An interesting paper on a new type of attack on hardware.

Very early on, in malware research, we looked at hardware trojans and the limits of the "trusted computing base." (When I say "early on," I'm talking about 1988, so I don't know why these guys thought the study didn't start until 2008. Kids. 🙂

I also did formal study in gate level circuit design, and worked with companies that were involved with board and chip manufacturing, so I understand some of those parts of the paper.

It's an interesting attack, and, yes, it demonstrates that, when dealing with supply chain and "Reflections on Trusting Trust" issues you have to perform multiple types of checks, and keep on developing new tests as new attacks are created. So, yes, it's a valid attack in the current climate.

It's a pretty specific attack, and would only work on specific types of hardware. Fortunately for the authors of the paper, while the attack is quite specialized, and only works on some applications, those are pretty important applications, since they deal with high-level crypto, most likely for military or intelligence purposes. The attack could be used to create something that would pass basic tests, but would weaken crypto implementations (it's always implementation, isn't it?), and possibly also make the circuitry more susceptible to side channel, covert channel, or related TEMPEST type attacks.

Once known, of course, the attack could be detectable by extending the testing of the results produced by the affected circuitry. But, as I say, it does show that attacks and defence are constantly moving targets, and that the concept of the trusted computing base (and, particularly, supply chain) always needs refining in the real world.