Security Framework for the Semiconductor Supply Chain Environment

  • Alireza EsfahaniEmail author
  • Georgios Mantas
  • Mariana Barcelos
  • Firooz B. Saghezchi
  • Victor Sucasas
  • Joaquim Bastos
  • Jonathan Rodriguez
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 263)


This paper proposes a security framework for secure data communications across the partners in the Semiconductor Supply Chain Environment. The security mechanisms of the proposed framework will be based on the SSL/TLS and OAuth 2.0 protocols, which are two standard security protocols. However, both protocols are vulnerable to a number of attacks, and thus more sophisticated security mechanisms based on these protocols should be designed and implemented in order to address the specific security challenges of the Semiconductor Supply Chain in a more effective and efficient manner.


Industry 4.0 Semiconductor Supply Chain Network secure communications SSL/TLS OAuth2 



The work has been performed in the project Power Semiconductor and Electronics Manufacturing 4.0 (SemI40), under grant agreement No 692466. The project is co-funded by grants from Austria, Germany, Italy, France, Portugal (from the fundação para a ciência e Tecnologia - ECSEL/0009/2015) and - Electronic Component Systems for European Leadership Joint Undertaking (ECSEL JU).


  1. 1.
    Dierks, T.: The Transport Layer Security (TLS) Protocol Version 1.2, RFC 5246, vol. RFC 5246, pp. 1–104 (2008)Google Scholar
  2. 2.
    Hardt, D.: The OAuth 2.0 Authorization Framework [RFC 6749], RFC 6749, pp. 1–76 (2012)Google Scholar
  3. 3.
    Hong, J.: The state of phishing attacks. Commun. ACM 55(1), 74–81 (2012)CrossRefGoogle Scholar
  4. 4.
    GReAT, The Icefog APT: A Tale of Cloak and Three Daggers, Kaspersky Labs (2013)Google Scholar
  5. 5.
    Mantas, G., Komninos, N., Rodriuez, J., Logota, E., Marques, H.: Security for 5G communications, Fundamentals of 5G Mobile Networks, pp. 207–220 (2015)Google Scholar
  6. 6.
    Krebs, B.: Target Hackers Broke in Via HVAC Company, Krebs on Security (2014)Google Scholar
  7. 7.
    Hawkings, B.: Case Study: The Home Depot Data Breach, SANS Institute (2015)Google Scholar
  8. 8.
    Krebs, B.: Sources: Target Investigating Data Breach, Krebs on Security (2013)Google Scholar
  9. 9.
    Nelson, N.: The impact of Dragonfly malware on industrial control systems (2016)Google Scholar
  10. 10.
    Symantec, Dragonfly: Cyberespionage Attacks Against Energy Suppliers (2014)Google Scholar
  11. 11.
    Gragido, W.: Lions at the Watering Hole – The ‘VOHO’ Affair, RSA (2012)Google Scholar
  12. 12.
    BAE Systems Applied Intelligence, Shylock. Banking malware. Evolution or revolution? (2014)Google Scholar
  13. 13.
    Zetter, K.: A cyberattack has caused confirmed physical damage for the second time ever, Wired, pp. 1–19 (2017)Google Scholar
  14. 14.
    Falliere, N., Murchu, L.O., Chien, E.: W32.Stuxnet Dossier, vol. 4, February 2011Google Scholar
  15. 15.
    Lipp, M., et al.: Meltdown (2018). no. ArXiv eprints: arXiv:1801.01207
  16. 16.
    Kocher, P., et al.: Spectre Attacks: Exploiting Speculative Execution * (2018). no. ArXiv eprints: arXiv:1801.01203
  17. 17.
    Krebs, B.: Breach at Michaels Stores Extends Nationwide, Krebs on Security (2011)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019

Authors and Affiliations

  • Alireza Esfahani
    • 1
    Email author
  • Georgios Mantas
    • 1
  • Mariana Barcelos
    • 1
  • Firooz B. Saghezchi
    • 2
  • Victor Sucasas
    • 2
  • Joaquim Bastos
    • 1
  • Jonathan Rodriguez
    • 2
  1. 1.Instituto de Telecomunicações (IT)AveiroPortugal
  2. 2.University of AveiroAveiroPortugal

Personalised recommendations