics that can be leveraged to thwart backdoors. Digital backdoors can only be triggered in two ways: they must turn-on after certain amount of time or by specially crafted inputs. This classification is complete because time and data are the only two ways a digital system can change. After a backdoor is woken up it can impact the infested hardware component in only two ways: it can cause the hardware component to produce extraneous outputs or corrupt existing outputs. Backdoor detection techniques monitor the outputs of hardware units for anomalous behavior while protection techniques scramble inputs making it infeasible for the backdoor to be triggered at runtime. Hardening both the inputs and outputs of a hardware module against backdoors provides comprehensive protection and provides a strong basis, for the first time, to certify digital hardware to be free of backdoors. Such certification can significantly enhance the state of trustworthy computing
