Secure Outsourcing of Circuit Manufacturing

The fabrication process of integrated circuits (ICs) is complex and requires the use of off-shore foundries to lower the costs and to have access to leading-edge manufacturing facilities. Such an outsourcing trend leaves the possibility of inserting malicious circuitry (a.k.a. hardware Trojans) during the fabrication process, causing serious security concerns. Hardware Trojans are very hard and expensive to detect and can disrupt the entire circuit or covertly leak sensitive information via a subliminal channel. In this paper, we propose a formal model for assessing the security of ICs whose fabrication has been outsourced to an untrusted off-shore manufacturer. Our model captures that the IC specification and design are trusted but the fabrication facility(ies) may be malicious. Our objective is to investigate security in an ideal sense and follows a simulation based approach that ensures that Trojans cannot release any sensitive information to the outside. It follows that the Trojans\u27 impact in the overall IC operation, in case they exist, will be negligible up to simulation. We then establish that such level of security is in fact achievable for the case of a single and of multiple outsourcing facilities. We present two compilers for ICs for the single outsourcing facility case relying on verifiable computation (VC) schemes, and another two compilers for the multiple outsourcing facilities case, one relying on multi-server VC schemes, and the other relying on secure multiparty computation (MPC) protocols with certain suitable properties that are attainable by existing scheme

Supply chain control: Trade-offs and system requirements

The official published version can be accessed from the link below.A paper describes the underlying forces which drive change in manufacturing enterprises and supply chains. It sets out the complexities in modern capitalism and global economics and illustrates the trade-offs that can be made. IT systems which are required to assist improvements to both customer service and enterprise manufacturing performance are explained, alluding to the special case for the semiconductor industry. Arguments are presented showing how the new tools being developed with the ESPRIT project 20544, X-CITTIC, will satisfy the control needs for a virtual enterprise. This paper describes the underlying forces which drive change in manufacturing enterprises and supply chains. It sets out the complexities in modem capitalism and global economics and illustrates the trade-offs that can be made. IT systems which are required to assist improvements to both customer service and enterprise manufacturing performance are explained alluding to the special case for the semiconductor industry. Finally it shows how the new tools being developed with the ESPRIT project 20544, XCITTIC, will satisfy the control needs for a virtual enterprise

Creation and detection of hardware trojans using non-invasive off-the-shelf technologies

As a result of the globalisation of the semiconductor design and fabrication processes, integrated circuits are becoming increasingly vulnerable to malicious attacks. The most concerning threats are hardware trojans. A hardware trojan is a malicious inclusion or alteration to the existing design of an integrated circuit, with the possible effects ranging from leakage of sensitive information to the complete destruction of the integrated circuit itself. While the majority of existing detection schemes focus on test-time, they all require expensive methodologies to detect hardware trojans. Off-the-shelf approaches have often been overlooked due to limited hardware resources and detection accuracy. With the advances in technologies and the democratisation of open-source hardware, however, these tools enable the detection of hardware trojans at reduced costs during or after production. In this manuscript, a hardware trojan is created and emulated on a consumer FPGA board. The experiments to detect the trojan in a dormant and active state are made using off-the-shelf technologies taking advantage of different techniques such as Power Analysis Reports, Side Channel Analysis and Thermal Measurements. Furthermore, multiple attempts to detect the trojan are demonstrated and benchmarked. Our simulations result in a state-of-the-art methodology to accurately detect the trojan in both dormant and active states using off-the-shelf hardware

Sending Jobs Overseas: The Cost to America’s Economy and Working Families

[Excerpt] This report was created by Working America and the AFL-CIO as a companion piece to Work­ing America’s Job Tracker, a ZIP code –searchable database of jobs exported (as well as Occupational Safety and Health Act violations and other work­place issues). Users can search their area for com­panies that have sent jobs overseas. Though Job Tracker is one of the largest publicly available, fully searchable records of the extent and specifics of outsourcing, it only reveals the tip of the iceberg. This report and Job Tracker contextualize each other—Job Tracker by mapping specific job losses due to outsourcing, the report by taking a broad view of the national-level numbers that are avail­able and offering case studies of key industries

Trade Collapse, Trade Relapse and Global Production Networks: Supply Chains in the Great Recession

Global supply chains reshaped international trade since the end 1980s. Their role in explaining the trade collapse that followed the financial crisis of September 2008 was determinant. Because production is internationally diversified, adverse external shocks affect firms not only through final demand, but also through a rupture in the flow of inputs received from their suppliers. The future of supply chain will also determine the alternative exit scenarios from the Great Recession; as a result of global rebalancing, they will probably be smaller and more regional. Left unchecked, these centripetal forces may lead to a deterioration of global governance and to deglobalization. The reshaping of global effective demand is of particular importance for the labour abundant lesser advanced developing countries that where relying on the strength of the global supply chains to attract productive investments. On the other hand, because trade in goods for processing inflated artificially some bilateral trade deficit, rebalancing them will prove easier in the short term, while the technical factors that made possible the internationalization of production will still promote further "flattening of the Earth" in the longer terminternational trade; crisis; global supply chains; transmission channels; global rebalancing; trade and development

Hardware trojans and smart manufacturing – a hardware security perspective

Integrated Circuits (ICs) are the cardinal elements of modern electrical, electronic and electro-mechanical systems. Amid global outsourcing of ICs' design and fabrication and their growing applications in smart manufacturing or Industrie 4.0, various hardware security threats and issues of trust have also emerged. IC piracy, counterfeiting, and hardware Trojans (HTs) are some of the key hardware threats that merit the attention of manufacturing community. It is worth noting that the lower abstraction levels (ICs) are falsely assumed to operate securely. The proposition, therefore, is that if an operating system (higher abstraction level) is considered to be secure while operating on a compromised IC (lower abstraction level), would it be prudent to regard this implementation as secure? The purpose of this paper is to highlight IC level threats with an emphasis on hardware Trojans that pose a significant threat to smart manufacturing environment in the wake of Industrial Internet of Things (IIoT)

A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components

The semiconductor industry is fully globalized and integrated circuits (ICs) are commonly defined, designed and fabricated in different premises across the world. This reduces production costs, but also exposes ICs to supply chain attacks, where insiders introduce malicious circuitry into the final products. Additionally, despite extensive post-fabrication testing, it is not uncommon for ICs with subtle fabrication errors to make it into production systems. While many systems may be able to tolerate a few byzantine components, this is not the case for cryptographic hardware, storing and computing on confidential data. For this reason, many error and backdoor detection techniques have been proposed over the years. So far all attempts have been either quickly circumvented, or come with unrealistically high manufacturing costs and complexity. This paper proposes Myst, a practical high-assurance architecture, that uses commercial off-the-shelf (COTS) hardware, and provides strong security guarantees, even in the presence of multiple malicious or faulty components. The key idea is to combine protective-redundancy with modern threshold cryptographic techniques to build a system tolerant to hardware trojans and errors. To evaluate our design, we build a Hardware Security Module that provides the highest level of assurance possible with COTS components. Specifically, we employ more than a hundred COTS secure crypto-coprocessors, verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to realize high-confidentiality random number generation, key derivation, public key decryption and signing. Our experiments show a reasonable computational overhead (less than 1% for both Decryption and Signing) and an exponential increase in backdoor-tolerance as more ICs are added