Any product manufacturer knows that their products are becoming more and more complicated and require memory and storage capacities never dreamed of even a decade ago. Almost every consumer or commercial electronic product, in addition to its core functionality, is now enabled with supplemental sensors, internet connectivity, and is designed to offer new levels of user personalization via analytics of user behavior. Even the humble lightbulb that used to consist of a socket, glass, and a filament has morphed into a dozen-component electronic subsystem with the advent of LEDs and then into customizable wifi-connected mood lighting with a processor and memory.
All of these rich capabilities demand ever more capable processing and semiconductor memory and lead to procuring electronic components, modules and software from a variety of sources. And all these parts need to be quickly accessible and procured from reliable and trustworthy sources to meet market demand cycles--in short this leads to a very complex and distributed supply chain.
Supply chain conversations often focus on ensuring hardware devices can reliably get from point A to point B. This progression must ensure timeliness and must be tamperproof. Unfortunately, it can be very difficult to guarantee these attributes. Counterfeit components can be inserted in place of intended ones. These can be cheap knockoffs to save cost or maliciously-modified copies with the intent of causing mayhem or exfiltration of data. A module or product can also be tampered with by maliciously adding or removing components to affect the eventual product’s function or reliability. A recent article highlights the hugely destructive and costly implications of simply adding a component to a highly valued piece of equipment. With the unauthorized and undetected modification, according to this article, attackers were able to infiltrate over 30 companies, all while the intended users were unaware. In this case a keen and diligent eye was eventually able to spot the malicious chip and neutralize the threat. But what about if the same situation were applied to software?
As noted, more and more products have processing elements and require complex software. This software is arguably *more* susceptible to supply chain modification and attack than its physical chip counterparts. Software modification cannot be visually inspected, and existing system-level security can do absolutely nothing to prevent a supply chain attacker from directly addressing a memory device that has not been secured through physical means. This is not to say that memory and its content can’t be protected in the supply chain- rather that doing so adds system cost, complexity and possibly eliminates the ability to rework. Common approaches to protect memory content include epoxy encapsulation or other isolation techniques, taking care to eliminate direct memory probe points, and using memory packages without exposed lead frames. Even so, an experienced (well-funded) attacker can get around these barriers if the prize is large enough.
A common misconception is that such an attack has low value, is easily detectable through prudent electronic means, or not worth doing in high volume. A response to this is that often only one device/firmware needs to be compromised if it affords connectivity to higher value assets. And even electronic devices that require signed firmware (that presumably enable modification to be detected) can have design flaws that allow this to be circumvented. Or more likely, signed firmware is not even a system requirement. If an attacker successfully modifies a device’s firmware simply by gaining physical possession of the device in the supply chain, then the only recourse left is to detect and fix the problem at a later date. But measured/trusted/secure boot solutions are not universally implemented and almost certainly do not have countermeasures or resiliency schemes in place to recover from a malicious modification. Often, the only solution is to destroy the device because modified low level firmware can resist removal and be costly to rework. The solution? Enable a supply chain solution that also addresses and prevents attacks to the platform firmware.
Micron’s Authenta technology is a perfect solution for this problem. Like a self encrypting drive, Authenta flash devices co-locate cryptographic capabilities directly with system code/data in the memory device. This allows the memory chip to make the final critical decision whether or not its content may be modified. To an authorized user, the flash device has all the benefits of rewritable and persistent memory chip. To an attacker, the flash is nothing more than a ROM. Authenta memory devices can also strongly attest to both their physical authenticity as well as their content. This enables a common platform for ensuring that malicious modification can be identified regardless of the OS, SoC, board configuration or chosen software image. Authenta memory is the industry’s answer to secure nonvolatile memory and its content in the supply chain. Learn more at: https://www.micron.com/products/advanced-solutions/authenta.