The overarching question imparting urgency to this exploration is: Can U.S.-Russian contention in cyberspace cause the two nuclear superpowers to stumble into war? In considering this question we were constantly reminded of recent comments by a prominent U.S. arms control expert: At least as dangerous as the risk of an actual cyberattack, he observed, is cyber operations’ “blurring of the line between peace and war.” Or, as Nye wrote, “in the cyber realm, the difference between a weapon and a non-weapon may come down to a single line of code, or simply the intent of a computer program’s user.”
Computer hardware is the fundamental building block on which the modern digital society is developing. At the same time, hardware is very much vulnerable to manipulations at the circuit level that can compromise the security of entire systems. From an adversarial point of view, such attacks have the “advantage” that they tend to be almost impossible to detect, which is part of the current controversy about foreign-built equipment. It is also well known from the Snowden revelations that hardware Trojans—the malicious modification of the circuitry of an integrated circuit—is already an attack vector used by large-scale adversaries. Even though hardware Trojans have been studied for a decade or so, little is known about how they look, especially those that are particularly designed to avoid detection. This talk will demonstrate the threat potential of hardware Trojans by introducing approaches to low-level hardware attacks that are virtually impossible to detect. It will also discuss possible defensive approaches to this security challenge.
Christof Paar holds the Chair for Embedded Security at Ruhr University Bochum, Germany, and is affiliated professor at the University of Massachusetts Amherst. He is the founder of the Horst Görtz Institute for IT Security at Uni Bochum, and (together with Th. Holz and E. Kiltz) spokesperson of the German Research Foundation's Cluster of Excellence “Cyber Security in the Age of Large-Scale Adversaries.” In May 2019, Paar was named one of the founding directors of the new Max Planck Institute for Cyber Security and Privacy to be established in Bochum. Paar has published 200+ scientific papers in applied cryptography and is co-author of the textbook "Understanding Cryptography" (Springer). He is a Fellow of the IEEE and of the International Association for Cryptological Research.