This talk, titled “Keynote: Perspectives on Trust in Hardware Supply Chains” [00:00] by Bunny Huang, discusses the complexities and vulnerabilities within hardware supply chains.
Key points from the talk include:
- Diversification and Simplification: In chaotic times, it’s beneficial to diversify by having multiple, hyper-efficient locations rather than centralized single points of failure. Simplifying business processes and legal contracts can reduce complexity and improve understanding for everyone involved [02:24].
- Trust in Hardware: The speaker suggests moving the “root of trust” or “source of truth” into hardware, such as using a USB Hardware Security Module (HSM) for DNSSEC keys. This increases integrity and simplifies recovery in case of a compromise [03:13].
- Economic Incentives in Supply Chain Attacks:
- Software vs. Hardware Profitability: Software typically has a negative profitability curve initially, requiring volume and network effects to become profitable, while hardware is most profitable from the first unit sold [08:50].
- Malware as a Scale Play: Software malware aims for “break once, run everywhere” exploits, impacting millions of devices [10:15].
- Hardware Attacks as Simpler Fraud: The majority of hardware threat actors are focused on simpler, more profitable attacks like warranty fraud, rather than high-end exploits [11:34].
- Warranty Fraud Example (iPhone 6 Error 53): A detailed example of warranty fraud involved exploiting a manufacturing defect (Error 53) in iPhone 6 devices. Attackers would trigger the error, assemble “Franken-phones” from scrap parts, and return them for new ones, leading to billions of dollars in losses for Apple [19:46].
- E-waste Mining: People actively “mine” e-waste for spare parts, turning discarded electronics into valuable inventory. This demonstrates the “nothing goes to waste” ethos in the ecosystem [14:52].
- Re-labeled Production Parts: The speaker experienced an issue where 3% of FPGAs they purchased were engineering samples (free, not production-rated) that had been re-labeled and blended into the supply chain, increasing distributor profits by 60% [31:26]. This highlights that hardware threats are dynamic and localized.
- Spectrum of Fakes: Hardware authenticity exists on a spectrum, from total fakes to re-labeled genuine parts and “ghost shifting” (workers manufacturing extra parts after hours on official lines) [33:24].
- Challenges in Detection: Current methods for detecting hardware attacks are generally undeveloped. Most companies only perform label checks, and those who do more advanced checks often don’t admit to it due to competitive pressures [48:43].
- Advanced Chip-Level Threats:
- Level 1 (Modified Network Interface Chip): Detectable with $1,000-$10,000 tools, involves adding a small Trojan to a chip to exfiltrate data. This can be done relatively cheaply using open-source IP blocks [39:17].
- Level 2 (Modified CPU Pipeline): Requires $10,000-$100,000 tools, involving small logic changes (10-100 logic cells) within a CPU to bypass memory protection [41:34].
- Level 3 (Reduced Round Cryptography): Extremely difficult to detect, involving a single via edit in a chip to reduce the rounds in a cryptographic algorithm (e.g., AES), effectively weakening it without changing timing or power side channels [44:12]. There are no known mass-deployable non-destructive methods for detecting this.
- Future Concerns: The speaker warns that as counter-measures improve and economic landscapes change (e.g., a bust in the chip industry), sophisticated supply chain attacks on chips may become more prevalent [52:04].
- Possible Defenses: While currently undeveloped, defenses are possible. The speaker is researching infrared in-situ verification of silicon [49:49], which could allow inspection of chips after they are attached to a circuit board without damage. He advocates for open-source hardware and a “full stack collaboration” to enable inspectability [53:45].