Biblio

The topic of security risk on the global supply chain is a vast one, as it incorporates various sub topics which are hived under the bigger picture of supply chain. For this study, we focused on hardware-based security risks which are caused by implanting a tiny chip on the original motherboard architecture, during manufacturing or while in transit. This paper examined the various hardware attack detection methods- mainly on destructive and non-destructive methods of hardware-based error detection. The destructive detection methods is extremely difficult to implement as it often requires a physical presence to inspect the device during the manufacturing and/or transition process. Despite this fact, we tried to detect abnormal activities of hardware components through non-destructive method by building a custom code using JSensor - a high performance sensor network simulator developed with a Java programming language. To monitor the hardware, we set a scheduler to gather the required information (example: every one or two hours during off-peak hours) so as to identify similarities and differences of the resources used in the computer systems. Besides CPU loads, CPU speed/clock rate has also been retrieved by using JSensors and Oracle Java Standard. By default, the size of configuration file does not automatically change. We deliberately altered the size and run the JSensors code which was scheduled to run for every three seconds and we were able to detect it as JSensor flagged the alteration which we deliberately made. Therefore, we concluded that besides monitoring hardware sensors for suspicious activities, checking an important file whose size should remain unchanged is an effective method of monitoring critical systems within a given organization. The paper also identifies the major hardware-based attack vectors on the supply chain, targeting various organizations. We concluded by making suggestions on how hardware-based supply chain risks could be mitigated and/or eliminated through future efforts.