Supply Chain Threats Against Integrated Circuits

White Paper Matthew Areno, PhD July 2020 LEGAL NOTICE Intel provides these materials as-is, with no express or implied warranties. All products, dates, and figures specified are preliminary, based on current expectations, and are subject to change without notice. The products described might contain design defects or errors known as errata, which might cause the product to deviate from published specifications. Current, characterized errata are available on request. Intel technologies might require enabled hardware, software, or service activation. Some results have been estimated or simulated. Your costs and results might vary. No product or component can be absolutely secure. No license (express, implied, by estoppel, or otherwise) to any intellectual-property rights is granted by this document. © Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands might be claimed as the property of others. White Paper | Supply Chain Threats Against Integrated Circuits Contents 1. Introduction ........................................................................................................................................................................................... 4 2. Component Lifecycle ......................................................................................................................................................................... 5 2.1. Conceptual Stage ....................................................................................................................................................................... 5 2.2. Design Stage ................................................................................................................................................................................ 5 2.3. Integration Stage ........................................................................................................................................................................ 5 2.4. Fabrication Stage ....................................................................................................................................................................... 5 2.5. Testing Stage ............................................................................................................................................................................... 6 2.6. Provisioning Stage ..................................................................................................................................................................... 6 2.7. Deployment Stage ..................................................................................................................................................................... 6 3. Supply-Chain Attacks ........................................................................................................................................................................ 7 3.1. Insider Threat .............................................................................................................................................................................. 8 3.2. Design Tools ................................................................................................................................................................................ 8 3.3. Third-party Plugins ................................................................................................................................................................... 8 3.4. Attack on Design Networks ................................................................................................................................................... 8 3.5. Malicious Hardware ................................................................................................................................................................... 8 3.6. Malicious Firmware ................................................................................................................................................................... 8 3.7. Design Alteration ....................................................................................................................................................................... 8 3.8. Unauthorized Disclosure ........................................................................................................................................................ 9 3.9. Insertion of Trojan Circuitry .................................................................................................................................................. 9 3.10. Insertion of Trojan Component ....................................................................................................................................... 9 3.11. Component Replacement .................................................................................................................................................. 9 3.12. Reverse Engineering of Design ........................................................................................................................................ 9 3.13. Falsification of Test Results .............................................................................................................................................. 9 3.14. Insertion of Unsecure Values ........................................................................................................................................... 9 3.15. Improper Device Settings .................................................................................................................................................. 9 3.16. Physical Alteration in Transit......................................................................................................................................... 10 3.17. Replacement of Valid Firmware ................................................................................................................................... 10 3.18. Overproduction of Parts .................................................................................................................................................. 10 3.19. Fictitious Recycling ............................................................................................................................................................ 10 4. Threat Examples ............................................................................................................................................................................... 11 5. Conclusions ........................................................................................................................................................................................ 14 White Paper | Supply Chain Threats Against Integrated Circuits 1. Introduction Computing systems today face an unprecedented number of attacks that begin even before the system is ever turned on by the end user. The supply chain used to generate these systems has been the target of a variety of different attacks and the topic of an array of research papers by respected scholars. Understanding supply-chain attacks against the Integrated Circuit (IC) components that make up computing systems requires an assessment of all potential attack vectors throughout the lifecycle of the IC and the computing system itself. A variety of attacks might be leveraged at each stage of the IC lifecycle via one or multiple attack vectors. Some attack vectors are unique to specific stages of the lifecycle, while others might be universal across all stages. Equally, mitigations against a specific attack or attack vector at one stage might be insufficient or inappropriate for other stages. Further complicating supply-chain protections is the fact that the level of access to IC components or computing systems can vary across the entire lifecycle. Ultimately, because a computing system is typically composed of multiple components from different manufacturers, each with its own level of scrutiny in relation to supply-chain attacks, ensuring the integrity of a computing system across all stage of its lifecycle is extremely challenging. The purpose of this paper is to