IEEE Computer Magazine plans an August 2016 special issue on security of hardware and software supply chain.
Design, fabrication, assembly, distribution, system integration, and disposal of today’s electronic components, systems, and software involve multiple untrusted parties. Recent reports demonstrate that this long and globally distributed supply chain is vulnerable to counterfeiting (cloning, overproduction, recycling, etc.) and malicious design modification (such as Trojan attacks). The issues associated with counterfeit components include security and reliability risks to critical systems, profit and reputation loss for intellectual property owners, and the discouragement of innovation in system development. Recent bugs such as Heartbleed have shown that flaws in open source and third-party code can have a tremendous impact, including the leakage of sensitive and personal data.
While awareness in the hardware supply chain has increased in recent years, the scope of the problem has continued to grow and evolve. Data from the Government and Industry Data Exchange Program and Information Handling Services Inc. indicates a sixfold and fourfold increase, respectively, in reported counterfeit components over the last four years. Existing solutions fail to provide adequate protection against supply chain security issues, and many are too intrusive and expensive to be practical for industry use. Most focus on protecting custom digital integrated circuits (ICs) such as processors and field- programmable gate arrays. However, many other large and small electronic systems and components are just as susceptible to recycling, cloning, and tampering, but have not been adequately addressed. Meanwhile, recent reports by the Business Software Alliance highlight the widespread use of unlicensed software in emerging markets, which account for the majority of PCs in use globally. Furthermore, the software distribution model has shifted from purchases made in stores to those made online, creating even more opportunities for hackers to manipulate code and/or spread malware.
This special issue is intended to raise awareness of supply chain issues, highlight new attacks, point out the existing solutions, and encourage fresh protection approaches. It will focus on supply chain security, as well as comprehensive, cost effective, and easy-to-use solutions.
Please direct any correspondence before submission to the guest editors:
Domenic Forte, University of Florida (firstname.lastname@example.org)
Swarup Bhunia, University of Florida (email@example.com)
Ron Perez, Cryptography Research Inc. (firstname.lastname@example.org)
Yongdae Kim, Korea Advanced Institute of Science and Technology (email@example.com)