Viruses, Hardware and Software Trojans: Attacks and Countermeasures

Preface
Acknowledgements
Contents
1 Information Weapon: Concepts, Means, Methods, and Examples of Application
	1.1 Information Security of a Modern State
		1.1.1 Historical Aspects of the Emergence and Development of Information Security
		1.1.2 Main Goals and Items of State Information Security
		1.1.3 Sources of Threats to Information Security
		1.1.4 Main Tasks of Information Security
		1.1.5 Information Security Technologies
	1.2 Basics of Information Warfare
		1.2.1 Introduction
		1.2.2 Types of Information Attacks
		1.2.3 Means of Information Warfare
		1.2.4 Classification of Information Weapons
	1.3 Definition and Classification of Information Technology Impacts
	1.4 Most Common Means of Information Technology Impact
		1.4.1 Remote Network Attacks
		1.4.2 Examples of Information Technology Impact Implementation Using Remote Network Attacks
		1.4.3 Using a False Object to Organize a Remote Attack
	1.5 Technical Channels of Information Leakage
		1.5.1 Classification and Principles of Operation
		1.5.2 Electromagnetic Channels of Computer-Processed Information Leakage
		1.5.3 Artificial Technical Channels of Information Leakage
		1.5.4 Methods for Sensitive Information Retrieval Based on the Analysis of Acoustic and Electromagnetic Radiation
	1.6 Typical Examples of Viruses and Trojans
		1.6.1 NetBus Virus
		1.6.2 Trojan Programs
		1.6.3 Ways to Detect Trojans
		1.6.4 Neutralizers of Tests and Code Analysis Software
	1.7 Cybersecurity of Power Facilities: Past, Present, and Future
		1.7.1 Introduction
		1.7.2 Basic Principles of Assurance Cybersecurity of Power Facilities
		1.7.3 Major Cyberthreats for Facilities of Fuel and Energy Industry and Ways of Their Elimination
		1.7.4 Assurance of Cybersecurity of Power Facilities of the USA
	1.8 Conclusion
	References
2 Computer Viruses, Malicious Logic, and Spyware
	2.1 Computer Viruses
		2.1.1 Terms and Definitions
		2.1.2 A Brief History of Computer Viruses
		2.1.3 Classification of Computer Viruses
		2.1.4 Specifics of Using the Stuxnet Virus as a Type of Cyberweapon
	2.2 Implants: Types, Ways of Injection, and Methods of Protection
		2.2.1 Introduction to the Problem of Software Implants
		2.2.2 Dangers of Implants
		2.2.3 Classifications of Software Implants
		2.2.4 Implant Types
	2.3 Models of Influence of Software Implants on Computers, Introduction Methods, and Interaction with Intruders
		2.3.1 Models of Impact of Software Implants on Computers
		2.3.2 Methods of Implementation of Software Implants and Computer Viruses
		2.3.3 Scenarios of Introduction of Software Implants During Different Stages of Software Lifecycle
		2.3.4 Methods of Interaction Between Software Implant and Intruder
	2.4 Software Keyboard Spies
		2.4.1 Operating Principle of Keyloggers
		2.4.2 Keyboard Input Tracking Methods
	2.5 Basic Operating Principles of Rootkit Technologies
		2.5.1 What Is a Rootkit Technology?
		2.5.2 Methods of Intercepting API Functions in User Mode
		2.5.3 Methods of Interception of Rootkit Functions in Kernel Mode
		2.5.4 Main Methods of Rootkit Detection in the System
		2.5.5 Typical Mechanism of Penetration of Rootkit Trojans into the System
	2.6 Cookies Spyware
		2.6.1 Main Functions of Cookies
		2.6.2 Cookies Storage Method
		2.6.3 Other Types of Cookies
		2.6.4 Data Leakage Paths and Hazards Created by Cookies
		2.6.5 Methods for Setting Parameters of Work with Cookies
		2.6.6 Regin Spyware Program
	2.7 Example of Injection of a Software
		2.7.1 Purpose and Structure of PE Files
		2.7.2 Main Methods of Injecting Software Trojans into PE Files
		2.7.3 Solution to the Problem of Finding Available Space for the Trojan Code
		2.7.4 Interception of the Current Execution Thread
		2.7.5 Introduction of a Hardware Trojan Code
		2.7.6 Execution Thread Recovery
	2.8 Specifics of Organization of Data Protection When Working with Cryptocurrencies
	References
3 Hardware Trojans in Electronic Devices
	3.1 Hardware Trojan Programs in Telecommunication Systems
		3.1.1 Trojans in Network Equipment
		3.1.2 Trojans in Routers
		3.1.3 Firewalls
		3.1.4 Wireless Networks
		3.1.5 Trojans in Working Servers
		3.1.6 Trojans in Equipment of Workplaces of Telecommunication System Operators
	3.2 Hardware Trojans in Computers
		3.2.1 Hardware Trojans in the System Unit
		3.2.2 Hardware Trojans for USB Connection
		3.2.3 Trojans for Interception of Information Input via the Computer Keyboard
		3.2.4 Trojan Programs in Computer Hard Drives
	3.3 Trojan Programs in Mobile Communication Systems
		3.3.1 Main Episodes from the History of Confrontation Between Special Services and Hackers in the Field of Telecommunications
		3.3.2 A “Bug” in a Smartphone Component Is Another Opportunity for a Spy
		3.3.3 Embedded Trojan in Chinese Smartphones Nomu and Leagoo
		3.3.4 Expanding Possibilities of Mobile Phones Due to Specialized Modules
		3.3.5 Mini Spies in Mobile Phones
		3.3.6 Main Technical Solutions for Protection of Phone Conversations
	3.4 Electronic Devices for Wireless Data Interception
	3.5 Trojans and Vehicles
		3.5.1 Devices for Determining Vehicle Movement Routes Using GPS
		3.5.2 New Type of Threats—Car Viruses
	3.6 Exotic Spy Equipment
		3.6.1 Data Stealing Through Computer Coolers
		3.6.2 Image Interception from the Laptop Screen
		3.6.3 Miniature Radio Beacons in Clothes and Boots
		3.6.4 Extraction of 4096-Bit RSA Keys Using Microphone
	3.7 Trojans in Household Appliances
	References
4 Hardware Trojans in Microcircuits
	4.1 Basis of Designing Safe Electronic Equipment for Critical Applications
		4.1.1 Introduction to the Problem
		4.1.2 Evaluation of Security of the Microcircuit Design Flow Stages
		4.1.3 Potential Agents (Organizers) of Attacks Using Hardware Trojans
		4.1.4 Author’s Attempt to Systematize the Existing Knowledge About the Methods of Ensuring the Security of Microcircuit Supply Channels
	4.2 Description of the First Documented Facts of Detection of Hardware Trojans in Critical Microcircuits
		4.2.1 Introduction to the Problem
		4.2.2 Features and Critical Points of the ProASIC3 Chip Security Structure
		4.2.3 Brief Overview of the Method of Experimental Detection of a Hardware Trojan in the A3P250Actel Microcircuit
		4.2.4 Analysis of the Results of the Control Experiment for Identification of a Hardware Trojan in the Special-Purpose Microcircuit ProASIC3
		4.2.5 Hardware Trojans in Commercial Processors
	4.3 Classification of Hardware Trojans in Chips
		4.3.1 Problem Description
		4.3.2 General Classification of Hardware Trojans
	4.4 Methods of Implementation of Hardware Trojans into Microcircuits
		4.4.1 Introduction to the Problem
		4.4.2 Hierarchical Levels of Introducing Trojans into Microcircuits
	4.5 Mechanisms for Activating Introduced Hardware Trojans
	4.6 Methods of Detecting Hardware Trojans in High-Duty Microcircuits
		4.6.1 Introduction to the Problem
		4.6.2 Basic Methods for Detecting Hardware Trojans
	4.7 Case Study of the Development and Implementation of a Hardware Trojan
		4.7.1 Justification and Motivation
		4.7.2 Hierarchical Classification of Attackers
	4.8 Peculiarities of the Introduction of Hardware Trojans in Passive Radio Frequency Identification Tags
		4.8.1 Introduction to the Problem
		4.8.2 EPC C1G2 RF Tags and Hardware Trojans
		4.8.3 Triggering Mechanisms of Hardware Trojans in EPC C1G2 Radio Frequency Tags
		4.8.4 Experimental Results
	4.9 Hardware Trojans in Wireless Cryptographic ICs
		4.9.1 Organization Features of Information Leakage from Wireless Cryptographically Protected Microcircuits
		4.9.2 Basic Methods of Trojan Detection
	4.10 Techniques for Hardware Trojan Design
		4.10.1 Design of Sequential Hardware Trojans
		4.10.2 Examples of Designing Hardware Trojans Using Additional Gates
		4.10.3 Case Study of Gate-Level Trojan Implementation to Bypass RON Protected Design
	4.11 Analytical Review of Basic Techniques for Detection of Hardware Trojans in Microchips
		4.11.1 Introduction
		4.11.2 Basic Trojan Detection Techniques in IC After Being Manufactured in Mass Production
		4.11.3 Presilicon Trojan Detection Techniques
		4.11.4 Determination of Trojan Attack Models
		4.11.5 Hardware Trojan Detection Techniques for Commercial Chips
		4.11.6 Prospects for the Development of Trojan Detection Methods
	References
5 Methods of Detecting Hardware Trojans in Microcircuits
	5.1 Brief Review of Basic Techniques for Detection of Hardware Trojans in Critical Microchips
		5.1.1 Introduction to the Problem
		5.1.2 Analysis Using Third-Party Channels
		5.1.3 Malicious Computer Systems
		5.1.4 Methods of Increasing Probability of Trojan Detection
		5.1.5 Methods of Characterization of Logical Elements for Detecting Trojans
		5.1.6 Data Transmission Using Silent Trojans
		5.1.7 Using Special Bus Architectures Protected from Trojans
		5.1.8 Detection of Trojans in Multi-core Architectures
		5.1.9 Methods of Identification and Software Isolation of Introduced Trojans
		5.1.10 Application of an Additional Scan Chain
		5.1.11 Improved Side-Channel Analysis Methods
		5.1.12 Thermal Conditioning Methods
		5.1.13 Methods of Preventing Data Leakage Through Hidden Channels
		5.1.14 Using Combined Methods of Side-Channel Analysis
		5.1.15 Increasing the Probability of Trojan Activation Due to Additional Triggers
		5.1.16 Methods of Neutralizing Trojans Introduced into Microcircuits
		5.1.17 Using Ring Oscillators for Detecting Trojans
		5.1.18 Models of Multi-level Trojan Attacks
	5.2 Methods of Detecting Hardware Trojans in Microcircuits Based on the Analysis of Electromagnetic Radiation Spectrum
		5.2.1 Retrospective Review of Alternative Techniques for Detection of Hardware Trojans in Microcircuits
		5.2.2 Methods of Detecting Hardware Trojans Based on the Analysis of Electromagnetic Radiation Spectra
		5.2.3 Experimental Results of Method Effectiveness Verification
	5.3 Features of Identifying Sequential Hardware Trojans Using the TeSR Method
		5.3.1 Introduction to the Problem
		5.3.2 Features of Accounting for Process Variation in Microcircuit Parameters During Implementation of Trojan Identification Methods
	5.4 Specific Examples from the Experience of Belarusian Trojan Hunters
	References
6 Reverse Engineering of Microcircuits
	6.1 Introduction to the Problem of Reverse Engineering of Microcircuits
		6.1.1 Problem Emergence Background, Terms, and Definitions
		6.1.2 Standard Implementation Route of the Reverse-Engineering Process
		6.1.3 Features of Modern Machinery Production
	6.2 Features of Providing Intellectual Property Rights for Semiconductor Microcircuits
		6.2.1 Features of Using the Process of Reverse Engineering for Protection of Patent Rights
		6.2.2 Features of the US Semiconductor Chip Protection Act
	6.3 Basics of Reverse-Engineering Art
		6.3.1 Role and Place of Reverse Engineering in the Semiconductor Industry
		6.3.2 Main Stages of Implementation of the Classic Process of Reverse Engineering of Microelectronic Devices
	6.4 Complex Methodology for Reverse Engineering of Microcircuit Chip Topology
		6.4.1 Comparative Analysis of Microscopic Methods of IC Topologies
		6.4.2 Specific Features of Implementing Frame-by-Frame Alignment of Topology Fragments
		6.4.3 The Method of Implementing the Process of Stacking Two Frames of an Image Topology
		6.4.4 Description of the Process of Aligning a Group of Image Frames
		6.4.5 Description of the Process of Layer-by-Layer Overlapping of Chip Topology Layers
		6.4.6 Specific Methods of Improving the Quality of IC Topology Reproduction
		6.4.7 Description of a Typical System of Reverse Engineering of Integrated Circuits
	6.5 Methods for Restoring Electrical Circuit from the Microcircuit Topology
		6.5.1 Methods of Automating the Process of Placing Elements in the Bitmap Image of the Topology
		6.5.2 Features of Software Implementation of Recovery of an Electrical Circuit from the Topology
		6.5.3 Methods of Automating Tracing of the Recovered Electrical Links Between Elements
		6.5.4 Basic Requirements for the Quality of Source Bitmap Images of the Topology
	6.6 Methods of Preparing Samples of Submicron Microcircuits to Be Studied Using Electrophysical SEM Methods
		6.6.1 Development of Methods for Preparing Samples of Submicron Microcircuits to Study These Samples Using SEM
		6.6.2 Features of Preparing Chip Samples to Be Studied by Electrophysical Methods During Sequential Mechanical and Chemical Removal of Topology Layers Using Automatic System of Selective Processing
	6.7 Methods of Counteracting Microcircuit Re-engineering Processes
		6.7.1 Classification of the Main Methods of Counteracting Microcircuit Re-engineering
		6.7.2 Design and Circuitry-Based Methods of Countering Reverse Engineering of Microcircuits for Military and Special Applications
		6.7.3 Circuitry-Based Methods of Countering Microcircuit Re-engineering
	6.8 Practical Examples of Implementation of Circuit-Based Methods of Microcircuit Protection from Re-engineering
		6.8.1 Integrated Implementation of Embedded Power Control Circuit
		6.8.2 Non-standard Elements of Protection of Bipolar Microcircuits from Electrical Overloads and Static Electricity
		6.8.3 Non-standard Elements of Protection of Output Stages of Microcircuits with Schottky Diodes
		6.8.4 Examples of Designing Trigger Circuits with Enhanced Protection from Re-engineering
	References
7 Countermeasures Against Hardware Trojans
	7.1 Hardware and Software Methods of Countering Hardware Trojans in Microcircuits
		7.1.1 Data Protection
		7.1.2 Protected Architectures on the RTL Level
		7.1.3 Reconfigurable Architectures
		7.1.4 Replication and Other Protection Methods
	7.2 A Trojan-Resistant System-on-Chip Bus Architecture
		7.2.1 Introduction to the Problem
		7.2.2 Structure and Operating Principle of a Standard SoC Bus
		7.2.3 Organization and Operating Principle of Address Matrix
		7.2.4 Structure and Operation Principle of the Arbiter Block
		7.2.5 Description of Operation of a System on Chip Immediately After Detection of a Hardware Trojan
	7.3 Using the IEEE Std. 1500 Standard in Order to Ensure Safety of Systems on Chips
		7.3.1 Introduction to the Problem
		7.3.2 Introduction to IP Infrastructures
		7.3.3 IEEE 1500 Standard
		7.3.4 IIPS Module Structure
		7.3.5 Design of IIPS Security Functions
		7.3.6 Additional Capabilities of the IIPS Unit
	7.4 Using Classic Methods of Reliable Programming to Design Safe Microcircuits
		7.4.1 Introduction to the Problem
		7.4.2 Analysis of the Typical Microcircuit Design Route
		7.4.3 Possible Attack Types
		7.4.4 Main Differences Between Development of Safe Microcircuits and Development of Safe Programs
		7.4.5 Lifecycle of Safe Software Development
		7.4.6 Methods of Safe Microcircuit Design
		7.4.7 Experimental Results of Application of the HTDS Method
		7.4.8 A Brief Overview of Studies Similar to HTDS
	7.5 Using Sandbox as a Method of Protection from Hardware Trojans in SoC
		7.5.1 Introduction to the Problem
		7.5.2 Sandbox as an Effective Security Tool
		7.5.3 Analysis of Similar Directions for Solving the SoC Design Safety Problem
		7.5.4 Features of Organizing Hardware Trojan Sandboxing Procedures During SoC Design Phase
		7.5.5 Main Software Methods of Sandboxing
		7.5.6 Typical Structure of a Hardware Sandbox
		7.5.7 Description of a Typical Process of Protected SoC Design
	7.6 Using Mathematical Instruments of Games Theory and Information Forensic Methods to Counter Hardware Trojans in Microcircuits
		7.6.1 Introduction to the Problem
		7.6.2 Technical Solutions to the Program
		7.6.3 Mathematical Apparatus of Attack Modeling
	7.7 Software and Hardware Methods of Protecting FPGA from Unauthorized Information Copying
		7.7.1 Protection Based on the Identification Friend or Foe Method
		7.7.2 Reference Design Microcircuit Series by Altera
	7.8 Methods for Controlling Safety of Microcircuits After Their Production
		7.8.1 Introduction to the Problem
		7.8.2 Models of Monitoring Safety of Produced Microcircuits
		7.8.3 Passive Measurements of Microcircuits
		7.8.4 Active Hardware Measurements of Microcircuits
		7.8.5 Intrinsic (Integrated) Active Hardware Measurements of Microcircuits
		7.8.6 External Active Hardware Metering of Microcircuits
	References
8 Modern Weapons: Possibilities and Limitations
	8.1 A Brief History of Weapons
		8.1.1 Introduction
		8.1.2 Evolution of a Knife
		8.1.3 Chemical Weapons and Combat Chemical Agents
		8.1.4 Atomic (Nuclear) and Other Types of Weapons
	8.2 Modern Space Weapons: Technical Possibilities and Limitations
		8.2.1 Introduction
		8.2.2 Important Scientific-Technical and Military-Strategic Aspects of Building and Using Weapons of the Space Layer of Missile Defense
	8.3 Ground Microwave Weapons
		8.3.1 Main Damaging Factors and Methods of Effect of Microwave Radiation on Radioelectronic Equipment
		8.3.2 Classification and Methods of Application of Microwave Weapons
		8.3.3 Non-lethal Ground Weapons
	8.4 Microwave Weapons for Atmospheric and Space Applications
		8.4.1 RF Space Weapons
		8.4.2 Spaced Weapons Based on New Physical Principles
		8.4.3 Laser Weapons
		8.4.4 Microwave Beam Weapons
		8.4.5 Microwave Complexes for Countering Precision-Guided Munitions
	8.5 Program of High-Frequency Active Studies HAARP
		8.5.1 Theoretical Mechanisms of Possible Use of HAARP for Weather Control
		8.5.2 Possibilities of Using HAARP as Atmospheric Weapons
		8.5.3 Comparison of the Systems of the HAARP Type Created in the World (USA, Europe, USSR, Russia)
		8.5.4 Chemoacoustic Waves—Basis of Seismic Weapons
	8.6 Neural Weapons
		8.6.1 Military Neuroscience
		8.6.2 Military Neuropharmacology
		8.6.3 Brain Stimulation
		8.6.4 Brain–Computer Interfaces
		8.6.5 Biochemical Neuroweapons
		8.6.6 Information-/Software-Based Neuroweapons
		8.6.7 Neural Weapon Threats
		8.6.8 Features and Advantages of the USA, Russia, and China in the Neural Arms Race
	8.7 What Did the Authors Learn About Hardware Trojans in Microcircuits?
		8.7.1 What Did the Authors Know About Hardware Trojans?
	8.8 Safety Control Technologies in Microelectronics
	8.9 Basics of State Strategy of Ensuring Cybersecurity
	References
Index