Computers are complex and opaque such that a user cannot know everything occurring within the system. While users may believe their systems are secure as long as they run only trusted software, trusted software is only as trustworthy as the underlying hardware.
Vulnerabilities of the system may be exploited by attackers (i.e., hackers). For example, attackers can insert hardware backdoors or exploit hardware errors that bypass normal authentication or security controls to gain unauthorized access to sensitive data. Other examples of hardware attacks may include eavesdropping by gaining access to protected memory without opening other hardware, inducing faults that interrupt normal behavior, or modifying or removing hardware restrictions through the use of software exploits. One such attack is known as the Trojan circuit, an insidious attack that involves planting a vulnerability in a processor sometime between design and fabrication that manifests after the processor has been integrated, tested, and deployed as part of a system.
Due to the complexity of budding hardware, architects and manufacturers have limited confidence in their verification processes to ensure their systems have not been altered maliciously. Budding a modern computer system often involves different parties from the initial specification all the way to fabrication such that hardware integrity is difficult to ensure during the design and fabrication process. For example, an adversary could modify the design or fabrication of hardware components. Furthermore, for economic reasons, many steps after the initial system specification are outsourced off-shore, where design and fabrication are less expensive. In addition, many of the components used may also include intellectual property restrictions that disallow other parties from viewing detailed information about the component. Even with an open design, verifying modern complex hardware designs can be an intractable problem. Compromises in the supply chain may affect hardware integrity even though every step of the manufacturing process is secure.
In addition, validation of designs remains incomplete. As an example, Trojan circuits are typically activated under very specific conditions making them unlikely to be activated and detected using random or functional stimuli.
Other attacks could be mounted based on inadvertent errors during design or fabrication. For example, a devastating attack has been recently demonstrated using an extremely subtle multiplication bug that computes the wrong product for a single pair of 64-bit integers. If such a pair of numbers is known, it becomes possible to compromise software running on any device whose microprocessor has the multiplication bug using a single chosen message. It is infeasible to test multipliers for all pairs of 64-bit integers.
Even if hardware vulnerabilities are not introduced during the hardware supply chain, software introduced after deployment may introduce vulnerabilities by, for example, intercepting processor instructions to perform actions as if the hardware had been compromised. Such vulnerabilities may be invited by the user, either intentionally or accidentally, and delivered via the network.
Considering these challenges, it is unreasonable to assume that all hardware in a system can be verified and not bypassed. However, users may wish to trust that their private information is not exposed to external adversaries even in the presence of malicious hardware and software. Currently, the user's trust is based on representations made by each party supplying the system's hardware components. Therefore, there is a demand for establishing trust in hardware improving the privacy and integrity of computers, thus making them more secure.