 With the first decade of the 21st century coming to a close, a look back at the past few years reminds us of the rapid development of technology, which has launched us into the information age. Innovative and imaginative engineering has expanded the electronic domain to include wireless networking, cellular communications, global positioning systems, satellite radio, and many others. All of these devices continue to advance in speed, efficiency, and complexity. Paralleling this growth is also the changing cost, as customers continue to demand a lower price, manufacturers have started to push the majority of their production overseas. This low-cost, high-volume competitive production means that most devices that include integrated circuits will be fabricated outside of the country in which they are produced. This makes all of these devices vulnerable to an attack from potential competitors or even enemies of its designing country. So what if an adversary were to insert malicious code into a hardware design, causing it to appear as if it were operating as expected? However, in reality, the device is leaking sensitive and important information to whoever re-engineered the device. This kind of Trojan is built into the hardware and can be activated unknowingly by its operator. This is what we are exploring. Thank you very much. All right, so that was a short introductory video to get us started. But the talk is a demonstration of hardware Trojans. And my name is Dr. K. And the crew you see here, they ride with me. We came here. We're kind of, although we are a research group at University of Delaware, we're kind of more like a ship of pirates. So if you look at the back of our shirts, what you'll see is written there is, we take pride in our junk drawers. Crazy ideas are encouraged. We can't tell you everything, but you can still ask. You simulate it, we build it. Our mess is a sign of work in progress. And our toolbox contains more than just MATLAB. No device is safe from disassembly. And like everyone here at Defcon, we love what we do. Yeah. So actually, what we do is many different things that anything that involves making electronics. And this stuff that we're presenting here is just a part of projects we're involved in. That ranges from writing some software, firmware. We build FPGA systems. We build special instrumentation, for example, for solar energy applications. What we're showing here today is kind of reverse engineering. We design our own printed circuit boards. We do custom integrated circuits, both analog and digital. And we're actually pretty good at the gigabit data link design, I think so, and power conversion. Now, before Ryan Hoover, who is a graduate student and the crew will give you a demonstration, I just want to get some definitions in place so that it's clear what we're talking about here. So how many people here have started hacking their Defcon badge? Let's see a show of hands. Yes. All right. Good job. So what you guys are doing, that's probably, we call that hardware hacking, right? It's a creative process. You've got some piece of hardware, you're trying to figure it out, trying to make it better, trying to discover it. Now, hardware trojans, that's kind of similar, but it involves malicious intent. So what you have is you have a party who is not trustable or has bad intentions, and they insert some bugs, let's say, into your hardware design that under specific conditions perform something that the user is very surprised and perhaps unpleasantly about. Examples of this could be a time bomb trojan. So let's say you have a cell, a GPS system, and on a certain important date it stops working. Another example is data exfiltration trojan, and that would be, for example, your cell phone would somehow covertly leak or exfiltrate some secret information, like let's say your PIN codes or whatever. And that is the focus of our talk is data exfiltration trojans, and we will demonstrate you some possibilities for doing data exfiltration. Why should we be all concerned about trojan, hardware trojans? Well, I would say that the audience in this room probably not in danger, huge of a hardware trojan, because we are all hackers, right? We question everything we get, right? You give us a cell phone, we'll test it out, we'll figure it out, but we're a small part of the population, right? 99% of population, they get their electronics, they get all these devices in their cars and their refrigerators, they go to their ATM, they don't know what they're using. So, and increasingly, you know, electronics is such an important role in our lives, right? I mean, we use it for storing, communicating information, you know, factories, you know, medical devices run on it, and of course national security, you know, DOD, both in this country and outside depends on electronic devices. Now, the problem here is that manufacturing is globalized. So, when you look at your cell phone and it says made in China, well, the truth is that actually the chips inside of that cell phone could be made in Taiwan, Korea, Singapore, United States, but the problem is they all use second and third source suppliers, so, you know, you buy a cell phone today and buy the same cell phone tomorrow, it may have the same parts but manufactured somewhere else. So, the problem with that is you might not control that process, so that opens a possibility for a malicious party to insert something into your design. So, let's talk about what can be changed. So, there are three levels in hardware that can be changed. Now, I realize the audience here is probably also very familiar with firmware and hacking firmware, so that is not shown here, but that is another way that you can change a hardware design, but from the sort of really low-level hardware perspective at the chip level, the three levels that you can do this Trojan alteration is you can do it at the HDL source code, you know, people write code that becomes hardware, and you can insert your malicious code in there. Now, people have gotten clever in their obfuscation techniques, their obfuscation tools that will take your code, mangle it, so it's pretty hard to get in. So, then what you can do is take it to the next level because people typically obfuscate blocks, but blocks still communicate in predefined ways. So, then you can get in between the blocks and start watching the buses between them and attack that. And finally, the most I would say treacherous way would be to actually modify the mask set. You know, the integrated circuits are produced by making masks, and you know, a leading microprocessor has a billion transistors. So, let's say I add a few thousand transistors that will attach to some IO port or PLL, you wouldn't really have an easy way of finding this out. So, these are the three ways, and now I'm going to give it to Ryan Hoover who is going to show you the demonstrations. Okay, so, we decided to try and find a way to show data exfiltration Trojans without actually sending off hardware to a fab, because that would be insane monetarily and time wise. So, what we decided to use is called an FPGA, which stands for Field Programmable Gate Array. What that is is basically a device that allows us to program basically a hardware design in VHDL, which is a hardware description language. And then that is synthesized, placed and routed for a specific FPGA. The vector is loaded in that tells it which gates to switch to give us our actual hardware design. So, we're basically using an FPGA as a simulator for a real semiconductor device. We chose AES Encryption, which is a six-year-old algorithm. It's widely available online, I think Canoe has it up on the web. And so, AES, the most important thing to get out of AES obviously is the encryption keys. So, we will be leaking them out via our hardware, which is a Spartan 3E board. That's that guy right there. We have a lot of crap up here right now. We have a PS2 keyboard, which is connected to that, and an LCD display. Now, once our Trojans are triggered, they will be triggered by the keyboard, obviously, where it could be any kind of trigger. You could have a specific text that you enter that activates the Trojan, and then everything thereafter would be leaked via our covert communication channels. So, there's two different methods that we could insert this, the Trojan. And the first is with tapping into the buses. So, there's buses in between everything, in between every module in a semiconductor device. So, in this case, we're tapping into the bus between the keyboard and the AES cord with a trigger module. And what that does is it just sits there and waits until it gets specific input. Once it's activated, it sends another signal to our transmitter module, which when it's turned on, it wakes up and starts transmitting via that covert communication channel. And that it grabs the key off the bus between the key and the AES cord. The other method that we came out with is actually inserting this Trojan into the Harvard description language for the AES cord. And, of course, you have to have the code in VHDL or VARALOG in order to insert it in this manner. So, now we're going to show you them to you. We're going to demo them. And I want to say, before we do that, that we have a video of all three of these demos and the little blurb you saw earlier up on our website, which is up on the screen right now if you want to jot that down. And it's also on the CD that you guys all got in our slides. And I'd also like to mention that after our talk, our Q&A will be located at the Harbor Hacking Village, which is Skybox 209. We'll be showing all this stuff and you guys can come talk to us. And we also have a bunch of gear that we're giving away. We're giving away a free oscilloscope. We have a contest. And we're giving away a bunch of other stuff. So come check us out. And I'm going to switch over so you guys can see what's going on up here to video input. Okay. So the first thing we're going to show you is an optical Trojan using our Spartan board. And basically the premise of this is that the human eye can't detect changes in modulation above one kilohertz. So most devices that we have today have some kind of LED or backlight or whatever that if it were modulating, you wouldn't be able to see with your eye. They're usually solidly lit, but if this hardware were Trojan, you wouldn't even notice it. So Ray is going to show you right now. He's going to run the optical sensor over a solidly lit light and you'll hear nothing because it's not flickering at all. But he's going to go ahead and activate the Trojan. And you can hear modulation in the LED. It looks exactly the same as it did before. So there's no real change in what we can visualize with the device. And so you look at that and you're thinking, okay, it's a board. Like, how does this translate to anything that's in my life? We've got over here a Linksys router. It's a WRT-54GL. Some of you guys might have those. And we've actually done the same thing to the firmware on the Linksys. So Steve's going to run it over the first Linksys, which is not Trojan. And you don't hear anything because they're all solidly lit. And then the one below it actually has a Trojan on it. And it looks exactly the same. But it's actually transmitting Morse code. So now we're actually playing around with being able to spot stuff like that from far away. And that is our spying scope set up here, which we'll have up in the Harbor Hacking Village if you guys want to check it out or we'll play around with it up there for you. So come see us afterwards for that. We're going to move on now to the thermal Trojan. And we're going to actually switch the video and put it over to the thermal camera here so you guys can actually see what's going on. Now the thermal Trojan operates kind of as you would expect. We're heating up and cooling down, actually in this case a resistor, which I mean it's one of the little guys that you guys have on your badges and is on almost every device that you have. And we also have another version of this. We're not going to show you today that actually like saturates the processor or the FPGA with operations so that it will heat up and cool down pulsing as, you know, when it's heated up, it's a 1. When it's cooled down, it's a 0. So right now it's not doing anything. Ray's going to trigger it. And you guys are going to be able to see it right here. So that's our thermal guy. And we're going to switch back the video so you guys can see the last guy up here. The last is our radio Trojan. And we implemented that because our board actually has a 50 megahertz clock built in, but like any electronic device, like this guy has a 12 megahertz clock, that generates a square wave signal all the time. So what we're actually doing is taking that square wave signal and sending it out on unused pins. So like, you know, an iPod or a phone has like 32 pins on its connector, and you're only using about five to six, sometimes more of them, but not all of them. So you could very easily modify hardware design to send out a Trojan signal on one of those pins. And that's what we're going to do right here. So he's going to turn on the radio here so you can hear the radio noise. And then he's going to activate the Trojan. And you can hear there's not even an antenna on there. And you can hear pretty clearly from that far away the signal being sent out, which is the AES encryption keys. So those are our Trojan demos. Now I'm going to hand it back to Dr. K. All right. So to wrap things up, we've shown you three demonstrations, an optical exfiltration technique, a thermal exfiltration, and a radio. And we've also used an off the shelf board, 150 bucks development board for FPGAs, but you can see that normal devices that everybody uses like a router can be modified in the same way. So I'd like to finish by saying that this is an emerging threat because we are more and more using electronics devices and people not necessarily familiar with the electronics are using it who don't question whether it works or does something funny. And systems at risk include military systems, financial systems, but also household devices. The purpose of the work here was to educate and to demonstrate people that this threat can is there. And of course, the more difficult question is how do you protect against hardware Trojans? And I just like to say we're continuing to work in the area of hardware security. We'll be having the Q&A in Skybox 209. And as Ryan mentioned before, we have a number of good stuff to give away. So please visit us and check us out in 209 and hardware hacking village as well. There's a lot of good stuff there guys. Thank you very much.