BT2X: Multi-Leveled Binary Transparency to Protect the Software Supply Chain of Operational Technology

An increasing number of attacks targeting software supply chains poses a significant threat to software-reliant systems such as Operational Technology (OT). One noteworthy variant of software supply chain attacks is the circumvention of code signing by utilizing stolen signing keys. Binary Transparency (BT) serves as a mechanism to detect and deter such attacks by mandating that every signed binary is stored in a trusted append-only log. We introduce BT-To-The-X (BT2X) which brings BT to OT. To support retrofitting of computationally less capable devices, BT2X introduces well-defined audit levels and assisting infrastructure. Furthermore, it includes a federated gossiping protocol to detect misbehaving logs presenting inconsistent views to different observers. We implemented BT2X on low-power microcontrollers using Rust and evaluated it with regard to size and performance to demonstrate its practical feasibility.