The integrated circuits (ICs) that underpin critical systems in modern society are produced by a global supply chain that involves a variety of actors in many countries. Some of the actors are trusted, but others are not. Untrusted actors give rise to supply chain threats such as counterfeit ICs of uncertain quality or the possibility of malicious changes to the function of ICs. To secure electronic systems in defense, critical infrastructure, and healthcare, it is increasingly important to secure the global IC supply chain. This research project pursues new strategies for securing ICs against supply chain threats. This research explores a new framework for supply chain security organized around three main thrusts. The first thrust explores application-specific designs with post-fabrication programmability to prevent targeted Trojan insertion by an untrusted foundry. The second thrust of the work addresses the design side of the supply chain, and seeks new formal abstractions for reasoning about, and protecting against, entire classes of malicious circuit modifications. The third thrust addresses the distribution side of the supply chain with a low-cost authentication technique to verify the provenance of packaged ICs. This research project has the potential to positively impact national security and well-being of individuals by helping to keep malicious parts out of critical systems such as defense aircraft and medical devices. The work supports economic competitiveness of US semiconductor companies by trying to prevent billions of dollars in annual losses from counterfeits. The project supports cybersecurity education through a variety of contest-based learning activities, and through a supply chain testbed for lab courses that supports both education and research. Public data, tools, and design artifacts associated with this project will be made publicly available through the completion of the project at https://github.com/danholcomb/supply-chain-security.
CAREER: Supply Chain Security for Integrated Circuits