In recent years, we have seen a rise in attacks of a previously unheard-of type – supply chain attacks. As attack prevention in systems becomes more and more sophisticated, including dedicated hardware and software, rogue players are moving to supply chain attacks to overcome systems before they have a chance to install and operate such protections.
Supply chain attacks
In a nutshell, supply chain attacks target the systems during their production or shipment in order to install weaknesses before they reach their final destination. When an affected system is installed, it is already compromised. The weaknesses can then be used by the attackers at their will to infiltrate the systems, bypass protection mechanisms, and perform preplanned malicious actions.
Since modern systems are created in multiple steps with components and processes sourced from global vendors, it is extremely hard for the vendors and the intended users to ensure everything is in perfect security order.
In the past, it was sufficient to use logging and tracking, and in extreme cases, tamper-evident tapes and locks. It was a common belief that once a machine is assembled at the factory and put in a box, as long as that box reaches its destination intact, all is well.
This is no longer true. Rogue organizations and even nations are using sophisticated technologies to mount hidden attacks at very early stages of the supply chain. This goes far back into the assembly process, component shipping, mass programming, and even component production. When looking at an electronic component with the naked eye, it's hard to tell an original from a counterfeit. And when that component is an essential part of the system operation and security, its replacement with a forged, potentially harmful one poses a serious security threat.
We have learned of mystery components finding their way into high-profile servers, but this only tells part of the story. What if an attacker manages to create what looks like a genuine part and has that part assembled in an otherwise legitimate system? What will happen if that part holds code that the system will run? What if a remote attacker can use that to mount and unleash an attack at any given time?
System makers are striving for a solution that is strong yet affordable, allowing them to verify authenticity and integrity of key components in the system at any stage of the supply chain, before and after assembly, before and after shipping, before and after deployment, and at any other time during the life cycle of that system.
Securing the root of trust
A Root of Trust (RoT) is a concept where a system starts from a known and secure state and measures every next stage of the execution chain before it is used, ensuring that only genuine code runs on genuine hardware. However, the root of trust must rely on some secure hardware and code that must be genuine, unaltered, and whole. If that RoT is compromised or replaced during some stage of the supply chain, there is no way of assessing the security state of the system.
One solution that has been used before is a TPM (Trusted Platform Module) or some Secure Element. These are secure hardware devices with cryptographic capabilities that may be used to ensure the validity of the system. However, these components have many limitations. Their operation is strongly tied to the system software that they need to protect. Since these are discrete devices, they may also be replaced or bypassed. They are expensive and require more technical effort to be integrated, and they may not be adapted for all cases.
Robust solution for securing the supply chain
If we can ensure that the system executes the original boot code, unmodified, and will not replace it at any stage with rogue code, and if we can remotely authenticate the code and the storage medium it is stored in, we can ensure that the system will be much less prone to the types of supply chain attacks we have described here. To do so, we need to add a mechanism to identify the storage medium in a cryptographically secure way and to ensure that it holds genuine, unmodified, and recent boot code.
Boot code measurement and signature verification when done by software, is a known method which, as earlier noted, is not as safe as it should be since the software essentially measures itself.
The stronger alternative is designing the storage medium to have these required capabilities. One way of doing so is to add a hardware based challenge-response enquiry mechanism to the storage medium, following a PKI (Private-Public Key Infrastructure) scheme, where the storage medium holds a unique private key that can be used to exclusively sign the challenge. The vendor can use this mechanism to query the storage medium at any time to verify that it's the genuine component arriving from the original manufacturer and assembled in the correct target system.
A second, important mechanism, allows the vendor to verify the code stored in the device to ensure it is genuine unmodified and recent.
Role of Post-Quantum Cryptography in supply chain protection
As mentioned above, supply chain protection is based on PKI (Private-Public Key Infrastructure). Traditional crypto schemes such as RSA and ECC are no longer allowed for new designs. For that reason, Post Quantum schemes should be employed. One scheme that was adopted by NIST and CNSA is the Leighton-Micali (LMS) algorithm. This is a hash-based signature algorithm that is stateful, and as such, at the time of writing this, is practically impossible to break.
Authenticated Code Update
The last piece of the puzzle has to do with secure update of the firmware code. Ensuring genuine code and code storage device is only good as long as the code does not need to be updated. When an update is deployed, it's essential to have the same level of protection as the rest of the supply chain. For that reason, code updates must also be signed and authenticated using PQC based algorithms and LMS algorithm was chosen for that purpose as well. It is used to sign the code updated, only this time the public key is stored in the storage medium, and the private key is used to sign the updates.
To conclude, ensuring supply chain security requires robust measures such as remote attestation and cryptographic verification. Winbond Secure Flash enhances supply chain protection by integrating Post-Quantum Cryptography (PQC)-based remote attestation, ensuring that only authentic, unaltered flash device and firmware operates within systems. To learn more about Winbond's advanced security solutions, visit Winbond's website or contact Winbond directly, or download the latest Hardware Security White Paper.
Article edited by Jack Wu
