Supply Chain Security in Quantum Computing
Supply chain security is concerned with security threats and attacks that may occur, or may be initiated, during manufacturing, assembly, and delivery of electronic components from different vendors. Quantum computers, like classical computers, are not made fully by one company, but require components from different vendors. Any maliciously modified component from one of the vendors could be a source of a security threat or attack. This newsletter article explores potential supply chain security issues in quantum computing, highlighting both similarities and differences to classical computer supply chain security.
Supply Chain Security Threats
One of the large areas of computer hardware security research is concerned with supply chain security. Typically, the security threats and attacks considered in this area focus on malicious modifications to the hardware provided by external vendors. In parallel, supply chain issues can affect software as well, where a malicious modification to the software provided by external vendors could be a source of security attacks. Most often, a particular vendor would not be considered wholly malicious, since if they were then clearly electronic or software components should not be sourced from them. Instead, two common threats considered are undesired modifications due to malicious insiders or due to pressure from foreign government.
The main supply chain treat is that the hardware, or software, maybe modified to insert undesired functionality, i.e. a Trojan. The Trojans usually have a so-called payload, which is executed by the Trojan. The payload can be triggered on a specific event, specific input, or it could be triggered at specific time, a specific wall-clock time or after some time the device has been operating. Trojans typically are designed to have a very specific trigger event, which would not be caught during testing or verification of the design. The Trojans can be parts of digital circuits, but they could also be in the analog components or even at the silicon level. The payload executed by the Trojan may be used to bypass or disable security checks, to leak secrets, or to cause intentional damage to the device, among others. At the digital level, disabling security checks could be done by Trojan that modifies register values holding the permissions of a software. Leaking secrets could be done at the digital level by, for example, disabling encryption, or it could be done at the analog level by consuming more power during certain computations so it is easier to perform side-channel attacks later. Performing intentional damage could be easily done by creating short circuits or burning a lot of power with power waster circuits. In addition, other interesting Trojans could degrade true random number generation modules, so that cryptographic keys derived by the system are not very random.
Other supply chain threats include re-selling recycled or used components. These components may have passed their lifetime and may not be as reliable. Selling of counterfeit components is a related issue, where the components sold are not made by genuine manufacturer, and as result may also not be as reliable. In these cases, there is no malicious modification inserted into the design, but rather it is old or counterfeit component that is sold, leading to potential damage as the device may fail early or may fail when stressed under conditions that genuine device should withstand, but that the counterfeit one does not.
A related topic considered in supply chain security is an external vendor stealing a design. When manufacturing is outsourced to an external vendor, they may attempt to copy the design (e.g. to make the counterfeit parts or to over-produce parts). Research on logic locking and split manufacturing explores how to prevent some of these threats. For example, split manufacturing aims to prevent vendors from learning the hardware design by splitting it into two parts, one made at an untrusted foundry and another made at a trusted foundry.
One limitation, or potential criticism, of supply chain security research is lack of clear real-world examples. While there are some news articles exploring reports of hardware Trojans or malicious hardware modifications, they are very limited. Good academic databases of Trojans exist, but not from industry. This is a two-fold challenge. Lack of industry examples may limit motivation for adding protection from the supply chain attacks, but it also means that any defenses have to be made and tested using only academic attack examples.
Supply Chain of Quantum Computers and the Potential Threats
Unlike for classical computers, quantum computer supply chain has two unique or different features. The chief feature of the quantum computer supply chain is the limited number of vendors for certain components. At the same time, the quantum computers, at least for superconducting qubit type, are designed to re-use some hardware commonly found in communications equipment and microwave electronics. In addition, an overarching feature of the supply chain is that the supply chain is concerned with the support equipment, such as the cryogenic refrigerators, signal generators, FPGAs used for controllers, etc. The supply chain, at least at the moment, is not concerned with parts of the quantum computer chips themselves, these are as far as we know fully built by the quantum computer manufacturers. Thus one difference is that the Trojans, counterfeiting, or re-selling would be affecting the support equipment, not the quantum computer chips themselves.
The first feature of the supply chain is the limited number of vendors of the support equipment. This can be both positive and negative aspect.
On the positive side, limited number of vendors means the quantum computer manufacturers have very close relationship with the vendors. The quantum computer manufacturers have very specific designs and requirements, so they may be in better position to observe if something is not correct or if somethign is maliciously modified with the equipment they receive. The support equipment, such as the cryogenic refrigerators, are also very expensive and as result it is easy to track them. Cost of any tracing devices, even adding GPS sensor to each unit, would be minimal. Issues such as re-selling used cryogenic refrigerators may not be a problem at this time. Considering hardware Trojans, it is currently unclear what a Trojan would do. Degrading or damaging the equipment would be easiest, as quantum computers are already very vulnerable to noise and their environment.
On the negative side of having few vendors is the issue of sharing design details of the quantum computers with the vendors. The very specialized equipment developed for quantum computers likely means that the vendors have quite a good idea about the details of the quantum computers or the future designs based on what the manufacturers order. Also, with few vendors, any actual attack would be more powerful since many manufacturers may use the same cryogenic refrigerator or the same signal generator. Thus manufacturers don’t have many choices and it is clear which vendors would be best to compromise if one was an attacker.
The other feature of the quantum computer is that they are being designed for leveraging existing equipment where possible. For example, superconducting qubit machines work at frequencies around 5GHz, which means much of communications equipment can be used. While the communications or industrial controls equipment may have been tested for different security issues, it is not clear how the, for example, wireless application of the equipment differs from the quantum computing application. Maybe for wireless applications it can be assumed that there will be encryption performed at higher layers of the communication stack, thus the analog signals do not need protection in the signal generators. Meanwhile, when same signal generators are used in quantum computer setting, where there is no higher layers, and it is the analog signals coming in and out of the quantum computer that need direct protection.
Considerations for Securing the Quantum Computer Supply Chain
As this article points out, supply chain for the quantum computers has some unique features. In the short term, due to very small set of vendors, it may be easy to dismiss supply chain issues. With few vendors it may be easy to control them and prevent the supply chain attacks. However, what may be more interesting and important is to focus on the differences from classical computers. The unique feature of quantum computer supply chain is that it affects the supporting equipment. There is not a good analogy in classical computers. However, there is good analogy in supervisory control and data acquisition (SCADA) and industrial controls. The supply chain issues with quantum computers may actually be closer to SCADA security issues than to classical computer security issues.
About the author:
Jakub Szefer is an Associate Professor of Electrical Engineering at Yale University where he leads the Computer Architecture and Security Laboratory (CASLAB). His research interests broadly encompass computer architecture and hardware security of computing systems, including security of quantum computers and post-quantum cryptography.