Reverse Engineering: How Hackers Learn

Many an idea has been stolen due to electronic components being counterfeited. Insights into the methodologies applied by hackers might help render chips more secure...

Copyright: Indeed Photography, Bierwald

Many an idea has been stolen due to electronic components being counterfeited. Insights into the methodologies applied by hackers might help render chips more secure.

Enterprises often invest a lot of time and money into the development of sophisticated electronic components. Sometimes, competitors who employ means that are not entirely legal benefit from such developments, once they manage to copy the inventions by analysing the finished hardware products. Due to so-called hardware reverse engineering, idea theft occurs on a regular basis.

Conducting a tandem PhD project, psychology PhD student Carina Wiesen from the Educational Psychology Research Group (Prof Dr Nikol Rummel) and IT security researcher Steffen Becker from the Chair for Embedded Security (Prof Dr Christof Paar) are analysing the methods applied in such cases. Their collaboration is carried out under the umbrella of the NRW Graduate School “SecHuman”, which focuses on the human factor in IT security.

Cheap counterfeits

“Developing an innovative component may easily cost several million euros. The same component can be manufactured at a fraction of the cost following theft of intellectual property through reverse engineering, as costly research and development are thus cut out,” as Steffen Becker explains the hackers’ motives. However, reverse engineering is not just a method for stealing ideas. It is also deployed to identify hardware vulnerabilities.

“To some extent, the process can be automated,” adds Carina Wiesen. “But only up to a point. Then, human analysts must take over.” Which are the human factors that play a role in hardware reverse engineering? Are there any typical approaches that people are likely to choose? And how can the development of new security mechanisms for future chips look like based on the results of the study so far, if the aim is to ensure better protection of intellectual property? These are the questions studied by Wiesen and Becker for their respective PhD degrees. In the process, they draw on the groundwork laid by Marc Fyrbiak, who works at the Chair for Embedded Security together with Steffen Becker.

Finding participants

The major challenge the team faces is finding participants for their study. “People who successfully practise hardware reverse engineering – either for enterprises, for the military or for secret services – don’t have a vested interest in disclosing their methodologies to us,” says Marc Fyrbiak. In any case, only a handful of experts in this field are known by name.
This is why the PhD students devised a lecture programme for IT security students to teach them the fundamental principles of hardware reverse engineering. As part of an hands-on course, the participants had to solve various project tasks, i.e. analyse the mechanics of hardware designs in detail. The PhD researchers have been evaluating the approaches the students used and the time it took them to gain new insights – if any – for the Sec-Human project.

Understanding the structure layer for layer

However, the students did not start hardware reverse engineering at zero. “Analysing a chip on the hardware level requires special equipment,” points out Wiesen. Electronic components are made up of billions of transistors and of many layers that connect those transistors. In order to understand all interconnections, hackers grind and etch layer for layer off the chip and take a photo of each intermediate layer with special cameras. Subsequently, they generate a digital representation of the logical interconnection of all elements.

This representation is analysed by students during their internship. “It represents which elements are integrated in the chip and in what way they are connected,” explains Fyrbiak. For the purpose of hardware reverse engineering, the students must then figure out the functions the individual elements assume and the way in which they interact. They are aided by a software that was co-developed by Marc Fyrbiak. The programme records all steps performed by the students in log files. Based on these data, the researchers intend to eventually ascertain if there are any hardware reverse engineering approaches that are typical and that prove potentially particularly efficient.

A lecture unique in Germany

In 2017, the lecture was a pilot project with a few participants. Based on the experiences gathered in the first round, the concept has been optimised and the second round is to be launched at RUB in the summer semester 2018. Moreover, the organisers are aiming at implementing the project at the University of Massachusetts in Amherst (USA) in August 2018.
“The subject matter generated considerable interest the first time round,” explains Steffen Becker and points out that it is the only publicly known lecture in Germany that deals with hardware reverse engineering – and that there are only a few examples worldwide. “We have now created the conditions necessary for working with a larger group,” says Becker.
To begin with, a lecture on fundamental principles will start in October, held by IT security researcher Prof Dr Christof Paar from RUB. In addition, experts in the field of hardware reverse engineering have been invited, including members of the Federal Criminal Police Office. The internships start after the Pentecost holidays and will be supervised by Steffen Becker and Marc Fyrbiak.

Protecting chips

Together with Carina Wiesen, Becker and Fyrbiak are currently analysing the data compiled in the first study, which should provide insights into strategies deployed in hardware reverse engineering. Initial results are expected to emerge in the course of 2018. In the following years, Sec-Human researchers plan to optimise the methods for hiding sensitive contents on chips, in order to make it more difficult for human analysts to recreate them.

For more detailed coverage, click here.

General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.