Hardware bookmark

Hardware tab ( Eng. Hardware Trojan, hardware backdoor ) - a device in an electronic circuit, covertly embedded to other elements, which is able to interfere with the work of the computing system. The result of the hardware bookmark can be either a complete disabling of the system, or a violation of its normal functioning, for example, unauthorized access to information, its change or blocking ^[1] .

Also, a hardware microcircuit is a separate microcircuit connected by attackers to the attacked system to achieve the same goals ^[1] .

Content

Classification

Classification of hardware bookmarks ^[2]

Hardware bookmarks can be classified as follows ^[2] :

By the physical principle of operation

In the “By Distribution” category, classification takes place according to the physical arrangement of bookmark elements on the board.

Hardware bookmarks can be located in different places of the circuit. In some cases, the developer has to seriously change the layout, and the less noticeably he will make these changes, the more difficult it will be to find the bookmark. Also, the bookmark can be set separately from the scheme.

The “Fit” section describes the scale of the changes made by the attacker: the number of items changed, added, or deleted.

Also, hardware bookmarks are divided into two types: functional and parametric. In devices of the first type, the composition of the microcircuit changes by adding or removing the necessary elements, for example, transistors or logic gates . Parametric hardware bookmarks are implemented through existing components ^[2] .

By activation method

Activation can be external and internal. In the first case, an external signal is used to start the bookmark, which is received by the antenna or sensor. The signal from the sensor may be the result of any measurement: temperature, height, pressure, voltage, etc.

For internal activation, interaction with the outside world is not required. In this case, the bookmark either always works or starts under a certain condition laid down during its development ^[2] . The condition for internal activation can be either a certain combination of internal signals or a certain sequence of operations.

By their effect on the system

Classification takes place according to the type of damage caused by bookmarks. This can be information transfer, disruption in the operation of the entire device or only a specific function: its change or shutdown ^[2] .

Features

Using hardware bookmarks, it is possible to intercept data, for example, input-output data of a personal computer: image of a monitor; data entered from the keyboard sent to the printer, written to internal and external media ^[1] .

Mention in politics

After the collapse of the Soviet Union , many industries did not receive sufficient funding. This influenced the production of electronics, there was a serious lag behind foreign industry in this area ^[3] . Therefore, Russia, due to the lack of domestic production of certain types of microelectronic components, has to use foreign products, which may contain hardware bookmarks. These devices may not manifest themselves for a long time, but be prepared for external activation at the right time ^[2] .

When we buy foreign machines, we mean that these machines are equipped with software that can have certain bookmarks, and these bookmarks can work at a certain moment, these machines can be turned off, or they can transmit certain information ^[4] .
- Dmitry Rogozin .

The greatest danger is the use of foreign technology in important public sectors: military, political, economic. Therefore, an important problem is the development of methods to identify potentially dangerous elements. It is also important to develop the Russian production of necessary electronics.

If we talk about the security of the electronic component base, which is widely used in the means of the information system in the Navy, the Air Force, and armored vehicles, not to mention space and even more high-tech industries, here we will also proceed from the need so that the key elements of this electronic database are produced on the territory of the Russian Federation ^[4] .
- Dmitry Rogozin .

The Russian troops use both software and foreign-made equipment, which are checked by the Federal Security Service and special departments of the Ministry of Defense . According to the Russian military analyst, director of the Institute for Political and Military Analysis, Alexander Sharavin , first of all, it is necessary to establish methods for checking imported equipment, and only then create your own production of equivalent equipment ^[5] .

Detection Methods

The hardware tab can be built-in at any stage: from design to installation of the system at the end user ^[6] . Accordingly, the detection methods will be different and depend on the stage at which the changes were built.

If the hardware bookmark is implemented by a design engineer at the level of the circuit device, then it is almost impossible to detect ^[6] . At such a deep level, the designer is able to hide or mask from the end users certain elements necessary for activation at the right time. Masking can be carried out using some components in two structures of the scheme: where it is necessary for normal functioning and for the bookmark to work.

You can also introduce a bookmark at the production stage, when the bookmark element is added to the already developed device diagram. This method was described in InfoWorld Magazine as an April Fool’s joke ^[7] .

When attackers set bookmarks in a finished product at the stage of delivery or installation of equipment, it is already easier to detect. To do this, you need to compare the product with the original or with other suppliers. Based on the differences found, conclusions can be drawn about the presence of potentially hazardous elements ^[6] .

In general, the deeper the hardware is embedded, the more difficult it is to detect.

Examples

Hardware Keylogger

As an example, you can consider quite common and relevant bookmark options: keyloggers . These are devices connected to a computer in order to receive data entered from the keyboard . They can be located in the keyboard itself, in the system unit, connected between the keyboard and the computer, disguised as adapters ^[8] .

It is possible to obtain data by acoustic analysis. Assuming that each key makes a unique sound when pressed, you can try using a special algorithm to restore the entered text from the sound recording of the key knock. The algorithm is based on probabilistic methods and takes into account grammar. With its help, during the experiments it was possible to decipher up to 96% of the text ^[9] . For this method, you only need to install the microphone in the desired room.

It is also possible to obtain data from the cable by the non-contact method ^[8] .

The most common keyloggers available to users are those that plug into a cable break. They can be disguised as an interference filter or adapter. Inside there is a flash memory for storing the collected information. There are commercially available models for different keyboard connectors. The advantage of such devices is their low cost and ease of use: this does not require special training ^[8] .

The availability and convenience of this method entails the simplicity of neutralizing such a bookmark: it is enough to regularly inspect the keyboard cable ^[8] .

Unwanted equipment inside the system unit is harder to detect. You can protect yourself from it by sealing the case after checking for safety. But on the other hand, in this way, bookmark detection can be complicated: if an attacker already installs everything necessary and seals the case, convincing the user not to open it. So, under the pretext, for example, of a warranty violation, the user will not be able to check his computer, and the hardware tab will not be detected for a long time ^[8] .

According to documents published by Snowden, the NSA (USA) has a special unit called Tailored Access Operations (TAO) with about 2 thousand employees, which deals with various methods of monitoring computers. One way is to intercept equipment mailing and equip it with additional listening devices, or change firmware of embedded systems, such as BIOS. ^[10] ^[11] ^[12]

Notes

↑ ¹ ² ³ Dozhdikov, 2010 , p. sixteen.
↑ ¹ ² ³ ⁴ ⁵ ⁶ A Survey of Hardware Trojan Taxonomy and Detection, 2010 , p. eleven.
↑ Rogozin: Russia needs its own electronics to protect itself from espionage (neopr.) (July 29, 2013).
↑ ¹ ² Rogozin on the disclosures of Snowden: they did not hear anything new (unopened) (July 29, 2013).
↑ Deputies will protect the Russian army from foreign electronics (neopr.) (August 9, 2012).
↑ ¹ ² ³ Rastorguev, 1999 , p. 148.
↑ InfoWorld, 1991 , p. 40.
↑ ¹ ² ³ ⁴ ⁵ Zaitsev, 2006 .
↑ Chirping the keyboard as a threat to security (unspecified) (September 15, 2005).
↑ Media: The NSA uses bookmarks in IT equipment for espionage , RIA Novosti (12.30.2013). Date of treatment January 1, 2014.
↑ NSA installs backdoors on laptops from online stores , Xakep (12.30.2013). Date of treatment January 1, 2014.
↑ Inside TAO: Documents Reveal Top NSA Hacking Unit , SPIEGEL (December 29, 2013). Date of treatment January 1, 2014.

Literature

V.G. Dozhdikov, M.I. Saltan. Brief Encyclopedic Dictionary of Information Security . - Energy, 2010 .-- S. 16. - 240 p. - 1,000 copies. - ISBN 978-5-98420-043-1 .
Oleg Zaitsev. Modern keyloggers (Russian) // ComputerPress: Journal. - 2006. - No. 5 .
Rastorguev S.P. Identification of hidden entities // Information war . - Radio and communications, 1999. - 415 p. - ISBN 978-5-25601-399-8 .
Mohammad Tehranipoor, Farinaz Koushanfar. A Survey of Hardware Trojan Taxonomy and Detection // Design & Test of Computers, IEEE. - 2010 .-- Vol. 27 . - P. 10 - 25 . - ISSN 0740-7475 .
Nico Krohn. Not As Easy As 1-2-3 (Eng.) // InfoWorld. - 1991. - Vol. 13 , no. 13 . - P. 40 - 41 .

Links

Stopping Hardware Trojans in Their Tracks // IEEE Spectrum
Georg T. Becker, Francesco Regazzoni, Christof Paar and Wayne P. Burleson. Stealthy Dopant-Level Hardware Trojans Lecture Notes in Computer Science Volume 8086 (Eng.) // Cryptographic Hardware and Embedded Systems - CHES. - 2013 .-- S. pp 197-214 . - DOI : 10.1007 / 978-3-642-40349-1 12 . Archived December 5, 2013.

[_6771986c507969f7-1] ¹ ² ³ Dozhdikov, 2010 , p. sixteen.

[_b9380bb5e39862ab-2] ¹ ² ³ ⁴ ⁵ ⁶ A Survey of Hardware Trojan Taxonomy and Detection, 2010 , p. eleven.

[3] Rogozin: Russia needs its own electronics to protect itself from espionage (neopr.) (July 29, 2013).

[Рогозин-4] ¹ ² Rogozin on the disclosures of Snowden: they did not hear anything new (unopened) (July 29, 2013).

[Шаравин-5] Deputies will protect the Russian army from foreign electronics (neopr.) (August 9, 2012).

[_c47279fd695dbce4-6] ¹ ² ³ Rastorguev, 1999 , p. 148.

[_7c180b2e4336bf37-7] InfoWorld, 1991 , p. 40.

[_1960de24cfd6f7e9-8] ¹ ² ³ ⁴ ⁵ Zaitsev, 2006 .

[9] Chirping the keyboard as a threat to security (unspecified) (September 15, 2005).

[10] Media: The NSA uses bookmarks in IT equipment for espionage , RIA Novosti (12.30.2013). Date of treatment January 1, 2014.

[11] NSA installs backdoors on laptops from online stores , Xakep (12.30.2013). Date of treatment January 1, 2014.

[12] Inside TAO: Documents Reveal Top NSA Hacking Unit , SPIEGEL (December 29, 2013). Date of treatment January 1, 2014.