[markomalley]

URL for the paper.

Abstract. In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientifi c community. One of the main concerns is that integrated circuits, e.g., for military or critical infrastructure applications, could be maliciously manipulated during the manufacturing process, which often takes place abroad. However, since there have been no reported hardware Trojans in practice yet, little is known about how such a Trojan would look like, and how dicult it would be in practice to implement one.

In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modifi ed circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including fi ne-grain optical inspection and checking against \golden chips". We demonstrate the effectiveness of our approach by inserting Trojans into two designs | a digital post-processing derived from Intel's cryptographically secure RNG design used in the Ivy Bridge processors and a side-channel resistant SBox implementation | and by exploring their detectability and their effects on security.

[CGASMIA68]

And I thought learning about NPN,PNP at NAS Jax in the 70’s was big time.

[DManA]

They published this? In a public paper? They’d better see Vladamir about getting an apartment in Moscow.

[mountn man]

With all the different forms of Trojans, now they have a Hardware Trojan?

[quimby]

From theregister:

This was the week when Linus Torvalds, chief Penguin of LinuxLand, unleashed not one, but two mighty rants on the interwebs. First, Torvalds said he resented recent attacks on the integrity of the kernel's security.

This is after a call was made for the use of Intel processor instruction RdRand for generating random numbers to be pulled from the kernel, purportedly by a lad from Yorkshire who reckoned it could be influenced by US spooks to produce cryptographically weak values.

He branded a petition asking for it to be pulled "ignorant". In a comparatively restrained rant, he said:

Where do I start a petition to raise the IQ and kernel knowledge of people? Guys, go read drivers/char/random.c. Then, learn about cryptography. Finally, come back here and admit to the world that you were wrong.

Short answer: we actually know what we are doing. You don't.

http://www.theregister.co.uk/2013/09/13/quotw_ending_november_13/

I don't profess to know the answer to all the questions, but there sure are a lot of questions.

[rarestia]

I can’t understate this enough: this is bad. Manipulation of hardware at the gate level is a literal Trojan horse. There’s little anyone could do to fix the problem short of reconstructing the processor from the gate layer up (Read: Impossible).

[zeugma]

Isn’t it nice how the criminals that operate our government have no respect at all for us, our privacy, or our security.