The semiconductor industry is constantly striving to improve the performance, reliability, and cost of electronic devices. The growing complexity in the design process of microelectronics coupled with the requirement of significant investment in research and development means that there is hardly any entity in the industry that is capable of acquiring the state-of-the-art technologies for all facets of the development process across myriad niche device technologies. Therefore, for economic and practical reasons, the modern electronic supply chain relies on several different vendors that specialize in a specific area of the design and fabrication process. From a security perspective, this distributed manufacturing process violates the trust of the underlying hardware as any entity in the supply chain could maliciously modify the design. This poses a significant concern, especially for government, military applications, and consumer electronic products handling private and critical data during the acquisition of untrusted microelectronic designs and components. Hence, trust has emerged as a crucial constraint that the various steps in the microelectronic manufacturing process should consider in order to ensure that no malicious functionality exists in the hardware. In the last decade, several works have proposed steps both to establish and verify trust in microelectronics. However, not all threat models are adequately covered, and the solutions are pertinent to a limited category of devices. In this article, we present the challenges in establishing trust in today’s distributed supply chain environment by discussing the attack models at each step of the manufacturing process. We also shed light on the existing solutions that try to address these threats and discuss their limitations. Finally, we elaborate on one of the existing supply chain standards where trust verification is still infeasible and identify avenues for future research.
++