Sabotage-proof chip checks against Trojan infection
A chip that constantly verifies whether its calculations are being hampered by a Trojan or other malware is being developed by American researchers.
The device, designed by a team from the New York University Tandon School of Engineering, contains a separate module to carry out the calculations and another that verifies the results of the first.
The system aims to prevent infections that happen during production. Such infected chips, when inserted into healthcare devices or used in infrastructure, financial or military electronics, could pose a serious risk.
The team says that due to the complexity of the supply chain, various people can manipulate chips at various stages from production to delivery.
"Under the current system, I can get a chip back from a foundry with an embedded Trojan,” explained Siddharth Garg, who leads the project. “It might not show up during post-fabrication testing, so I'll send it to the customer. But two years down the line it could begin misbehaving.”
For example, a secretly inserted ‘back door’ function could allow attackers to alter or take over a device or system at a specific time.
The researchers have therefore introduced a separate verification unit, an application-specific integrated circuit (ASIC), which could be manufactured separately from the primary chip.
"Employing an external verification unit made by a trusted fabricator means that I can go to an untrusted foundry to produce a chip that has not only the circuitry-performing computations, but also a module that presents proofs of correctness," said Garg.
“The nice thing about our solution is that I don't have to trust the chip because every time I give it a new input, it produces the output and the proofs of correctness, and the external module lets me continuously validate those proofs."
Garg calls his approach verifiable computing. He says the approach has multiple advantages. Apart from the protection against Trojan infection, it also enables companies to produce their own verification ASICs, as these can be up to several orders of magnitude slower and simpler than the primary chips.
The researchers next plan to investigate techniques to reduce both the overhead that generating and verifying proofs imposes on a system and the bandwidth required between the prover and verifier chips. "And because with hardware, the proof is always in the pudding, we plan to prototype our ideas with real silicon chips," said Garg.