#Japan #Cybersecurity #Tokyo #Hardware Security Module #WiSECURE

Is the Audit Report for Industrial Semiconductor Equipment Truly 'Pristine'?

In the realm of industrial and semiconductor equipment security, ensuring compliance with international standards is paramount. However, the reliance solely on software detection tools presents certain vulnerabilities, particularly regarding the risk of OS contamination which can lead to report tampering. WiSECURE Inc., based in Bunkyo, Tokyo, has identified these challenges and proposes a new auditing approach that employs a 'Hardware Root of Trust' from the physical layer to ensure the reliability of reports generated by automated scanning tools and maintenance software.

With international security standards such as SEMI E187, IEC 62443, and ISO 21434 becoming increasingly stringent, WiSECURE is leveraging proprietary USB-type Hardware Security Modules (HSMs) and cryptographic technologies. Their approach enables the establishment of evidentiary capability through physical layers, effectively bolstering trust across the global supply chain. This article sheds light on the potential risks posed by OS contamination and the challenge of ensuring consistency in audit reports across different environments.

The Underlying Risk: OS Contamination and the Trust Gap in Audits

In many production facilities, the verification of equipment often involves vendor-provided scanning tools. However, if the host operating system (OS) has been compromised, there exists a substantial risk that the results and log data could be altered beyond the software's purview. This raises concerns about verifying the authenticity of the reports generated during both the manufacturing process and post-delivery inspections. Historically, proving that audit reports from diverse environments stem from the same trusted process has been limited.

The fundamental query arises: "Is the 'pass' indication on the tool truly authentic, and is this trust consistent across the supply chain?" To address this, WiSECURE advocates for the adoption of physically isolated hardware security modules (HSMs).

The Solution: Retaining Write Execution Rights on the Device

WiSECURE aims to realize 'trust separation' by positioning physical hardware (USB token-type HSM) at the initiation point of the report generation process, allowing for independence from the OS environment.

Write Governance

Through hardware-enforced writing control at the physical layer, unauthorized processes attempting data tampering are fully obstructed. Even in circumstances where OS administrative privileges might be seized, the physical layer can prevent unlawful writing operations, safeguarding the integrity of the data.

Consistent Integrity

With a unique storage architecture designed to withstand digital forensic scrutiny, WiSECURE ensures a consistently high evidentiary capability. Locking the 'Root of Trust' within the device allows verification of reports generated under identical high-security standards, regardless of location or OS, from manufacturing to the maintenance phase post-delivery.

Support for Global Standards Compliance

WiSECURE's methodology complies with international security criteria demanding integrity and non-repudiation, such as those established by IEC 62443, SEMI E187, and NIST. This approach elevates audit standards without necessitating a complete overhaul of existing tools—merely requiring plugin implementation.

WiSECURE Products: USB Type-C HSM

The applicability of these solutions has been demonstrated in Taiwan's semiconductor ecosystem, where compliance with standards like SEMI E187 has become essential. Consequently, the demand for USB hardware adoption has surged among scan tool vendors as a method to ensure audit report authenticity.

A Taiwanese automation software vendor has successfully integrated this 'physical trust mechanism,' establishing a system that outputs reports from a singular trusted source throughout the manufacturing process. This has enabled them to meet stringent cybersecurity audit requirements and gain overwhelming trust within the supply chain.

In a case involving the integration of scanning software for semiconductor equipment, developers swiftly incorporated USB security features through an SDK, facilitating the rapid alignment of their product with international cybersecurity standards and ensuring smooth integration within semiconductor production lines.

For further details, refer to the 'Cybersecurity White Paper for Industrial Control Systems: SEMI E187' released by WiSECURE.

Enhancing Ecosystem Partnerships

WiSECURE is strengthening collaborations with independent software vendors (ISVs) and systems integrators (SIs) domestically and internationally, aiming to cultivate a trustworthy foundation for external tool acceptance in the semiconductor and industrial equipment sectors. When vendors consider 'hardware-based credibility,' WiSECURE provides technical support on implementation aspects to facilitate the integration of Root of Trust architecture.

• ---

Visit WiSECURE at Japan IT Week (Spring)

Experience firsthand the 'hardware hardening' solution showcased in this article. Witness how data authenticity can be physically safeguarded even in compromised OS environments.

• - Exhibition Name: 23rd Japan IT Week (Spring)
• - Location: Tokyo Big Sight
• - Booth Number: West Hall 1 W3-22

For more details, visit WiSECURE's Official Site.

Product Evaluation: Consumer Model

For individual users, the simple-to-operate 'SAMURAI Key' model is now available on Amazon.co.jp. Utilize it for quick feature evaluation before integration.
Amazon Product Page: SAMURAI Key