A Survey on Integrated Circuit Trojans

Traditionally, computer security has been associated with the software security, or the information-data security. Surprisingly, the hardware on which the software executes or the information stored-processed-transmitted has been assumed to be a trusted base of security. The main building blocks of any electronic device are Integrated circuits (ICs) which form the fabric of a computer system. Lately, the use of ICs has expanded from handheld calculators and personal computers (PCs) to smartphones, servers, and Internet-of-Things (IoT) devices. However, this significant growth in the IC market created intense competition among IC vendors, leading to new trends in IC manufacturing. System-on-chip (SoC) design based on intellectual property (IP), a globally spread supply chain of production and distribution of ICs are the foremost of these trends. The emerging trends have resulted in many security and trust weaknesses and vulnerabilities, in computer systems. This includes Hardware Trojans attacks, side-channel attacks, Reverse-engineering, IP piracy, IC counterfeiting, micro probing, physical tampering, and acquisition of private or valuable assets by debugging and testing. IC security and trust vulnerabilities may cause loss of private information, modified/altered functions, which may cause a great economical hazard and big damage to society. Thus, it is crucial to examine the security and trust threats existing in the IC lifecycle and build defense mechanisms against IC Trojan threats. In this article, we examine the IC supply chain and define the possible IC Trojan threats for the parties involved. Then we survey the latest progress of research in the area of countermeasures against the IC Trojan attacks and discuss the challenges and expectations in this area. Keywords: IC supply chain, IC security, IP privacy, hardware trojans, IC trojans DOI: 10.7176/CEIS/12-2-01 Publication date: April 30th 202

ENHANCING SECURITY OF RFID-ENABLED IOT SUPPLY CHAIN

In addition to its benefits, the popular Internet of Things (IoT) technology has also opened the way to novel security and privacy issues. The basis of IoT security and privacy starts with trust in the IoT hardware and its supply chain. To ensure reliable IoT industry growth, counterfeiting, cloning, tampering of hardware, theft, and lost issues in the IoT supply chain must be addressed. Radio-frequency identification (RFID)-enabled solutions to bring security to the IoT supply chain have been proposed, by the same authors in four previous works. The works contain a similar RFID-traceable hardware architecture, device authentication, and supply chain tracing procedure. However, the same lightweight RFID authentication protocol variant proposal coupled with the offline supply chain has security vulnerabilities that make the whole supply chain unsafe. Our work proposes an online supply chain hop-tracking procedure supported by a novel RFID mutual authentication protocol based on strong matching of RFID readers, their operators and the central database server. The proposed Strong RFID Authentication Protocol (STRAP) has been verified by two well-accepted formal protocol analyzers Scyther and AVISPA. The verification results demonstrate that STRAP overcomes the previous works’ vulnerabilities. Furthermore, our proposed novel online supply chain tracing solution removes the weaknesses of previous offline supply chain tracking solutions