The Pains of Hardware Security: An Assessment Model of Real-World Hardware Security Attacks

Abstract

From military applications to everyday devices, hardware (HW) security is more relevant than ever before. The supply chain of integrated circuits is global and involves multiple actors, which facilitate the implementation of various attacks. Its complexity increases the attack surfaces, violating not only the privacy of the users or even national security but also endangering human life. We review some of the publicly known HW attacks that have occurred and propose an assessment scheme for the attacks and the defense on hardware. Using this scheme, we relate the costs of attacks and defense and provide a structured landscape of HW attacks. To illustrate the utility of our assessment scheme, we apply it to a number of real-world and synthetic research cases. We observe a gap between the research use cases and the real-world attacks and envision that the comprehensive assessment of the attacks will enable the development of more suitable countermeasures. In addition, we revised the security policies for HW devices, and we conclude that the complexity and obscurity of the supply chain are key parameters impacting HW security, providing attack surfaces. Finally, we identify the demystification of the supply chain as the main strategy to mitigate this problem.