ITEA Cybersecurity Workshop Hardware Assurance Lifecycle ... › images › pdf › conferences ›...
Transcript of ITEA Cybersecurity Workshop Hardware Assurance Lifecycle ... › images › pdf › conferences ›...
1Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Integrity Service Excellence
Hardware Assurance
Lifecycle Ecosystem
Distributed Transition
Environment
7 MAR 18
Matthew Casto, PhD
Chief, Trusted Electronics Branch
AF JFAC HwA Technical Lead
Sensor’s Directorate
Air Force Research Labs
ITEA Cybersecurity Workshop
2Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Globalization of Microelectronics
Needs
Off-Shore design & production of ICs provides adversary malicious & monetary opportunity
COTS → 𝒓𝒊𝒔𝒌 > 𝒓𝒆𝒘𝒂𝒓𝒅?
Commercial vs. Military Requirements
THAAD
Availability Access Assurance
DoD systems require
Trusted and Assured Electronics
?
Dcma.mil
3Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Strategy
•DSB Microelectronics ‘05
•Cybervision 2025
•Foundations of T&A
•NDAA 14 SEC 937
•JFAC
•DoD Long Term Strategy for TF
•NDAA 17 SEC 231
•PB 17 T&AM
•DSB Cyber Supply Chain ‘17
•Microelectronics Innovation for National Security
•FY19 OMB Executive R&D Priorities
Policy
•DoD Instruction (DoDI) 5000.02
•Cyber DTMs
•Trusted Systems and Networks, 5200.44
•Program Protection Plan (PPP)
• International Traffic in Arms Regulations (ITAR) update (in work)
•2017 EO- Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Joint Federated Assurance Center
•Software assurance knowledge & tools
•Hardware assurance knowledge & tools
•Advanced verification & validation capabilities
•Core Hardware Labs across service and agencies
•Program Pilots
Trusted & Assured Microelectronics
•Access to state-of-the-art foundries
•Trust and assurance methods and demonstration
•New Trust Approach
• Industrial best practices for assurance
•Alternative sources of advanced microelectronics
•COTs and FPGA Assurance
•Disruptive devices and architectures
“..the budget invests $454 million over the FYDP to ensure DoD will continue to have access to the
trusted microelectronic components needed in our weapon systems. By developing alternative
sources for advanced microchips and trusted designs, this funding will help ensure the long-term
security of our systems and capabilities.” –SECDEF Carter, FY17 PBR, 25 FEB 16
Strategic Response
Image sources ODASD, DIST A - Assuring MINSEC– TAME Forum NOV 2017
4Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Hardware Assurance
New Challenges
•Sensors becoming more integrated
– Autonomy relies more on sensors
– Can’t trust / question all information provided
•Technology marching on….
– Stacked die – 2.5 D FOWLP, 3DIC
– 2µm trace space bump connectablility
– Garage–Fab
•More, Faster Connectivity
– 5G communication taking over the last mile
– Automated systems communicating
autonomously (and anonymously???) Anl.gov
NIST.gov
Asc.army.mil
5Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
The Good News
Question: “How do we handle security in these
new environments?”
Answer: “The Software takes care of that.”
– NAE Member
US Military Fake Chips Battle –AUG16 The Register
Counterfeit Chips Plague US Missile Defense – WIRED 2011
Huawei, Chinese
Technology Giant, Is
Focus of Widening U.S.
Investigation – NY Times
APR17 Flipping Bits in Memory Without
Accessing Them: An Experimental
Study of DRAM Disturbance Errors
- IEEE ISCA 2014
ProjectZero Google 2015
“RowHammer”
A Chip Flaw Strips Away Hacking Protections for Millions of Devices – WIRED FEB17
U.S. Fines ZTE of China $1.19 Billion for Breaching Sanctions – NY Times MAR17
Source: cyber.nj.gov
6Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Spectre / Meltdown
However, Intel has already pulled its Spectre variant 2 patch because it was causing rebooting errors for some Intel-based computer owners, so everyone will remain vulnerable to this flaw for the time being. – Tom’s Hardware
Source: https://www.av-test.org/en/
7Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
System Vulnerabilities:
A Race to the Hardware
Complex Hardware Systems have a large, persistent vulnerability surface
8Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Practical Boundary Conditions:
Tractable Scope
Source: crd.lbl.gov
9Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
How?
Quantitative AnalyticsQuantitative reduction in likelihood
Source: DoD Trusted Systems and Networks (TSN) FEB 13
Trust
Near Mid Far
Measurement, Analysis, & Verification
Taxonomy of Vulnerability
Quantitative Methods for Vulnerability Assessment and Security
Requires Data! …. “Data is the new oil” – Clive Humbly UK Mathematician
10Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
MET
A D
ATA
Integrity IntegrationDisposal
Log
Microelectronics Lifecycle
Model& Sim
PDKs&IP
DesignTools
Design
TestArticles
PCM
Mask Data
FAB
Reliability
Function
Test
Harden
Package
Insert
Monitor
Authen-ticate
Sustain
Where does the data come from?Integrated Circuit Supply Chain
Trusted DataRepository
11Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Disposal Log
Microelectronics Lifecycle
Design FAB Test Insert
Monitor
Authen-ticate
Sustain
Integrated Circuit Supply Chain
12Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Design FAB Test Insert Sustain
Distributed Transition Environment
Putting Tools in Users Hands
13Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
IP
Temporal
Vetted IP
Spatial Physical
Implement
Architecture
Electrical
Function
Location
Tracking Longevity
Supply/BlockChain
2nd OrderAnalysis
ConfidenceTools
Counterfeit
MaliciousContent
Design FAB Test Insert Sustain
Distributed Transition Environment
Multi-Domain Access
14Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Temporal
Vetted IP
Spatial Physical
Implement
IP
Architecture
Electrical
Function
Location
Tracking Longevity
Supply/BlockChain
2nd OrderAnalysis
ConfidenceTools
Counterfeit
MaliciousContent
Design FAB Test Insert Sustain
Distributed Transition Environment
Multi-Domain Access
15Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Design FAB Test Insert Sustain
Distributed Transition Environment
Verification and Validation
16Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Verification & ValidationTools
Design FAB Test Insert Sustain
Distributed Transition Environment
Verification and Validation
17Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Design FAB Test Insert Sustain
DARPA/IARPA
JFAC
Distributed Transition Environment
Identify and Transition
Verification & ValidationTools
18Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Verification & ValidationTools
Design FAB Test Insert Sustain
DARPA/IARPA
JFAC
S&T / R&D
Distributed Transition Environment
Quantitative Risk Assessment Metrics
PF = E(f(XDesign, XFAB, XTest, XInsert, XSustain)
Game Theory
SBIR
Identify and Transition
19Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Verification & ValidationTools
Design FAB Test Insert Sustain
Distributed Transition Environment
Collaborative and Distributed
20Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Verification & ValidationTools
Design FAB Test Insert Sustain
Designer Tester Depot
Sim DataCharacterizationReliabilityMalicious Content Tools
Counterfeit DetectionInsertion LogReliability Info
Logistics
LocationShelf LifeTraceability
Design ToolsIPModel & Sim
Analyst
Threat Vectors
Collaborative and Distributed
21Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Verification & ValidationTools
Design FAB Test Insert Sustain
Multi-Dimensional Perceptivity
22Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Multi-Dimensional Perceptivity
23Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Legacy Chip
Case Example
Legacy Component
24Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Legacy Chip
Case Example
Legacy Component
25Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Legacy Chip
Case Example
Legacy Component
26Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Legacy Chip
Case Example
Legacy Component
27Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Legacy Chip
Case Example
Legacy Component
28Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Analysis Engine
Reliability
Virtual Instruments
Intellectual Property Protection
Design
TRUST &
SCRM
Test
Distributed Transition Environment
National Vision
Distributed Transition EnvironmentIntelligence Reports
29Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Environment Vision
.org
PUBLIC
PUBLIC
PUBLIC
ITAR
ATO
SITE
.com
ITAR RESTRICTED
ITAR RESTRICTED
PUBLIC
ITAR
ATO
SITE
.us
ATO CERTIFIED
ATO CERTIFIED
PUBLIC
ITAR
ATO
SITE
• Non-US Persons OK• Two-Factor
Optional• Target Users
• Academia• Commercial
• US Persons Only (ITAR)
• Two-Factor Required• Target Users
• Contractors• Commercial
• US Persons Only (CUI)• CAC Card or
Equivalent• Target Users
• Government• Contractors
USER accounts valid OUTWARDS.
DATA repositories can be taken INWARDS.
TOOLS can be taken INWARDS.
30Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
Distributed Transition Environment
Key Enablers
• Scalable lifecycle environment
• User access to tools and techniques
• Time and version control
– Address State of the Art, State of Practice, and
Legacy and Boutique
• Risk mitigation and assurance through
quantitative analytics and tractable best
practice
31Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825
African Proverb
Every morning in Africa, a gazelle wakes up.
It knows it must run faster than the fastest lion or it will be killed
Every morning the lion wakes up.
It knows it must outrun the slowest gazelle or it will starve to death.
It doesn’t matter whether you are a lion of a gazelle.
When the sun comes up, you’d better start running!