Trusted hardware: can it be trustworthy?

Processing and storage of confidential or critical information is an every day occurrence in computing systems. The trustworthiness of computing devices has become an important consideration during hardware design and fabrication. For instance, devices are increasingly required to store confidential information. This includes data such as cryptographic keys, personal information, and the intellectual property (IP) in the device's design. Furthermore, computing systems in critical applications must work as specified. Therefore it is important that hardware be designed and fabricated to be trustworthy. Many potential attacks can be used to exploit a computing device. Physical attacks, that monitor power, timing, electromagnetic radiation, etc. can be used to steal confidential information from the system. A "malicious" foundry can perform a number of devious activities including stealing the mask, reverse engineering IP, subverting the hardware through back doors and time bombs, and overproducing counterfeit chips. Design tools can be subverted to insert malicious circuitry, and chip packagers can modify selected devices with their own that provide similar functionality, in addition to underhanded behavior, e.g. stealing information or malfunctioning at critical junctures. The notions of trust and trustworthiness are presented. Although major challenges still confront secure software system development, there has been substantial progress. Techniques that have been useful in the context of software systems are described and their relevance to the hardware domain is discussed. Challenges to trusted hardware development are then explored.