Hardware trojan cyber-physical threats to supply chains

Kurt Sauer, Michael David, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Many actors are involved in the supply chain processes needed to produce an integrated circuit. Any one of these individuals or groups could make illicit copies of semiconductor IP during their work. In addition, chips could be intentionally compromised during the design process, before they are even manufactured. If placed into the design with sufficient skill, these built-in vulnerabilities would be extremely difficult to detect during testing. Moreover, they could lay dormant, only to be triggered months or years later to disrupt or exfiltrate data from a system containing the compromised chip. This paper primarily reviews the risks posed by design tampering, looks at threat actors and their possible activities, threat models for these activities, and possible mitigations. It assesses the impacts of security composability theory on risk management and practical design, and tries to identify the greatest threat. Our proposal is to contrast Trojan insertion risks at the two ends of the spectrum in early design phase: first at the highest abstraction level, the RTL description, and second at the layout level, in GDSII. A key question for the future is how to develop security architectures that are Trojan tolerant, meaning that other layers of protective controls exist to protect the overall system from malfunctioning at a level commensurate with the risk tolerance of the system. The views expressed do not reflect the official policy or position of the National Intelligence University, the Department of Defense, the U.S. Intelligence Community, or the U.S. Government.

Original languageEnglish
Title of host publicationProceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018
EditorsJohn S. Hurley, Jim Q. Chen
PublisherAcademic Conferences and Publishing International Limited
Pages448-455
Number of pages8
ISBN (Electronic)9781911218746
Publication statusPublished - Jan 1 2018
Event13th International Conference on Cyber Warfare and Security, ICCWS 2018 - Washington, United States
Duration: Mar 8 2018Mar 9 2018

Publication series

NameProceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018
Volume2018-March

Other

Other13th International Conference on Cyber Warfare and Security, ICCWS 2018
CountryUnited States
CityWashington
Period3/8/183/9/18

Fingerprint

Supply chains
Risk management
Integrated circuits
Hardware security
Semiconductor materials
Testing

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Cite this

Sauer, K., David, M., & Sakurai, K. (2018). Hardware trojan cyber-physical threats to supply chains. In J. S. Hurley, & J. Q. Chen (Eds.), Proceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018 (pp. 448-455). (Proceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018; Vol. 2018-March). Academic Conferences and Publishing International Limited.

Hardware trojan cyber-physical threats to supply chains. / Sauer, Kurt; David, Michael; Sakurai, Kouichi.

Proceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018. ed. / John S. Hurley; Jim Q. Chen. Academic Conferences and Publishing International Limited, 2018. p. 448-455 (Proceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018; Vol. 2018-March).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Sauer, K, David, M & Sakurai, K 2018, Hardware trojan cyber-physical threats to supply chains. in JS Hurley & JQ Chen (eds), Proceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018. Proceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018, vol. 2018-March, Academic Conferences and Publishing International Limited, pp. 448-455, 13th International Conference on Cyber Warfare and Security, ICCWS 2018, Washington, United States, 3/8/18.
Sauer K, David M, Sakurai K. Hardware trojan cyber-physical threats to supply chains. In Hurley JS, Chen JQ, editors, Proceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018. Academic Conferences and Publishing International Limited. 2018. p. 448-455. (Proceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018).
Sauer, Kurt ; David, Michael ; Sakurai, Kouichi. / Hardware trojan cyber-physical threats to supply chains. Proceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018. editor / John S. Hurley ; Jim Q. Chen. Academic Conferences and Publishing International Limited, 2018. pp. 448-455 (Proceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018).
@inproceedings{cfe91da0cf2d4b7882b514c4a1ac0390,
title = "Hardware trojan cyber-physical threats to supply chains",
abstract = "Many actors are involved in the supply chain processes needed to produce an integrated circuit. Any one of these individuals or groups could make illicit copies of semiconductor IP during their work. In addition, chips could be intentionally compromised during the design process, before they are even manufactured. If placed into the design with sufficient skill, these built-in vulnerabilities would be extremely difficult to detect during testing. Moreover, they could lay dormant, only to be triggered months or years later to disrupt or exfiltrate data from a system containing the compromised chip. This paper primarily reviews the risks posed by design tampering, looks at threat actors and their possible activities, threat models for these activities, and possible mitigations. It assesses the impacts of security composability theory on risk management and practical design, and tries to identify the greatest threat. Our proposal is to contrast Trojan insertion risks at the two ends of the spectrum in early design phase: first at the highest abstraction level, the RTL description, and second at the layout level, in GDSII. A key question for the future is how to develop security architectures that are Trojan tolerant, meaning that other layers of protective controls exist to protect the overall system from malfunctioning at a level commensurate with the risk tolerance of the system. The views expressed do not reflect the official policy or position of the National Intelligence University, the Department of Defense, the U.S. Intelligence Community, or the U.S. Government.",
author = "Kurt Sauer and Michael David and Kouichi Sakurai",
year = "2018",
month = "1",
day = "1",
language = "English",
series = "Proceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018",
publisher = "Academic Conferences and Publishing International Limited",
pages = "448--455",
editor = "Hurley, {John S.} and Chen, {Jim Q.}",
booktitle = "Proceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018",

}

TY - GEN

T1 - Hardware trojan cyber-physical threats to supply chains

AU - Sauer, Kurt

AU - David, Michael

AU - Sakurai, Kouichi

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Many actors are involved in the supply chain processes needed to produce an integrated circuit. Any one of these individuals or groups could make illicit copies of semiconductor IP during their work. In addition, chips could be intentionally compromised during the design process, before they are even manufactured. If placed into the design with sufficient skill, these built-in vulnerabilities would be extremely difficult to detect during testing. Moreover, they could lay dormant, only to be triggered months or years later to disrupt or exfiltrate data from a system containing the compromised chip. This paper primarily reviews the risks posed by design tampering, looks at threat actors and their possible activities, threat models for these activities, and possible mitigations. It assesses the impacts of security composability theory on risk management and practical design, and tries to identify the greatest threat. Our proposal is to contrast Trojan insertion risks at the two ends of the spectrum in early design phase: first at the highest abstraction level, the RTL description, and second at the layout level, in GDSII. A key question for the future is how to develop security architectures that are Trojan tolerant, meaning that other layers of protective controls exist to protect the overall system from malfunctioning at a level commensurate with the risk tolerance of the system. The views expressed do not reflect the official policy or position of the National Intelligence University, the Department of Defense, the U.S. Intelligence Community, or the U.S. Government.

AB - Many actors are involved in the supply chain processes needed to produce an integrated circuit. Any one of these individuals or groups could make illicit copies of semiconductor IP during their work. In addition, chips could be intentionally compromised during the design process, before they are even manufactured. If placed into the design with sufficient skill, these built-in vulnerabilities would be extremely difficult to detect during testing. Moreover, they could lay dormant, only to be triggered months or years later to disrupt or exfiltrate data from a system containing the compromised chip. This paper primarily reviews the risks posed by design tampering, looks at threat actors and their possible activities, threat models for these activities, and possible mitigations. It assesses the impacts of security composability theory on risk management and practical design, and tries to identify the greatest threat. Our proposal is to contrast Trojan insertion risks at the two ends of the spectrum in early design phase: first at the highest abstraction level, the RTL description, and second at the layout level, in GDSII. A key question for the future is how to develop security architectures that are Trojan tolerant, meaning that other layers of protective controls exist to protect the overall system from malfunctioning at a level commensurate with the risk tolerance of the system. The views expressed do not reflect the official policy or position of the National Intelligence University, the Department of Defense, the U.S. Intelligence Community, or the U.S. Government.

UR - http://www.scopus.com/inward/record.url?scp=85051711548&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85051711548&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85051711548

T3 - Proceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018

SP - 448

EP - 455

BT - Proceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018

A2 - Hurley, John S.

A2 - Chen, Jim Q.

PB - Academic Conferences and Publishing International Limited

ER -