Light-Weight Security Protocol and Data Model for Chip-to-Chip Zero-Trust

Ashfaq Ahmed; Abdulhadi Shoufan; Kais Belwafi

doi:10.1109/ACCESS.2023.3285630

Light-Weight Security Protocol and Data Model for Chip-to-Chip Zero-Trust

Research output: Contribution to journal › Article › peer-review

6 Scopus citations

Abstract

The semiconductor supply chain is vulnerable to multiple security attacks, such as hardware Trojan injection, intellectual property theft, and overproduction. The notion of zero-trust (ZT)- never trust, always verify- offers a promising opportunity for chip security by authenticating integrated circuits (ICs) when they are connected to critical computing systems. Before exchanging any data, the system establishes trust with the chip using industry security protocols. In this paper, we propose using the secure protocol and data model (SPDM) to establish chip-to-chip (C2C)- ZT communications. Furthermore, we present formal models for this solution and verify these models using state-of-the-art formal verification tools. The results show that the SPDM meets the requirements of the ZT architecture and can be used as a foundation for secure C2C interconnection.

Original language	British English
Pages (from-to)	60335-60348
Number of pages	14
Journal	IEEE Access
Volume	11
DOIs	https://doi.org/10.1109/ACCESS.2023.3285630
State	Published - 2023

Keywords

automatic verification of internet security protocols and applications (AVISPA)
formal verification (FV)
Secure protocol and data model (SPDM)
secure protocol animator (SPAN)

Access to Document

10.1109/ACCESS.2023.3285630

Cite this

@article{3d66ef6c407d457da7e9aa0789e67f61,

title = "Light-Weight Security Protocol and Data Model for Chip-to-Chip Zero-Trust",

abstract = "The semiconductor supply chain is vulnerable to multiple security attacks, such as hardware Trojan injection, intellectual property theft, and overproduction. The notion of zero-trust (ZT)- never trust, always verify- offers a promising opportunity for chip security by authenticating integrated circuits (ICs) when they are connected to critical computing systems. Before exchanging any data, the system establishes trust with the chip using industry security protocols. In this paper, we propose using the secure protocol and data model (SPDM) to establish chip-to-chip (C2C)- ZT communications. Furthermore, we present formal models for this solution and verify these models using state-of-the-art formal verification tools. The results show that the SPDM meets the requirements of the ZT architecture and can be used as a foundation for secure C2C interconnection.",

keywords = "automatic verification of internet security protocols and applications (AVISPA), formal verification (FV), Secure protocol and data model (SPDM), secure protocol animator (SPAN)",

author = "Ashfaq Ahmed and Abdulhadi Shoufan and Kais Belwafi",

note = "Publisher Copyright: {\textcopyright} 2013 IEEE.",

year = "2023",

doi = "10.1109/ACCESS.2023.3285630",

language = "British English",

volume = "11",

pages = "60335--60348",

journal = "IEEE Access",

issn = "2169-3536",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Light-Weight Security Protocol and Data Model for Chip-to-Chip Zero-Trust

AU - Ahmed, Ashfaq

AU - Shoufan, Abdulhadi

AU - Belwafi, Kais

PY - 2023

Y1 - 2023

N2 - The semiconductor supply chain is vulnerable to multiple security attacks, such as hardware Trojan injection, intellectual property theft, and overproduction. The notion of zero-trust (ZT)- never trust, always verify- offers a promising opportunity for chip security by authenticating integrated circuits (ICs) when they are connected to critical computing systems. Before exchanging any data, the system establishes trust with the chip using industry security protocols. In this paper, we propose using the secure protocol and data model (SPDM) to establish chip-to-chip (C2C)- ZT communications. Furthermore, we present formal models for this solution and verify these models using state-of-the-art formal verification tools. The results show that the SPDM meets the requirements of the ZT architecture and can be used as a foundation for secure C2C interconnection.

AB - The semiconductor supply chain is vulnerable to multiple security attacks, such as hardware Trojan injection, intellectual property theft, and overproduction. The notion of zero-trust (ZT)- never trust, always verify- offers a promising opportunity for chip security by authenticating integrated circuits (ICs) when they are connected to critical computing systems. Before exchanging any data, the system establishes trust with the chip using industry security protocols. In this paper, we propose using the secure protocol and data model (SPDM) to establish chip-to-chip (C2C)- ZT communications. Furthermore, we present formal models for this solution and verify these models using state-of-the-art formal verification tools. The results show that the SPDM meets the requirements of the ZT architecture and can be used as a foundation for secure C2C interconnection.

KW - automatic verification of internet security protocols and applications (AVISPA)

KW - formal verification (FV)

KW - Secure protocol and data model (SPDM)

KW - secure protocol animator (SPAN)

UR - https://www.scopus.com/pages/publications/85163222868

U2 - 10.1109/ACCESS.2023.3285630

DO - 10.1109/ACCESS.2023.3285630

M3 - Article

AN - SCOPUS:85163222868

SN - 2169-3536

VL - 11

SP - 60335

EP - 60348

JO - IEEE Access

JF - IEEE Access

ER -

Light-Weight Security Protocol and Data Model for Chip-to-Chip Zero-Trust

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this