1 / 36

From Design to Resign: Securing the Electronics Lifecycle

From Design to Resign: Securing the Electronics Lifecycle. Edna Conway. STR1-R11. Chief Security Officer, Global Value Chain Cisco Systems, Inc. @ edna_conway. Dr. Mark Tehranipoor. Intel Charles E. Young Preeminence Endowed Chair Professor in Cybersecurity ECE, University of Florida

estefani
Download Presentation

From Design to Resign: Securing the Electronics Lifecycle

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. From Design to Resign: Securing the Electronics Lifecycle Edna Conway STR1-R11 Chief Security Officer, Global Value Chain Cisco Systems, Inc. @edna_conway Dr. Mark Tehranipoor Intel Charles E. Young Preeminence Endowed Chair Professor in Cybersecurity ECE, University of Florida tehranipoor@ufl.edu

  2. The Impact of Digital Transformation Business Operations 3rd Party Ecosystem Enterprise Culture

  3. Electronics: The Heart of Digital Transformation Manufacturing Transportation Operations Center Energy

  4. The Fundamentals: Ecosystem Awareness Damage the brand Bot Trojan Fraud Industrial Espionage Political Nation State Worm Root Kit Pivot Throughus to Attack Customers Confidential Data Game the Stock Price Physical Attack Spear Phish Insider Criminal Steal Customer Data Steal IP SQL Inject DOS Exploit the Network

  5. The Fundamentals: Know Your Systems Lifecycle & the Technology Within It Concept Application Development Recursive Iterative Concurrent Parallel Sequenced Execution Production Utilization Support Retirement Source: NIST SP 800-160

  6. The Fundamentals:Understand the Information and Communications (ICT) Value Chain And… The Electronics Supply Chain Within It Design Assembly Fabrication Distribution End of Life Lifetime End of Life Deliver Sustain Design Plan Source Make Quality

  7. The Fundamentals:Identify Who Is In Your ICT Value Chain Scrap Partners Channel/Distributors Cloud Service Providers Recycling Partners OEMs/ODMs Repair /Refurbishment Partners HW Component Suppliers Logistics Partners IOT Devices Manufacturing Partners Open Source Software Software Licensors

  8. The Fundamentals: Identify the Threats Threats Disruption Denial of Service Espionage Unauthorized Visibility Manipulation Unauthorized Control

  9. The Fundamentals: Translate Threats to Exposures Exposures IP Misuse Unauthorized disclosure of intellectual property Information Security Breach Unauthorized access to confidential information Counterfeit Raw materials, finished goods or services which are not authentic Taint Alteration allowing unauthorized control or content visibility

  10. The Fundamentals: The Basics of Hardware Vulnerability • System has • susceptibility or • flaw Attacker gains access to the flaw Attacker Exploit ACCESS GRANTED REDUCED SYSTEM INFORMATION ASSURANCE

  11. Example Security Attacks on Hardware Trojans Physical Attack Counterfeit ICs Untrusted Foundry Side-channel Fault Injection Fake Parts Reverse Engineering

  12. Integrity Breaches Across the Electronics Supply Chain • Cloned ICs • reverse engineered from authentic IC Cloned ICs Overuse IPs • Remarked ICs • false performance and reliability • Overproduced ICs Design Assembly Fabrication Distribution End of Life Lifetime • Remarked ICs • false performance and reliability • Cloned ICs • reverse engineered from authentic IC • Overproduced ICs • Recycled ICs • reuse of scrap ICs • refurbished ICs represented as new

  13. Protection Throughout the Lifecycle Protection Solutions + PUF + ECID Unique IDs for chip and system level authentication in the supply chain Forward Trust Establishing trust between IP vendors, SoC integrators, Foundry and Assembly Design Assembly Fabrication Distribution End of Life Lifetime

  14. Unique IDs PUF + ECID Design Assembly Fabrication Distribution End of Life Lifetime

  15. Innovative Solutions: Chip ID Linked to Electronic Device • Electronic Chip IDs (ECID)can uniquely identify the device • Unclonable IDs acting as a “fingerprint” – data can be read at multiple stages and provide similar results (requires fuzzy logic to compare) • Fingerprints include: • PUFs (Physical Unclonable Functions) • Repeatable test data • SRAM startup signatures • PUFs can generate encryption keys, enabling the chip itself to act as a “root-of-trust” + ECID = Identity (Always the same for a specific chip) UID = Fingerprint (Always similar for a specific chip)

  16. Physical Unclonable Function (PUF) • PUF suffers reliability issues (can’t reproduce signature through lifetime) • Environmental Variation • Aging, Wearout • Aging impact can be improved • Aging resistant design • Reliable RO-pair formation PUF Exploits Inherent Process Variations in Devices (entropy is translated to unique signature) Ring Oscillator PUF

  17. Physical Unclonable Function (PUF) SRAM-PUF: • SRAM is based on a bi-stable latch which will retain its values as long as the circuit is powered. • A mismatch between the inverter pairs affecting their power-up states. • It maps a challenge to a response. Memory PUF

  18. Authentication Throughout Lifecycle Available Now (Market Leaders) 2016 2017 2019 IC & Multi Chip Boards Rework Systems In-Use Returns 1 … N 3 Test Rework Genealogy Performance data 2 Usage Data Test & Process data Reliability Data Cross-industry platform connecting electronics supply chain to semiconductor identity

  19. Authentication Hub Untrusted Trusted Trusted Untrusted CM Board / System OEM Foundry Or OSAT Customer (Home + Business) OCM Enrollment and Authentication Hub

  20. Protection Throughout the Lifecycle FORTIS + Design Assembly Fabrication Distribution End of Life Lifetime

  21. Logic Obfuscation – Key Gates

  22. Logic Obfuscation – FSM based Approach • Add an obfuscated mode on top of the original transition functionality. • Obfuscation pattern guides the circuit to normal mode. • Transition arc K3 offers the sole design route from obfuscated mode to normal mode • Obfuscation also protects original functionality – prevents IP Piracy from an untrusted foundry Bhunia, et. al., “HARPOON: an obfuscation-based SoC design methodology for hardware protection,” TCAD 2009.

  23. Design-to-Fab Trust Risk Sell Another SoC Designer IP Piracy License Sell Contract IP Owners Foundry/ Assembly SoC Designer 3PIP1 Chips SoC Design 3PIP2 #chips 3PIPn IC Overproduction IP Overuse #chips #chips Supply Chain

  24. Establishing Forward Trust Sell Another SoC Designer Encrypted and Locked License Sell Contract IP Owners Foundry/ Assembly SoC Designer 3PIP1 Chips SoC Design #chips 3PIP2 Need Keys from SoC Designers Need Keys from 3PIP Owners #chips #chips Supply Chain 3PIPn

  25. Challenges • How to lock a netlist which activates test before unlocking? • How to securely transfer the keys from 3PIP owners and SoC designer to the foundry and assembly? • How to protect an 3PIP from unwanted modification? Sell Another SoC Designer Encrypted and Locked License Sell Contract IP Owners Foundry/ Assembly SoC Designer 3PIP1 Chips SoC Design #chips 3PIP2 Need Keys from SoC Designers Need Keys from 3PIP Owners #chips #chips Supply Chain 3PIPn

  26. FORTIS -- Framework

  27. Test Before IC Activation

  28. Key Transfer: Chip Side System on a Chip

  29. Key Transfer: SoCDesigner Side System on a Chip Designer

  30. IP Overuse System on a Chip

  31. Call to Action: A Secure Ecosystem ? Chip Design Chip Foundry Chip Assembly PCB Assembly System Assembly ? Government Academia EDA Company 3PIP Vendors Security IP Vendors

  32. Stay Aware Unregulated E-waste Exports Fuel Counterfeit Electronics That Undermine U.S. National Security 'Internet Of Things' Hacking Attack Led To Widespread Outage Of Popular Websites World's Biggest Mirai Botnet Is Being Rented Out For DDoS Attacks After Dyn cyberattack, lawmakers seek best path forward Obama to Sign Bill Combating Counterfeit Chips Hackers create more IoT botnets with Mirai source code ‘Internet of things’ was mobilised for internet outage, says Dyn Counterfeit electronics: Another security threat from China House panel to tackle security of internet-connected devices

  33. Global Public-Private Responses EU Horizon 2020 Global Standards U.S. Initiatives

  34. What Can We Do Together Map the Who, What & Where of Your Electronics Ecosystem Monitor Geo-political and Industry Trends Join In Demanding Root of Trust Implement Protection Techniques Innovate with the Electronics Lifecycle in Mind

  35. Back-up for Possible Use

  36. IP Vendors Distributed Across the Globe Long and globally distributed supply chain of hardware IPs makes SoC design increasingly vulnerable to diverse trust/integrity issues.

More Related