The Most Significant Cyberattack in History Prompts Questions About Supply Chain SecurityDecember 29, 2020 by Jake Hertz
The United States is currently dealing with the implications of what experts are calling the most significant cyberattack in its history. What can EEs take from the news?
Some of the biggest news in the world right now is the recently-discovered cyberattack on US companies and government organizations. An unidentified group of attackers hacked into SolarWinds, an IT firm that provides software for major organizations, inserting a malicious line of code into one of their newest updates.
Authorities believe the attack affected at least seven government agencies. Image used courtesy of CBSN
The severity of the attack, which is said to have begun in March, is hard to understate, with organizations like the Treasury, Los Alamos Laboratory, Intel, NVIDIA, and many more being compromised.
The Danger of Supply-Chain Attacks
What made this attack so effective was the fact that it was a supply-chain attack, meaning the malicious software was introduced as the product was being developed. This made the malicious software hard to detect and was unknowingly downloaded by all of these organizations under the guise of a simple software update.
While this attack occurred at the software level, the circumstances of the vulnerability should resonate with electrical engineers. Supply-chain attacks are of significant concern in the IC world, with threats like hardware trojans and piracy breaches always looming. In fact, 80% of cybersecurity attacks begin in the supply chain.
Taxonomy of hardware trojans according to Rajendran et al. Image used courtesy of the Australian Government Department of Defence
How can EEs work to prevent supply-chain attacks in hardware?
Split-Secure Manufacturing and Logic Barriers
Two ways to prevent supply chain attacks are split-secure manufacturing and logic barriers.
In split-secure manufacturing, one half of an IC is fabricated in one foundry while the other half is fabricated in a different foundry. This method can prevent supply-chain attacks by barring either foundry from total access to the IC.
By splitting the manufacturing between foundries, bad actors compromising either foundry are unable to fully identify how and where to insert hardware trojans. This does come with some significant overheads, however, since this form of manufacturing can be expensive for foundries.
Logic barrier operation with the correct key (left) and the incorrect key (right). Image from Baumgarten et al.
Another popular method of hardware trojan prevention separates logical inputs from the outputs by what is known as a “logic barrier.” These barriers are a group of logic blocks that allows the correct logical path to be followed only if the correct key is applied. Naturally, only the IP owner knows the key.
This is effective because it disguises the design from an attacker who has access to the RTL, leaving an attacker uncertain of the exact workings of the IC until after the reconfigurable logic has been programmed.
Detecting Hardware Trojans
Since hardware trojans can’t always be prevented, it's essential that developers test for them when they're fresh off the supply-chain route. Popular methods include functional testing and run-time monitoring.
Functional tests involve testing all of the possible logical input combinations to identify triggers for a trojan. While this method could be effective if the developer is exhaustive with his or her efforts, it is not a feasible testing method for large circuits where the number of logical combinations could be astronomical. Further, some hardware trojans are externally activated and could proceed undetected, even using this method.
Detection of trojans based on transient supply currents. Image modified from Narasimhan et al.
A more effective approach is to perform run-time monitoring on the devices, checking for abnormal behavior that may indicate the presence of trojans. This could include a side-channel analysis of the device. For example, you could run a differential power analysis on the device under test, theoretically noticing the presence of a trojan if it were to become partially activated at any point during runtime.
The obvious caveat to this method is that it requires a "golden device," or a known, unaltered version of the device, for reference. Beyond power, other side-channels include switching current, leakage current, path delay, and EM radiations.
No System is 100% Secure
The news of this major hack is significant because it highlights that even the most sophisticated technology can be vulnerable to compromises in the supply chain. While this particular attack targeted software, supply-chain attacks in hardware can be equally dangerous.
Other Facets of the Hardware Security Discussion
The conversation on hardware security is far from a new one. Check out some of these articles to review the nuance of this issue.
- Researchers Get Ahead of Hardware Backdoors—By Creating Their Own
- Hardware Security Vulnerabilities that Engineers Should Know
- Security IC Solutions: Build or Buy?
Do you feel a certain mantel to ensure hardware security in your designs? Or is device security delegated to different professionals at your company? Share your experiences in the comments below.