Supply chain vulnerabilities, hardware attacks, and communications hacks are rife. Autonomous technology poses extra threats.
Supply chain and hardware security vulnerabilities affect all industries, but they pose additional risks for the defense sector. Over-manufacturing and re-manufacturing allow chips from friendly nations to end up in the weapons of adversaries. And side-channel attacks such as power analysis or fault injection, as well as internet-based distributed denial of service (DDoS) attacks, provide a means to steal sensitive data or interfere with critical infrastructure.
While software security has a long tradition, hardware security remains spotty and confusing, and it’s only getting more so as chips are disaggregated into chiplets and connected to each other inside of advanced packages. The goal of the CHIPS Act was to ensure a domestic supply of chips to shore up national security and, before that, the U.S. Department of Defense’s Trusted Foundry program was designed to ensure the security of advanced chips made in Taiwan, Korea, or elsewhere. The current approach is a Zero Trust Environment.
“When you get the chip back, did someone mess with it? said Marc Swinnen, director of product marketing at Ansys. Was something added or changed? And how can you tell? One of the things you can do at the design stage is say, ‘If this chip is working, this should be the power ripple. This should be the thermal signature.’ They want these signatures to be able to verify that the chip they get back is actually the chip they designed and nothing more, nothing less. But that’s a tough problem. That’s where I see the security for the military evolving beyond commercial cybersecurity to hardware security.”
The threats are only growing. An adversary can get hold of a piece of technology and strip it down to its components, then physically attack those systems. “There’s probably on the order of about two dozen different types of physical attacks once an adversary has the microelectronic system in their lab powered up,” said Scott Best, senior director of silicon security products at Rambus. “They’ve got oscilloscopes and signal generators and probe stations. They’ve got a fully equipped penetration lab, and can do fully informed pen-testing attacks on a piece of microelectronics. How secure it is in that environment is different than how secure it might be in a cybersecurity environment where it’s cloud connected. The types of attacks that you can initiate against those systems are also different.”
The U.S. defense and automotive industries are also very concerned about over-manufacturing.
“If you are making a totally authentic SoC that’s going into an automobile system, and you send your order to the foundry that you need 10 million parts produced, and they start the wafer run to create 10 million chips, who’s to say they’re not making 11 million and selling 1 million extra?” Best said. “10 million go out the front door, but 1 million go out the back door. How do you prevent that and assure the authentic OEM that it’s not happening?”
Cloning is a related concern. For example, in the commercial sector, hackers break through the chip inside the ink cartridge that connects to a printer. Then, they produce compatible chips for major printer companies. “If you can steal keys that are inside of that by fault injection attacks or by power analysis, then you can start selling compatible ink around the world and have access to the $50 billion ink cartridge market,” Best said. “And it is all perfectly legal. It’s just the state of play, and this is happening in a space or military context as well.”
Re-manufacturing is another potential threat. Chips that have been fielded in a system can be recovered, re-manufactured, and put into a new system.
“In this situation, the system is working, but it’s working with silicon that was taken from a system that was supposed to have been end-of-life,” he said. “Defense, automotive, and a lot of commercial verticals are very concerned about how to prevent over-manufacturing and re-manufacturing, if not just the naked cloning that printer OEMs were worried about. Some of these state-of-the-art SoCs are so large and so complex that there are only one or two foundries in the world that can even manufacture them. They’re too difficult to clone, so the adversaries have to — and I hesitantly use the word ‘steal’ — come up with compatible solutions in different and clever ways, including over-manufacturing and re-manufacturing.”
Further, it’s possible that countries such as Russia are buying new U.S. chips through back-door trade routes that skirt export controls, but re-manufacturing also is a likely source. For example, a chip intended for a commercial router or modem product could be redeployed in an unmanned aerial vehicle. “The engineers could recognize the chip in that box is exactly what they need, buy 500 modems, take those systems apart and then redeploy the Wi-Fi chip to do exactly what they need it to do,” Best said.
While there are supply chain countermeasures to prevent chips being reactivated in a different product, implementing them often comes down to cost. “You can control when a chip is deployed into a system that it is only authorized to work in that system and, cryptographically, it can tell when it’s been moved to a different system,” said Best. “But at the scale of manufacture that a lot of these chips go to, everything is expensive. Even if it’s just a 1% increase in cost, eventually that’s somebody’s decision to make that financial investment. It’s not an engineering or technical decision anymore. It comes down to a financial decision at some point. And that often is a negotiation that happens in the security business.”
By comparison to commercial industry, the defense sector is taking on more of this security on a program-by-program basis as it’s required, said Charlie Schadewitz, vice president for aerospace and defense at Cadence. “You can see that the typical volumes aren’t as high as commercial, so the penalty in cost of the microelectronics isn’t as great. And it’s paid for by the government.”
Security by design
No matter the sector or who is paying, security must be designed in. “I can’t design something and then make it secure,” said James Chew, senior global group director for aerospace and defense at Cadence. “If you have a hardware-accurate digital twin to design, we can now simulate attacks. And you could say, ‘What are some likely attack vectors?’ Then, because it’s still in the design phase, you can do things to either mitigate the effects or mitigate the likelihood of that happening. But you’re not going to get it all. There are armies of people now trying to figure out how to hack chips and systems, so we need armies of people on our side. The hardware-accurate digital twins also trying to figure out how they can hack it, and what we can do about it.”
Fig. 1: Hardware-accurate digital twins in AD concept. Source: Cadence
AI and autonomous tech
New attack vectors are being created at a rapid pace. Generative AI, large language models, and autonomous technology are being integrated into weapons, jets, ground vehicles, unmanned aerial vehicles, drones, and even robo-dogs.
“There are a lot of moving parts to solving for that, and a lot of it is because AI as a tool is fantastic at synthesizing pattern recognition,” said Rambus’ Best. “From very obscure amounts of data, if it’s trained specifically for that type of data set, it can glean information very quickly. It can look at X-rays and be trained for more effective diagnosis. It can look at very rapid camera images and come up with targeting solutions. It can look at the power supply consumption of a chip being analyzed and quickly come up with what might be the geographic secret key that’s being used during that computation. All three of those examples are just questions of signal to noise ratio. With enough data, AI can perform remarkable computational tasks. This means at times, it is absolutely a feature that you want in your system, and you need to secure its operation to make sure that the adversary who goes out and purchases the system or captures one on the battlefield cannot reverse engineer the AI model and benefit from what they could learn by getting access to the AI model.”
At the same time, systems need to be built to be more resilient against AI-directed physical attacks against microelectronic systems.
“AI becomes this large tool in the toolbox, and the entire microelectronics community is still coming to terms with how to wield this tool, both in a feature sense that we incorporate in our systems, and how to defend against it if it’s being used against us by an adversary,” said Best. “There are panels at most conferences that I attend where they ask, ‘What is the nature of security and cybersecurity in the post-AI generation,’ because that’s different than what it was in the human generation.”
This is a topical issue with no easy answers. Helmut Puchner, vice president and fellow of aerospace and defense at Infineon Technologies recalled attending a conference in Detroit about 10 years ago at which autonomy was discussed. “A speaker said, ‘We have all the technology we need, basically, to do autonomy right now. Here’s the problem. We are afraid of security.’”
Security becomes even more complicated when considering whether defense technology should have human oversight, similar to advanced driver-assistance systems versus autonomous vehicles.
“Is it going to get to a point where an autonomous weapon will be put in charge and just linked up to these systems, with no people in the chain? “That’s probably a political question, more than a technological question,” said Puchner. “The technology exists today, but it’s got to be weighed against the ethics of whether we want computers making decisions as to who lives and who dies, as well as the security aspect of when I have this weapon, what’s the risk of it being turned back against me?”
According to Ansys, there are four reasons for accelerating adoption of autonomous tech in the A&D industry:
For example, Pennsylvania State University engineers recently developed a two-drone system with 3D mapping technology to assist first responders in indoor searches.
Fig. 2: Autonomous drone. Source: Ansys
A comparatively established tool is network-centric warfare, but that still has room for improvement. “We have a network of sensors that can tell us where things are and give us an idea what the target is. This allows us to assign the right weapon system and have devastating effects on a target,” said Cadence’s Chew. “We’ve already been doing that. Network-centric warfare takes that extra step of saying, ‘Why not apply commercial best practices in the design of the new stuff, and also some of the old stuff?’ That will expand the effectiveness of network-centric warfare because, rather than have to deal with devices that were built in the ’70s and ’80s, you can get them up to a certain standard so that communication and verification can happen that much quicker.”
Communications, data, and encryption
Communications systems and critical infrastructure are a frequent target for aero, defense, and government sectors, and this includes satellites. The European Union Agency for Cybersecurity recently published a guide to securing commercial satellite operations, noting that cyberattacks could rise due to software-defined satellites, off-the-shelf and open-source hardware and software components, or quantum technologies.
And like automotive design, aerospace security is covered under FMEA (failure mode and effects analysis) and TARA (threat analysis and risk assessment), in which risks are evaluated, so that mitigations can be made.
“We have to do safety and penetration testing to understand what is going on in the chip,” said Varadan Veeravalli, principal functional safety engineer at Imagination Technologies. “We want to make the IP or SoC secure and ensure that no one corrupts any data. If some parameters are corrupted, or long parameters are set, this could lead to a hazardous situation that may not be predicted. We also check the assurance and representations levels for the hardware, and then, based on that, we provide some mechanisms for it. In general, we would have to develop encryptions, encrypt the software, encrypt the data.”
In terms of a hardware attack on a satellite or other physical space infrastructure, the good news is, the distance may make it difficult. “If you’re 35,000 kilometers away, it’s not easy to spoof a satellite with electromagnetic fields, said Infineon’s Puchner.
However, attacks on satellite internet or ethernet are possible, and communications applications are ever growing in space. For example, AST SpaceMobile and Cadence recently collaborated on a space-based global cellular broadband network.
“People will start using the same technologies that we have developed on ground in space as well,” said Puchner. “Ethernet is coming, because you have a mesh network like Starlink, which is about 8,000 satellites. You can consider them as routers. They need to talk to each other so the protocol you might need is Ethernet, but is Ethernet safe on the ground? I don’t think so because every packet can be inspected [by bad actors] with the right technology, and they can figure out what the content of the packet is and where it’s going.”
Even if it’s encrypted with SHA-256 or similar, it could be hacked. “We’re dealing here with the communication interface that can be hacked and can be spoofed,” said Puchner. “The radio waves are in the three gigahertz range, so anything can be detected and collected. The angle of incidence of some of those antennas are really big, so as a component supplier, we see more and more components memories where we offer embedded security. That means encryption, hardware encryption, where we have an encryption IP block on our chip that you can use to encrypt your data, instead of a soft encryption that can be hacked or attacked.”
Data transfer also needs protection — the data types from memory to the processor including the transmission line.
“This is new, because you could send the data out in your input/output pins, they go into the circuit, and then they go into the processor,” Puchner said. “Now we’re sending the data plus the error correction code, so that the processor, when it receives the data and there was really an error on the line, can reconstruct the data correctly. This is end-to-end error correction. There are also handshakes and security built in, so we are authorizing only one processor to talk to one memory, and they’re unique. The way to do it is by using physically unclonable functions (PUFs).”
Another aspect of security that typically people do not consider is segregation within a project. “Satellites have multiple prime contractors delivering components and they are relatively reluctant to open up and share all of the secret sauce to their competitors, because one time they work together, next time they’re competitors,” he said. “So encryption is an important security measure to protect your content.”
Even digital twins or manufacturing blueprints and records could be subject to attack.
“The key difference between commercial and defense is that, because they keep their records around much longer, they’ve got the challenge that they are responsible for the maintenance statement and monetization,” said Cadence’s Chew. “Having that data is not a bad thing, especially when we see the amount of consolidation that’s happened in the defense industrial base to about five or six major primes, and all those other sub-tier contractors that were supplying components to those other primes that were absorbed by the big six, and now who knows what happened to that data. So, the way you cut it, it’s a good thing to have that data. And, yes, we’re going to have to figure out a way how to secure it. The government seems to be pretty good at that type of stuff, but [the amount of data] is just a fallout of how things are done in aerospace and defense.”
The biggest emerging trend is post-quantum cryptography, and the government and defense sectors are key players in finding solutions, said Rambus’ Best.
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released finalized post-quantum encryption standards in 2024. And in 2023 the National Security Agency published a joint Cybersecurity Information Sheet, “Quantum-Readiness: Migration to Post-Quantum Cryptography,” to help the Department of Defense, National Security System owners, the Defense Industrial Base, and others.
“There is a large effort to deploy microelectronic systems that utilize these quantum safe cryptographic protocols as quickly as possible, both for securing connectivity and securing authenticity of everything software related to avoid a potential disaster in which a cryptographically relevant quantum computer in the hands of a geopolitical adversary becomes a weapon of mass destruction,” said Best. “Nobody wants that future to happen, so we have to solve it with math and cryptography, and that effort is full steam ahead in the defense-facing markets. There’s a very rapid adoption of those new protocols.”
Meanwhile, DARPA launched its Quantum Benchmarking Initiative, a program to develop robust quantum sensors, and a program to secure information for encrypted verification and evaluation, among many others.
Conclusion
The global defense sector is fighting on all fronts, from armed combat with drones to hardware attacks and the hacking of communications infrastructure and data. Solutions are manifold and evolving every day, while research about how to keep up with security demands continues.
Related Reading
https://semiengineering.com/as-eda-processes-becomes-more-secure-so-do-chips/
https://semiengineering.com/defining-chip-threat-models-to-determining-security-risks/
https://semiengineering.com/temperature-a-growing-concern-for-chip-security-experts/
https://semiengineering.com/data-center-security-issues-widen/
https://semiengineering.com/v2x-security-is-multifaceted-and-not-all-there/
https://semiengineering.com/how-secure-are-fpgas/
https://semiengineering.com/security-becoming-core-part-of-chip-design/
https://semiengineering.com/the-threat-of-supply-chain-insecurity/
https://semiengineering.com/data-leakage-becoming-bigger-issue-for-chipmakers/
https://semiengineering.com/chiplet-security-risks-underestimated/
https://semiengineering.com/whats-required-to-secure-chips/
 |
 |
 |
 |
 |
 |
 |
Leave a Reply