1Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Integrity Service Excellence

Hardware Assurance

Lifecycle Ecosystem

Distributed Transition

Environment

7 MAR 18

Matthew Casto, PhD

Chief, Trusted Electronics Branch

AF JFAC HwA Technical Lead

Sensor’s Directorate

Air Force Research Labs

ITEA Cybersecurity Workshop

2Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Globalization of Microelectronics

Needs

Off-Shore design & production of ICs provides adversary malicious & monetary opportunity

COTS → 𝒓𝒊𝒔𝒌 > 𝒓𝒆𝒘𝒂𝒓𝒅?

Commercial vs. Military Requirements

THAAD

Availability Access Assurance

DoD systems require

Trusted and Assured Electronics

?

Dcma.mil

3Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Strategy

•DSB Microelectronics ‘05

•Cybervision 2025

•Foundations of T&A

•NDAA 14 SEC 937

•JFAC

•DoD Long Term Strategy for TF

•NDAA 17 SEC 231

•PB 17 T&AM

•DSB Cyber Supply Chain ‘17

•Microelectronics Innovation for National Security

•FY19 OMB Executive R&D Priorities

Policy

•DoD Instruction (DoDI) 5000.02

•Cyber DTMs

•Trusted Systems and Networks, 5200.44

•Program Protection Plan (PPP)

• International Traffic in Arms Regulations (ITAR) update (in work)

•2017 EO- Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Joint Federated Assurance Center

•Software assurance knowledge & tools

•Hardware assurance knowledge & tools

•Advanced verification & validation capabilities

•Core Hardware Labs across service and agencies

•Program Pilots

Trusted & Assured Microelectronics

•Access to state-of-the-art foundries

•Trust and assurance methods and demonstration

•New Trust Approach

• Industrial best practices for assurance

•Alternative sources of advanced microelectronics

•COTs and FPGA Assurance

•Disruptive devices and architectures

“..the budget invests $454 million over the FYDP to ensure DoD will continue to have access to the

trusted microelectronic components needed in our weapon systems. By developing alternative

sources for advanced microchips and trusted designs, this funding will help ensure the long-term

security of our systems and capabilities.” –SECDEF Carter, FY17 PBR, 25 FEB 16

Strategic Response

Image sources ODASD, DIST A - Assuring MINSEC– TAME Forum NOV 2017

4Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Hardware Assurance

New Challenges

•Sensors becoming more integrated

– Autonomy relies more on sensors

– Can’t trust / question all information provided

•Technology marching on….

– Stacked die – 2.5 D FOWLP, 3DIC

– 2µm trace space bump connectablility

– Garage–Fab

•More, Faster Connectivity

– 5G communication taking over the last mile

– Automated systems communicating

autonomously (and anonymously???) Anl.gov

NIST.gov

Asc.army.mil

5Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

The Good News

Question: “How do we handle security in these

new environments?”

Answer: “The Software takes care of that.”

– NAE Member

US Military Fake Chips Battle –AUG16 The Register

Counterfeit Chips Plague US Missile Defense – WIRED 2011

Huawei, Chinese

Technology Giant, Is

Focus of Widening U.S.

Investigation – NY Times

APR17 Flipping Bits in Memory Without

Accessing Them: An Experimental

Study of DRAM Disturbance Errors

- IEEE ISCA 2014

ProjectZero Google 2015

“RowHammer”

A Chip Flaw Strips Away Hacking Protections for Millions of Devices – WIRED FEB17

U.S. Fines ZTE of China $1.19 Billion for Breaching Sanctions – NY Times MAR17

Source: cyber.nj.gov

6Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Spectre / Meltdown

However, Intel has already pulled its Spectre variant 2 patch because it was causing rebooting errors for some Intel-based computer owners, so everyone will remain vulnerable to this flaw for the time being. – Tom’s Hardware

Source: https://www.av-test.org/en/

7Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

System Vulnerabilities:

A Race to the Hardware

Complex Hardware Systems have a large, persistent vulnerability surface

8Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Practical Boundary Conditions:

Tractable Scope

Source: crd.lbl.gov

9Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

How?

Quantitative AnalyticsQuantitative reduction in likelihood

Source: DoD Trusted Systems and Networks (TSN) FEB 13

Trust

Near Mid Far

Measurement, Analysis, & Verification

Taxonomy of Vulnerability

Quantitative Methods for Vulnerability Assessment and Security

Requires Data! …. “Data is the new oil” – Clive Humbly UK Mathematician

10Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

MET

A D

ATA

Integrity IntegrationDisposal

Log

Microelectronics Lifecycle

Model& Sim

PDKs&IP

DesignTools

Design

TestArticles

PCM

Mask Data

FAB

Reliability

Function

Test

Harden

Package

Insert

Monitor

Authen-ticate

Sustain

Where does the data come from?Integrated Circuit Supply Chain

Trusted DataRepository

11Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Disposal Log

Microelectronics Lifecycle

Design FAB Test Insert

Monitor

Authen-ticate

Sustain

Integrated Circuit Supply Chain

12Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Design FAB Test Insert Sustain

Distributed Transition Environment

Putting Tools in Users Hands

13Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

IP

Temporal

Vetted IP

Spatial Physical

Implement

Architecture

Electrical

Function

Location

Tracking Longevity

Supply/BlockChain

2nd OrderAnalysis

ConfidenceTools

Counterfeit

MaliciousContent

Design FAB Test Insert Sustain

Distributed Transition Environment

Multi-Domain Access

14Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Temporal

Vetted IP

Spatial Physical

Implement

IP

Architecture

Electrical

Function

Location

Tracking Longevity

Supply/BlockChain

2nd OrderAnalysis

ConfidenceTools

Counterfeit

MaliciousContent

Design FAB Test Insert Sustain

Distributed Transition Environment

Multi-Domain Access

15Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Design FAB Test Insert Sustain

Distributed Transition Environment

Verification and Validation

16Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Verification & ValidationTools

Design FAB Test Insert Sustain

Distributed Transition Environment

Verification and Validation

17Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Design FAB Test Insert Sustain

DARPA/IARPA

JFAC

Distributed Transition Environment

Identify and Transition

Verification & ValidationTools

18Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Verification & ValidationTools

Design FAB Test Insert Sustain

DARPA/IARPA

JFAC

S&T / R&D

Distributed Transition Environment

Quantitative Risk Assessment Metrics

PF = E(f(XDesign, XFAB, XTest, XInsert, XSustain)

Game Theory

SBIR

Identify and Transition

19Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Verification & ValidationTools

Design FAB Test Insert Sustain

Distributed Transition Environment

Collaborative and Distributed

20Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Verification & ValidationTools

Design FAB Test Insert Sustain

Designer Tester Depot

Sim DataCharacterizationReliabilityMalicious Content Tools

Counterfeit DetectionInsertion LogReliability Info

Logistics

LocationShelf LifeTraceability

Design ToolsIPModel & Sim

Analyst

Threat Vectors

Collaborative and Distributed

21Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Verification & ValidationTools

Design FAB Test Insert Sustain

Multi-Dimensional Perceptivity

22Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Multi-Dimensional Perceptivity

23Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Legacy Chip

Case Example

Legacy Component

24Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Legacy Chip

Case Example

Legacy Component

25Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Legacy Chip

Case Example

Legacy Component

26Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Legacy Chip

Case Example

Legacy Component

27Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Legacy Chip

Case Example

Legacy Component

28Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Analysis Engine

Reliability

Virtual Instruments

Intellectual Property Protection

Design

TRUST &

SCRM

Test

Distributed Transition Environment

National Vision

Distributed Transition EnvironmentIntelligence Reports

29Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Environment Vision

.org

PUBLIC

PUBLIC

PUBLIC

ITAR

ATO

SITE

.com

ITAR RESTRICTED

ITAR RESTRICTED

PUBLIC

ITAR

ATO

SITE

.us

ATO CERTIFIED

ATO CERTIFIED

PUBLIC

ITAR

ATO

SITE

• Non-US Persons OK• Two-Factor

Optional• Target Users

• Academia• Commercial

• US Persons Only (ITAR)

• Two-Factor Required• Target Users

• Contractors• Commercial

• US Persons Only (CUI)• CAC Card or

Equivalent• Target Users

• Government• Contractors

USER accounts valid OUTWARDS.

DATA repositories can be taken INWARDS.

TOOLS can be taken INWARDS.

30Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Distributed Transition Environment

Key Enablers

• Scalable lifecycle environment

• User access to tools and techniques

• Time and version control

– Address State of the Art, State of Practice, and

Legacy and Boutique

• Risk mitigation and assurance through

quantitative analytics and tractable best

practice

31Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

African Proverb

Every morning in Africa, a gazelle wakes up.

It knows it must run faster than the fastest lion or it will be killed

Every morning the lion wakes up.

It knows it must outrun the slowest gazelle or it will starve to death.

It doesn’t matter whether you are a lion of a gazelle.

When the sun comes up, you’d better start running!

32Distribution Statement A. Approved for Public Release; Distribution Unlimited. Case #88ABW-2018-0825

Revolutionary-Relevant-Responsive

Ready!