Supply Chain Security and Integrity Assessment of Legacy Systems and Platforms

C. Aguayo Gonzalez
PFP Cyber, United States

Keywords: integrity, supply chain, device security, air-gapped, AI

Power Fingerprinting (PFP) is an integrity assessment and tampering detection technology, by observing unique patterns in physical side-channels from electronic systems. The PFP dynamic power behavior analytics uses AI to extract patterns in side-channels to detect anomalous behavior. System solutions include self monitoring, detection, remediation and prevention for digital devices. PFP could be deployed as an air-gapped standalone system or embedded uses the on-chip or built-in analog-to-digital converters to collect signals for processing and analytics. PFP’s non-intrusive air-gap solution is ideal for integrity assessment of legacy systems and platforms, from supply chain over the life cycle. PFP could detect in machine time without optional remediation and prevention. It could be added to existing implementation to reduce detection time. Machine learning and AI could be performed embedded, on cloud or on-premise. Use case examples include BIOS/UEFI attacks on Supermicro servers, tampering on VME boards for platforms, Stuxnet on PLCs, FPGAs, routers, MIRAI on IP cameras over PoE, firmware/software attacks and counterfeit hardware. The PFP technology has received 9 issued patents and developed with support from the US Department of Defense, including DARPA, Army, Air Force, as well as support from the NSF, DHS, and DoE.