[Keynote] Supply Chain Integrity: A Fabless Manufacturing Perspective

2:30 pm - 2:55 pm

System on Chip (SoC) semiconductor security assurance cannot be achieved by design-time protections alone. In a fabless semiconductor model, outsourced and offshore manufacturing introduces high product integrity risk. Supplychain assurance must be treated as a firstclass security problem alongside boot, runtime, and debug security methods. Any weakness in the global semiconductor supply chain can undermine all other SoC security controls. Even wellsecured designs are vulnerable if attackers can bypass protections during design, fabrication, assembly, test, or distribution.  

Loss of control due to outsourced and offshore manufacturing brings insider threats across design and manufacturing partners and makes available exposure of sensitive IP through test programs, and other debug capabilities. To address these risks, the presentation proposes a manufacturing integrity framework built on existing semiconductor quality and IPprotection practices.The framework can is intended to provide a baseline intended to support higherassurance security use cases, including some government needs. As part of the integrity framework, an informal, actuarialstyle threat analysis is introduced to prioritize the implementation of semiconductor supply chain mitigations.   

Featured Speakers

Dan O'Loughlin

Dan O'Loughlin

Vice President, Engineering, Qualcomm

Over the last thirteen years, Dan O’Loughlin has provided System on Chip (SoC) Hardware (HW) and Intellectual Property (IP) security leadership across Mobile, Compute, Auto and IoT Business Units at Qualcomm Technologies Inc. Today, Dan's HW Security leadership role spans global System on Chip Security Research and Development teams across Engineering, Architecture and Security Evaluation domains at Qualcomm.   

Prior to Qualcomm, Dan held security leadership roles at Cryptography Research Inc./Rambus, where he worked on security silicon IP, software and infrastructure, and Certicom/Blackberry, where he led hardware security development teams in the U.S. and Canada. Before entering the Security domain, Dan served in various roles in semiconductor design and software engineeringspecializing in signal processing and multimedia applications.