Hardware trojan cyber-physical threats to supply chains

Kurt Sauer, Michael David, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Many actors are involved in the supply chain processes needed to produce an integrated circuit. Any one of these individuals or groups could make illicit copies of semiconductor IP during their work. In addition, chips could be intentionally compromised during the design process, before they are even manufactured. If placed into the design with sufficient skill, these built-in vulnerabilities would be extremely difficult to detect during testing. Moreover, they could lay dormant, only to be triggered months or years later to disrupt or exfiltrate data from a system containing the compromised chip. This paper primarily reviews the risks posed by design tampering, looks at threat actors and their possible activities, threat models for these activities, and possible mitigations. It assesses the impacts of security composability theory on risk management and practical design, and tries to identify the greatest threat. Our proposal is to contrast Trojan insertion risks at the two ends of the spectrum in early design phase: first at the highest abstraction level, the RTL description, and second at the layout level, in GDSII. A key question for the future is how to develop security architectures that are Trojan tolerant, meaning that other layers of protective controls exist to protect the overall system from malfunctioning at a level commensurate with the risk tolerance of the system. The views expressed do not reflect the official policy or position of the National Intelligence University, the Department of Defense, the U.S. Intelligence Community, or the U.S. Government.

Original languageEnglish
Title of host publicationProceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018
EditorsJohn S. Hurley, Jim Q. Chen
PublisherAcademic Conferences and Publishing International Limited
Number of pages8
ISBN (Electronic)9781911218746
Publication statusPublished - 2018
Event13th International Conference on Cyber Warfare and Security, ICCWS 2018 - Washington, United States
Duration: Mar 8 2018Mar 9 2018

Publication series

NameProceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018


Other13th International Conference on Cyber Warfare and Security, ICCWS 2018
Country/TerritoryUnited States

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Hardware trojan cyber-physical threats to supply chains'. Together they form a unique fingerprint.

Cite this