<div>Scientists, including of Indian origin, are developing a new chip that can detect malicious circuitry and prevent hardware viruses from sabotaging medical devices, and financial, military or government electronics.<br /><br />With the outsourcing of microchip design and fabrication a worldwide USD 350 billion business, bad actors along the supply chain have many opportunities to install malicious circuitry in chips.<br /><br />These "Trojan horses" look harmless but can allow attackers to sabotage public infrastructure, healthcare devices, and financial, military or government electronics.<br /><br />Researchers including Siddharth Garg, assistant professor at the New York University, are developing a chip with both an embedded module that proves that its calculations are correct and an external module that validates the first module's proofs.<br /><br />While software viruses are easy to spot and fix with downloadable patches, deliberately inserted hardware defects are invisible and act surreptitiously.<br /><br />For example, a secretly inserted "back door" function may allow attackers to alter or take over a device at a specific time.<br /><br />Garg's configuration, an example of an approach called "verifiable computing" (VC), keeps tabs on a chip's performance and can spot telltale signs of Trojans.<br /><br />The ability to verify has become vital in an electronics age without trust. "Gone are the days when a company could design, prototype, and manufacture its own chips. Manufacturing costs are now so high that designs are sent to offshore foundries, where security cannot always be assured," researchers said.<br /><br />Under the system proposed by researchers, the verifying processor can be fabricated separately from the chip.<br /><br />"Employing an external verification unit made by a trusted fabricator means that I can go to an untrusted foundry to produce a chip that has not only the circuitry-performing computations, but also a module that presents proofs of correctness," said Garg.<br /><br />The chip designer then turns to a trusted foundry to build a separate, less complex module - an application-specific integrated circuit (ASIC), whose sole job is to validate the proofs of correctness generated by the internal module of the untrusted chip.<br /><br />Garg said that this arrangement provides a safety net for the chip maker and the end user. "Under the current system, I can get a chip back from a foundry with an embedded Trojan. It might not show up during post-fabrication testing, so I'll send it to the customer," said Garg.<br /><br />"But two years down the line it could begin misbehaving. The nice thing about our solution is that I don't have to trust the chip because every time I give it a new input, it produces the output and the proofs of correctness, and the external module lets me continuously validate those proofs," he said.</div>
<div>Scientists, including of Indian origin, are developing a new chip that can detect malicious circuitry and prevent hardware viruses from sabotaging medical devices, and financial, military or government electronics.<br /><br />With the outsourcing of microchip design and fabrication a worldwide USD 350 billion business, bad actors along the supply chain have many opportunities to install malicious circuitry in chips.<br /><br />These "Trojan horses" look harmless but can allow attackers to sabotage public infrastructure, healthcare devices, and financial, military or government electronics.<br /><br />Researchers including Siddharth Garg, assistant professor at the New York University, are developing a chip with both an embedded module that proves that its calculations are correct and an external module that validates the first module's proofs.<br /><br />While software viruses are easy to spot and fix with downloadable patches, deliberately inserted hardware defects are invisible and act surreptitiously.<br /><br />For example, a secretly inserted "back door" function may allow attackers to alter or take over a device at a specific time.<br /><br />Garg's configuration, an example of an approach called "verifiable computing" (VC), keeps tabs on a chip's performance and can spot telltale signs of Trojans.<br /><br />The ability to verify has become vital in an electronics age without trust. "Gone are the days when a company could design, prototype, and manufacture its own chips. Manufacturing costs are now so high that designs are sent to offshore foundries, where security cannot always be assured," researchers said.<br /><br />Under the system proposed by researchers, the verifying processor can be fabricated separately from the chip.<br /><br />"Employing an external verification unit made by a trusted fabricator means that I can go to an untrusted foundry to produce a chip that has not only the circuitry-performing computations, but also a module that presents proofs of correctness," said Garg.<br /><br />The chip designer then turns to a trusted foundry to build a separate, less complex module - an application-specific integrated circuit (ASIC), whose sole job is to validate the proofs of correctness generated by the internal module of the untrusted chip.<br /><br />Garg said that this arrangement provides a safety net for the chip maker and the end user. "Under the current system, I can get a chip back from a foundry with an embedded Trojan. It might not show up during post-fabrication testing, so I'll send it to the customer," said Garg.<br /><br />"But two years down the line it could begin misbehaving. The nice thing about our solution is that I don't have to trust the chip because every time I give it a new input, it produces the output and the proofs of correctness, and the external module lets me continuously validate those proofs," he said.</div>