wiredmikey (1824622) writes "Security concerns over chips, routers, and other technical equipment coming from China, and through the technology supply chain in general, have been highlighted in government reports and in the media recently. These fears over tainted hardware stem from the thought that adversaries could have the ability to monitor or control sensitive networks.
Researchers at Polytechnic Institute of New York University (NYU-Poly) and the University of Connecticut hope to address some of these concerns with new techniques designed to protect against malicious manufacturing flaws and vulnerabilities in the electronics supply chain.
According to The White House’s Cyber Policy Review, samples of imported hardware and software have been discovered that have deliberately been infected with spyware and malware before being imported. “The challenge with supply chain attacks is that a sophisticated adversary might narrowly focus on particular systems and make manipulation virtually impossible to discover,” the report warns.
The researchers' new "design for trust" techniques add to the established "design for manufacturability" and "design for testability" mantras and build on existing design and testing methods.
One such technique involves ring oscillators, which are sets of odd numbered, inverting logic gates that designers use to ensure an integrated circuit's reliability. Circuits with ring oscillators produce specific frequencies based on the arrangement of ring oscillators. Trojans alter the original design's frequencies and alert testers to a compromised circuit. However, sophisticated criminals could account for the frequency change in their Trojan design and implementation, the researchers warn. The researchers suggest designers thwart their tactics by creating more variants of ring oscillator arrangements than criminals can keep track of, making it harder for them to implant a Trojan without testers detecting it.....[More]"
Link to Original Source