CIST: A Serious Game for Hardware Supply Chain

Abstract

The globalisation and outsourcing of the IC supply chain have led to a more complex production cycle. Using threat models to understand the attacks can help engineers build stronger countermeasures and evaluate against different options to create better protection from attacks. Gamification is an alternative to teaching engineers threats using threat models and trying to keep up to date with new threats. Playing a serious game based on the IC hardware supply chain allows players to take control of self-learning and build knowledge through experiences in the gameplay. This paper propose CIST: A serious game for hardware supply chain, designed for hardware security and uses a threat model called CIST, designed to overcome the different requirements for hardware threats and gaps in current generic security threat models. The CIST game covers hardware-related risks through the complete IC life cycle from design, manufacturing, using the IC within a system and finally, recycling the ICs.