A new hardware-based trojan has been produced that can be installed on Intel's Ivy Bridge microprocessors and slip past chip security tests.
The university research demonstrates the feasibility of producing backdoors on the chips that could bypass a machines' cryptography protections and could not be detected by physical inspection.
Attackers could, the research found, alter the dopant (doping agent) material used in the production of semiconductors to conduct electricity. Working below the sub-transistor level, the research drastically weakened the entropy of random number generators within Intel chips, bringing the value down from 128 bits to tiny but passable 32 bits.
"This paper we introduced a new type of sub-transistor level hardware trojan that only requires modification of the dopant masks. No additional transistors or gates are added and no other layout mask needs to be modified," the paper said. [pdf]
"Since only changes to the metal, polysilicon or active area can be reliably detected with optical inspection, our dopant trojans are immune to optical inspection, one of the most important trojan detection mechanism.
"Also, without the ability to use optical inspection to distinguish trojan-free from trojan designs, it is very difficult to find a chip that can serve as a golden chip, which is needed by most post-manufacturing trojan detection mechanisms."
Modification could occur during the supply chain development or during changes to integrated circuits prior to manufacturing, researchers said.
The research team included Georg T. Becker, Christof Paar and Wayne P. Burleson of University of Massachusetts Amherst, and Francesco Regazzoni of the Technical University Delft in the Netherlands.