Researchers with the University of Massachusetts have devised a method of breaking a CPU’s internal cryptographic mechanisms in ways that are undetectable by current search methods, including close examination of the processor with high powered microscopes.

A bit of context is useful here. For years, we’ve known that a foundry responsible for manufacturing a processor could theoretically make changes to the architecture that would create backdoors, weaken security, or compromise the design. Such methods would be extremely difficult to integrate without changing the CPU’s data output, performance characteristics, or stability, but they could be done. The one foolproof method of checking a CPU to ensure it was built properly has been direct visual inspection. While difficult, time consuming, and ultimately destructive, engineers can visually inspect the entire surface of a core to ensure it matches the original design.

Now, that’s no longer sufficient. Even Intel’s hardware random generator can be compromised in a manner that’s neither visually detectable nor visible when the chip is tested at startup. How? By altering the way certain transistors are doped.

Of doping and random numbers

“Doping” a transistor refers to introducing specific impurities into the crystalline structure. This process is essential to semiconductor manufacturing and it’s done in very specific ways to create transistors with particular properties. By slightly altering the doping of very specific regions, the attackers are able to change the behavior of Intel’s random number generator (RNG). Specifically, one of the elements used to generate random numbers that’s supposed to be variable can instead be set as a constant.

The net result is that while an attack against Intel’s RNG is supposed to have a 1/2128 chance of success, the attack against a compromised chip has a 1/2n chance of succeeding, where n is the number of constant bits chosen by the designer. The higher the constant bits, the weaker the RNG. Key to the scheme is that if you don’t know the constant values that have been pre-selected for the chip by the Trojan designer, you won’t recognize that the RNG is actually compromised.

While Intel chips contain a self-test that’s designed to catch cryptographic manipulations, the research team states that it can’t detect their method. More troubling is the fact that nothing else can detect it, either. Because the nature of the impurities within the silicon have been changed but no gates have been modified, added, or subtracted, even the closest microscopic examination will not reveal the problem.

Fixing a flaw like this isn’t simple. The problem, in essence, is that the cryptographic unit is isolated from other units in hardware. That’s a security feature designed to make the chip harder to crack but it also makes it harder to create a self-administered test that can’t be manipulated. To some extent, this mirrors problems in computer security in general. All security relies on a chain of information and validity. Highly specific changes to a CPU design to compromise RNG function is a high bar to crack — it’s probably simpler to whack people over the head with wrenches and steal passwords than to infiltrate a design to this extent.

Still, discoveries like this could spur Intel to develop more robust self-checking mechanisms. At present, the RNG’s internal schemes can be lured into claiming a chip is uncompromised when that’s not the case. In the wake of the NSA/Snowden unveils, even this level of security will be receiving more attention, particularly given that there’s no way to use microscopic examination to verify a chip’s condition.

Now read: Are FPGA’s the future of password cracking and supercomputing?

Research paper: Stealthy Dopant-Level Hardware Trojans [PDF]