Identity Based Lifecycle Management for a Trusted IoT Supply Chain
- 1. Identity Based Lifecycle Management for a Trusted IoT Supply Chain IoT Device Security Summit October 30th, 2018 Tom Katsioulas Unrestricted © 2018 - New Ventures Group of Mentor, a Siemens Business Realize Innovation
- 2. Page 2 Smart-Connected Product Supplier Economics *Source: Harvard Business Review • No traceability or configurability • High OPEX, low differentiation Old Supplier Product Variants Supply Chain & Field Use Established Connected Devices Evolving Connected Devices Emerging Connected Devices • Better visibility on product field use • Remote lifecycle management • Reduced support costs and RMAs • Lower OPEX, higher differentiation • New services and business models • Trust, security and safety issues Smart Connected Supplier* Managed Products Field Usage Analytics Managed Device Lifecycle
- 3. Page 3 Device Lifecycle Security & Trust in Digital Supply Chain Can we trust a system and its parts from multiple suppliers in the supply chain? Gray MarketOverproduction Counterfeits Hacks/MalwareTrojans/Clones DDoS AttacksReverse Eng. Tampered Dev. System TestCard TestFinal Test Self TestProbe TestFunctional Test Wafer Chip PCB Device End ProductIC Design ECU OnboardingKey Injection CM (EMS)OEMOSATFoundry Field UseDistributorChip Maker Merchant
- 4. Page 4 Classic Hacks Traced to Supply Chain Issues The roots of security issues lie in the structure of the electronics industry at large HW + SW from XiongMai exploited to create the massive Mirai botnet The Big Hack Supermicro Bloomberg animation showing the alleged malicious component in the Supermicro server motherboards positioned between the SOIC-16 SPI flash chip and the BMC. Mirai botnet Xiongmai
- 5. Page 5 Design Tape-Out Manufacturing Package & Test Provisioning Assembly Distribution Channels Lack of Traceability from Chip to Cloud Untrusted Supply Chain Impossible to trace the chain of business liability when a security beach occurs Apps Updates RMA Debug Recycling Hardware Upgrades Device Control Analytics Onboarding Firmware Updates Lifecycle Management Untrusted Field Use
- 6. Page 6 Charter of Trust and the Digital Supply Chain Trusted identity and provenance are key for accountability* in the supply chain www.charter-of-trust.com *Source IDC: European IoT Security Why the IoT Supply Chain of Trust Matters Authentication Identity Provenance Accountability* OCM ODM OEM
- 7. Page 7 Identity-based Lifecycle Management System DesignIC Design Fab - OSAT Distribution Assembly Delivery OperatingOnboarding Recycling • Establish Accountability &Trust • Enable Identity-driven Services • Improve Quality, Security, Safety Configurability - ProvisioningTraceability - Monitoring • Enable Onboarding & Personalization • Provide OTA Updates & Manage RMAs • Drive Higher Value Business Models Field Use: Applications & ServicesSemiconductor Supply Chain Device Supply Chain ECU Identity Provenance OCM - Chip ODM - Device OEM - System ODMs - OEMs OperatorsIC Suppliers Trusted Infrastructure & Partnerships Needed
- 8. Page 8 Identity is Key for Enabling Chain of Trust Inborn identity coupled with traceability infrastructure and trusted value chain TPM Identity *Trusted Platform Module • Simple PCB Device ID • BOM Cost (Extra ASIC) • IC can be compromised • No Chip Traceability Inserted Identity *Fused or Injected Secret • ID Embedded in Chip • Trusted Execution Env • Can be tampered/cloned • No Parts Traceability Inborn Identity *No Secret at Rest (power-off) • ID from Mfg process • TEE and Secure Enclave • Physically Unclonable • PCB Can Be Hacked Unified Identity *ID linked to Ownership (PO) • Derived ID from all ICs • ID factoring BOM in PCB • Certified Device & Parts • Trusted Suppliers Links PCB Layout IC Enrollment & Trusted Device Onboarding ODMs - OEMs Operators IC Suppliers + Trusted Partners
- 9. Page 9 Identity Enables a Trusted IoT Value Chain Ecosystem Enablement Authentication, Provisioning, … Connectivity, & Device Management Firmware, Protocols, Applications,… Data & Lifecycle Management Field Operations & Services Supply Chain Configurability (Provisioning) Client Embedded Systems Identity Trusted Server AuthenticationEnrollment Trusted Device Onboarding Late Binding & Key Mgmt. Supply Chain Traceability (Distributed Trust Exchange) RTOS
- 10. Page 10 Trusted Server Identity Enables Trusted Lifecycle Services System DesignIC Design Fab - OSAT Distribution Assembly Delivery Apps Updates RMA Debug Hardware Upgrades Device Control Analytics Firmware Updates OperatingOnboarding Recycling Services • Chip Authentication • Chip Feature Provisioning • Chip Authenticity Certification • Key injection (Untrusted Facility) • Firmware Injection (Untrusted Facility) • Generic Data Injection / Extraction • Identity-driven Device Onboarding • OTA Firmware and App Updates • RMA Debug (incl. IC Access Grant) Chip ID Device ID Equipment ID IoT Platforms Cloud Services ODMs - OEMs OperatorsIC Suppliers Traceability - Monitoring Configurability - Provisioning Enrollment
- 11. Page 11 Use Cases - Key & Feature Provisioning One SKU product supporting many standards provisioned on delivery Multi Market Product Product performance can be increased Battery life can be extended (ala Tesla) RMAs can be diagnosed even inside chip Compromised systems can be disabled Ease adoption of new products/services Reduce recalls with in-field diagnostics Enable Hardware-as-a-Service business Deactivate stolen/unauthorized products Offer differing charging speeds, distance and tracking service Electric Bike Offer differing ranges (higher power GPS) & contract duration Pet Tracker Remote Provisioning Value Courtesy of GLOBALFOUNRIES and Siemens-Mentor
- 12. Page 12 Example - Automotive Supply Chain Challenges • 7,000 semiconductor ICs on a premium car • 1ppm failure rate = 7 failures for 1,000 cars • 4,000 cars build per day = 1 failure per hour* • Production failures plus electronics failures Quality & Reliability Security & Safety Securing Edge to Cloud Connectivity • Many publicized hacks, millions of recalls • Vulnerabilities from 100s of ECUs per car • Gray market, clones, or counterfeit ICs • Gb of data / day / car can be compromised • Supply Chain Security - Authorized Distributors - Continuity of Supply • Counterfeit Chips in - ECUs & ABS Systems - Airbag& Cruise control • Over the Air Updates - Firmware Changes - Keys and Certificates Source: Automotive Megatrends, Challenges and Solutions , SEMICON Europa 2015, Dresden
- 13. Page 13 Root cause on supply chain intrusions or system RMAs take months to detect and fix IC Supplier IC Design Chip IDs Test Logs CM (EMS)OEM/ODMOSATFoundry Field UseDistributor Traceability + Authenticity? Example - Automotive Supply Chain Quality & Trust Issues Parts Tests Wafer 1 Wafer 2 Field Performance System TestPCB TestFinal Test Self TestKey InjectionProbe Test Gray MarketsOverproduction Counterfeits Hacks/MalwareIP Theft DDoS AttacksReverse Engineering
- 14. Page 14 Traceability Supply Chain Analytics Configurability Provisioning and Updates IC Design • Engineering • Operations • Production • Procurement • Accounting Chain of Custody Distributed Ledger Supply Chain Monitoring and Certification Chip IDs Test Logs System TestPCB TestFinal Test Self TestKey Injection CM (EMS)OEM/ODMOSATFoundry Field UseDistributor Traceability + Authenticity? Trusted Protocol Example - Automotive Supply Chain End-to-End Solution Parts Tests Wafer 1 Wafer 2 Field Performance Predict Field Performance Trace where issue occurred Probe Test Ops SKU Db Test Logs Test Logs BOM + Test IoT PlatformsOps SKU DbInject Logs IC Supplier Trusted Services Enrollment
- 15. Page 15 The Digital Thread and Digital Twin The Digital Thread ties all of your data together, from requirements through design all the way to manufacturing and the field. We start with this, as an enabler for the Digital Twin The Digital Twin allows us to simulate the entire supply chain, from requirements collection and design to factory layout, capacity, scheduling, processing, manufacturing and the field.
- 16. Page 16 Use Cases - Supply Chain Traceability Why Did the Part Fail? Which IP Contributed to Failure? Pre-Launch ATE Production ATE Why Production ATE did not work as expected? Can we use ML* Process/Defect Characterization? *ML: Machine Learning
- 17. Page 17 Economic Incentive for Trusted IoT Supply Chain Value Chip suppliers ODMs/OEMs App/Service Providers • Reduce Production Cost • Track/Provision SKUs in Field • Prevent IP Theft and Clones Enroll - Monitor - Provision • Bind Apps to Chip Root of Trust • Authenticate Device, not User • Secure Content and Payments Safeguard Users, Applications, Data • Automate Device Onboarding • Track/Update Devices in Field • Enable Remote Debug & PLM Monitor - Provision - Personalize Configurability Higher Value Business ModelsTraceability Higher Trust, Quality, Safety Hardware as a Service
- 18. Page 18 Summary - Trusted Alliances in the IoT Value Chain • IDMs and Pure Foundries • Chip/OEM/ODM Suppliers • Contract Manufacturers • Chip & Device Distributors • End Application Providers • Operators & Service Providers Trust will evolve through “round and round we go” business relationships Circle of Trust