In 2011, a fictitious company was created by the U.S. Government Accountability Office (GAO) to gain access to vendors of military-grade integrated circuits (ICs) used in weapons systems. Upon successfully joining online vendor platforms, the GAO requested quotes for bogus part numbers not associated with any authentic electronics components. No fewer than 40 offers returned from vendors in China to supply the bogus chips, and the GAO successfully obtained bogus parts from a handful of these vendors.3 The ramifications of the GAO findings are stark: The assumption of trusted hardware is inappropriate to invoke for cybersecure systems.
Injection of counterfeit electronics into the market is only a subset of vulnerabilities that exist in the global IC supply chain. Other types of attacks include trojans built into the circuitry, piracy of intellectual property, and reverse engineering. Modern ICs are exceptionally complex devices, consisting of upward of billions of transistors, miles of micron-scale interconnecting wires, advanced packaging configurations, and multisystem integration into chips sized on the order of a U.S. quarter. These ICs are designed, manufactured, and assembled by an equivalently complicated, globally distributed supply chain. A semiconductor company can have more than 16,000 suppliers spread around the world.10 While globalization has drastically reduced industry costs by tapping inexpensive labor markets and economies of scale, it has simultaneously opened many windows of opportunity for attackers to maliciously modify hardware without the knowledge of original device manufacturers (ODMs) or their customers.
Hardware based security for silicon has been the focus of manufacturing smartcards ever since they were introduced in the early eighties. This article clearly addresses the (im)possibilities to achieve hardware based security at the much larger scale of CPUs with trust zones.
The smartcard industry emerged in force in the mid nineties enabled by JavaCard technology on the software side and pulled by ever growing demand with the rise of GSM as a world spanning system and has always been based on a tightly controlled supply chain, both addressing the hardware and software. The level of security of many of the currently available smartcards chips has been evaluated according the the highest levels of Common Criteria.
This paper clearly identifies the great gap between the two different approaches to hardware based security.
Displaying 1 comment