Supply Chain Threats – Test, Provision, and Validation

White Paper, v1.0 April 2022 Author: Matthew Areno, PhD Contents You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel a non-exclusive, royalty-free license to any patent claim thereafter drafted that includes subject matter disclosed herein. No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps. No computer system can be absolutely secure. Copyright © Intel Corporation. All rights reserved. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others Supply Chain Threats – Test, Provision, and Validation White Paper, v1.0 2 Contents Contents ........................................................................................................................................................................................................... 3 1 Introduction ........................................................................................................................................................................................... 5 1.1 Acronyms ...................................................................................................................................................................................... 5 2 Test and Validation Overview ........................................................................................................................................................ 7 2.1 Assembly Completed ............................................................................................................................................................... 7 2.2 Class Testing ................................................................................................................................................................................ 7 2.3 Fusing .............................................................................................................................................................................................. 7 2.4 Manufacturing System Testing ............................................................................................................................................ 8 2.5 Validation ...................................................................................................................................................................................... 8 2.6 Packing/Shipping ....................................................................................................................................................................... 8 3 Protection of Assets ........................................................................................................................................................................... 9 3.1 Cryptographic Key Material ................................................................................................................................................... 9 3.2 Fuse Provisioning .................................................................................................................................................................... 10 3.2.1 Fuse Generation ............................................................................................................................................................. 10 3.2.2 Fuse Handling and Transportation ........................................................................................................................ 11 3.2.3 Fuse Programming ........................................................................................................................................................ 12 3.2.4 On-Device Certificate Authority .............................................................................................................................. 13 4 Threat Model ...................................................................................................................................................................................... 14 4.1 Threat Definitions ................................................................................................................................................................... 15 4.1.1 Inaccurate Production Count .................................................................................................................................... 15 4.1.2 Theft of Unlocked Product ........................................................................................................................................ 15 4.1.3 Falsification of Test Result(s) .................................................................................................................................... 16 4.1.4 Compromise of Test Equipment ............................................................................................................................. 16 4.1.5 Resale of Failed Product(s) ........................................................................................................................................ 16 4.1.6 Unauthorized Disclosure of Test Procedure(s) ................................................................................................. 16 4.1.7 Modification of Fuse Value(s) ................................................................................................................................... 16 4.1.8 Extraction of Unencrypted Fuse(s) ......................................................................................................................... 16 4.1.9 Extraction of Key Material .......................................................................................................................................... 16 4.1.10 Duplication of Fuse Value(s) Between Parts ....................................................................................................... 17 4.1.11 Disclosure of Fuse Map ............................................................................................................................................... 17 4.1.12 Unauthorized Disclosure of Fusing Process ....................................................................................................... 17 4.1.13 Theft of Product(s) ........................................................................................................................................................ 17 4.1.14 Injection of Trojan or Counterfeit Product(s) ..................................................................................................... 17 3 Supply Chain Threats – Test, Provision, and Validation White Paper, v1.0 Contents 5 4.1.15 Disclosure of Shipping Record(s) ............................................................................................................................ 17 4.1.16 Falsification of Shipping Record(s) ......................................................................................................................... 17 Conclusion .......................................................................................................................................................................................... 18 Supply Chain Threats – Test, Provision, and Validation White Paper, v1.0 4 Introduction 1 Introduction Supply Chain security is an area of significant focus and scrutiny today. A number of recent significant attacks against both hardware and software supply chains have further exposed the criticality of understanding the threats posed against manufacturers and providing sufficient mitigations. Understanding and mitigating supply chain threats starts with simply identifying the threats. The purpose of this document is to further expand on prior work and dive into the testing, provisioning, and validation phases. These phases represent potentially the most significant threat against products as they are often conducted, at least in part, by external organizations. Without an understanding of all the known threats currently present, it would be impossible to make any assertions regarding the overall security of products and their associated supply chain. As there is no singular process for these stages of