A Survey of Chip-Based Hardware Backdoors

Image created using Perplexity and DALL-E

Published May 9, 2024.

Executive Summary

This discussion document provides a broad survey of chip-based hardware backdoors — clandestine entry points built into semiconductor chips that allow unauthorised access and control over the systems where they are deployed.

Chip-based hardware backdoors pose severe risks due to the ubiquity and meta-criticality of semiconductor chips across virtually every domain, from critical infrastructure to consumer electronics. These backdoors can enable espionage, data theft, and sabotage on an unprecedented scale while evading traditional security measures. The complex, globalised nature of the semiconductor GVC presents multiple opportunities for the insertion of backdoors by malicious actors.

The document identifies three main stages in the GVC where backdoors can feasibly be introduced: a) design, b) fabrication, and c) assembly, testing, marking, and packaging (ATMP). Each stage presents distinct challenges and attack vectors. The design stage is particularly vulnerable due to the use of third-party IP cores and electronic design automation (EDA) tools. In the fabrication stage, malicious modifications can be made to the photomasks, doping processes, or metal interconnects. The ATMP stage also offers opportunities for backdoor insertion through chip packaging and printed circuit board alterations.

Despite the grave risks posed by chip-based hardware backdoors, there is a striking lack of publicly confirmed real-world instances. This scarcity can be attributed to the extreme difficulty in detecting well-designed backdoors, the unfavourable risk-to-payoff ratio for attackers, the possibility of disguising backdoors as accidental vulnerabilities, and the reluctance of the hardware community to disclose such flaws.

Proactive policy efforts will be needed to build a more resilient and trustworthy semiconductor ecosystem that can withstand the evolving landscape of hardware security threats. This research aims to inform such efforts by providing a foundational understanding of the nature, feasibility, and prevalence of chip-based backdoors.

Authors

Previous
Previous

Assessing Operations and ‘Jointness’ in the PLA Western Theater Command

Next
Next

A Case for Quad Cooperation in Biofuels