DARPA Looks To End the Scourge of Counterfeit Computer Gear 75
coondoggie writes "Few things can mess up a highly technical system and threaten lives like a counterfeit electronic component, yet the use of such bogus gear is said to be widespread. A new Defense Advanced Research Projects Agency (DARPA) program will target these phony products and develop a tool to 'verify, without disrupting or harming the system, the trustworthiness of a protected electronic component.'"
What could be wrong with that? (Score:2)
Re: (Score:2)
you're not wearing your AFDB [zapatopi.net] that's why.
Re: (Score:1)
I know, we need all electronics to be sent through an NSA hub, and there the components will be verified to be real, and then the product will be sent to the end-user.
Remember, this program will only work if ALL electronics go through it.
And if your device happens to need a couple of days in the hub, it's only because they are replacing some counterfeit chips.
Re: (Score:2)
Because the federal government wants compromised equipment distributed throughout the market just as much as america's political enemies wish to distribute such equipment (for profit or surveillance)? Anything for a short term anvil to hold over citizens who might dare question their actions.
Re: (Score:2)
Well, it's been nice knowing you. Agents will be at your house shortly.
Am I just not thinking about this correctly? (Score:2)
Re: (Score:1)
You don't have to solve the halting problem to find out if the hardware in your machine is identical to a trusted piece of hardware. You just have to compare them.
Now, if you want to know whether the trusted piece of hardware is actually trustworthy, that's harder.
Re:Am I just not thinking about this correctly? (Score:4, Interesting)
Used to be easy back when ICs had few layers and feature sizes that were resolvable with optical light microscopy.
I used to verify ICs for trustable computing back in the day, We would take aligned dieshots, develop them, project them through a red filter, project the master copy of the dieshot through a blue filter, overlay them and look for any large red or blue bits indicative that the metal was not the same. In light of recently published dopant sabotaged parts, it is obvious the technique we used back then was flawed, and not really applicable to modern chips which have many metal layers.
Destructive testing of representative samples can yield verification of all metal layers, but still doesn't cover the dopant sabotage technique (which we were not aware of at the time), of course you could try and slip things through by only sabotaging 5% or 10% of the parts.
I think a much more prevalent problem is counterfeit parts for commercial gain than sabotage, for example taking some cheap MOSFET with similar but worse characteristics and relabelling it as some expensive MOSFET. This happens frequently (found a batch of fake BJTs when I was building an amplifier, as the fake part had the wrong CBE pinout). Another common technique is taking low speed-grade DRAM, assembling it on DIMMs and programming SPD data that claims to be highspeed DRAM, often they don't even bother to change the labels on the device packages, as they are covered by a heatsink on most modern DIMMs.
The problem with out-of-grade counterfeiting is that the different grades are produced from identical masks, and can only be differentiated by very careful measurement of the device parameters. In some cases the counterfeits even meet every parameter, as they are produced by binning in the same way the the original manufacturer bins the parts prior to labelling. There are opamps which cost $40/each, and they are binned from the same line which makes parts costing $1/each, the manufacturer is even up front about this. Sometimes, the line produces more parts that would qualify for the $40/each part number than there is demand for the $40/each part, so the manufacturer just bins them as a lower price part. If the counterfeiter was upfront about it like the OEM, they would relabel them as their own part, with some guarantee about performance like the OEM provides, but then they wouldn't be a counterfeiter, but a legitimate re-binning service.
An example of legitimate rebinning is many of the high end audio equipment or lab equipment manufacturers. They often use commercial grade parts, have an internal test jig, and resell or dispose of parts that don't meet their higher-than-spec required parameters.
Re: (Score:2)
Right so just pass scanning electron microscopes out to everyone? That will make it really dead easy for anyone to spot counterfeits right?
Re: (Score:3)
Is this actually a proposal to provide a general solution to the halting problem for a potentially unpredictable(if parts of it are hidden by the bugged component) program running on logic that may deviate from expected behavior under unknown conditions, or is there some trick that makes it less hopeless?
Well when you read the article its just comes down to a glorified Certificate of Authenticity:
DARPA said it eversions this dielet will be inserted into the electronic component's package at the manufacturing site or affixed to existing trusted components, without any alteration of the host component's design or reliability. There is no electrical connection between the dielet and the host component.
So yeah, the first thing that will be counterfeited will be these dielets.
But even baring that, since it has no connection to the actual electronics and firmware, simply seeing it on the package means nothing if the part you are using was compromised before it came out of manufacture, or passed through hands with the capability to compromise it before it hit your loading dock.
I suppose this solves the problem of t
Re: (Score:3)
Re: (Score:2)
Well, given this story mentions the Defense Advanced Research Projects Agency, I'd guess DoD in this context is the Department of Defense.
Re: (Score:2)
No, but when you buy from off-shore vendors and they ship back fake parts, it can hurt when a plane falls out of the sky.
Not going to happen (Score:4, Insightful)
"SHIELD demands a tool that costs less than a penny per unit, yet makes counterfeiting too expensive and technically difficult to do"
and at the same time
"What SHIELD is seeking is a very advanced piece of hardware that will offer an on-demand authentication method never before available to the supply chain"
These appear to be mutually exclusive.
Easy (Score:1)
Re: (Score:2)
Perhaps I should have highlighted the problem I see with their statements. They want "a very advanced piece of hardware" that "costs less than a penny per unit". This is the impossibility in their reasoning, not that it couldn't technically work in some way.
Re: (Score:1)
Re: (Score:2)
Indeed, the 'woosh' appears appropriate here. From that I take it your response was meant in jest, though how I cannot tell (other than that your comment seemed largely to consist of techno-babble - but maybe that was intentional?). Anyway, I took it as serious and wanted to point out that I don't care how feasible the item they describe is... the cost they want is impossible for anything 'very advanced'.
If I have missed some grand joke, then I apologize :)
What could you do with $0.01 worth of ARM Cortex? (Score:2)
The key words here are "PER UNIT".
I expect you know very well that just about all software costs less than a penny per unit to deliver into the hands of customers.
As I recall, in 2002 the Oxford Semiconductor OXFW911 Firewire/IDE storage bridge chip cost eight bucks apiece, when purchased in quantity. It was a little small than a dime.
For eight bucks, you got a 32-bit ARM7TDMI microprocessor, 64 kB of Flash for your firmware, 1800 bytes (yes, really: BYTES) of RAM, an IDE core for talking to your disk driv
Re: (Score:2)
"SHIELD demands a tool that costs less than a penny per unit, yet makes counterfeiting too expensive and technically difficult to do"
and at the same time
"What SHIELD is seeking is a very advanced piece of hardware that will offer an on-demand authentication method never before available to the supply chain"
These appear to be mutually exclusive.
I don't think so. At least DARPA thinks it's possible to do. Despite being government engineers, the guys and gals at DARPA are a fairly bright bunch.
For digital systems, I'm thinking that there might be a way to put a small amount of ROM and logic that responds to specific stimulus in ways that are not easily duplicated if you don't know the logic design. Put a little bit of state information in the mix and it wouldn't be that hard to pragmatically validate the part, but hard to duplicate said part.
Re: (Score:2)
I don't doubt the goal can be achieved at some cost, but they seem to want it for 'less than a penny per unit'. Considering that they admit it is 'a very advanced piece of hardware' I don't see how it could possibly be fabricated and installed for such a tiny cost.
Re: (Score:2)
SHIELD demands a tool that costs less than a penny per unit
They should also demand a replacement eye for Nick Fury, for all the good it'll do.
Re: (Score:2)
perhaps you mean FTC?
Re: (Score:2)
From TFA, emphasis mine:
After a scan, an inexpensive appliance (perhaps a smartphone) uploads a serial number to a central, industry-owned server. The server sends an unencrypted challenge to the dielet, which sends back an encrypted answer and data from passive sensors-like light exposure-that could indicate tampering, DARP said.
DARPA won't be "running the program"
DARPA remote bugging tool .. (Score:1)
Re: (Score:2)
It's not going in YOUR computer. It's going into mission-critical stuff for DoD use.
For example, would you really want to be flying an F-22 with a counterfeit CPU?
Re: (Score:1)
Re: (Score:2)
Uh, yeah, I actually do. DARPA is looking for stuff for DOD, remember?
Re: (Score:2)
The manufacturer would be putting the toll in your computer or device, not DARPA. DARPA is just trying to invent the tech to do it. According to TFA, the validation would also be done by an "industry-owned server."
Re: (Score:2)
If you go here you can get a DC [yelp.com] as part of the entertainment.
Whatever became of the counterfeit bolt problem? (Score:4, Interesting)
It occurred quite a long time ago, but at the time no solution was proposed.
Regular steel bolts have hexagonal heads that are flat on top. Bolts made of high-strength steel are marked with three - if I recall correctly - radial lines.
You can see that it would be easy and cheap to mark a regular steel bolt with those three lines, then sell it for the high-strength premium.
This caused at least on death: a worker who was torquing a bolt while building the first Saturn car factory snapped the head off a bolt and fell to his death.
An Army general commented that when he took his battalions tanks out for training in the desert, their tracks were littered with bits of broken off bolts, as well as the occasional tank tread.
What they actually did about this was to test samples of bolt shipments, but such testing was very expensive and so could not provide good coverage.
However it has been years since I last heard about it. Has the counterfeit bolt problem been solved? If so how?
Re: (Score:2)
This caused at least on death: a worker who was torquing a bolt while building the first Saturn car factory snapped the head off a bolt and fell to his death.
While still a bad thing, this should never have happened. He should have been wearing redundant safety gear so that no matter what failed, he would have been safe.
Re: (Score:1)
This caused at least on death: a worker who was torquing a bolt while building the first Saturn car factory snapped the head off a bolt and fell to his death.
While still a bad thing, this should never have happened. He should have been wearing redundant safety gear so that no matter what failed, he would have been safe.
While your point is still valid, it is hardly the only case where it is possible for a counterfeit high tensile bolt to cause a fatality.
It doesn't take much imagination to think of a problem. [nytimes.com]
USA! USA! USA! (Score:2)
Actually that is precisely what the US Federal Occupational Safety and Health Administration is for.
Perhaps money changed hands.
Re: (Score:3)
DARPA is said to be looking for this man (Score:2)
Because this man [ytimg.com] would be the perfect leader for their new project.
Re: (Score:1)
But marked backwards, eh?
Counterfeit? (Score:4, Interesting)
How can one discern between counterfeit and real, when both are coming off the same assembly line in China?
This is what is called "third shift" products, where the first two shifts make XYZ product for ABC corp, and the third shift makes XYZ Counterfeit for black market.
Re: (Score:2)
Sometimes the giveaway is substitute parts, ABC corp will ony give the assembly line in china sufficint parts to make the legitimate products (plus a handful of spares for failures) so to make the counterfiets the factory has to source substitutes for custom parts, those substitutes may be slightly different from the slightly different from the legit parts.
Re: (Score:2)
Tell me if will detect NSA (or other) caused BIOS (Score:2)
Let us not forget the very real problem with NSA practices in our field, and suddenly why your technical computing cluster stopped working, or other equipment screwed up. Our friendly hackers at NSA and any bios changed while providing snooping, changing timing on cpu, etc.
I already had problems with my land line which a firmly believe was because the NSA and small local phone company kept having technical issues leaving with out phone service for extended periods with what I will assume was interface probl
hope all it does is verifies... (Score:1)
Re: (Score:1)
Fairly easy and cheap. (Score:4, Insightful)
It seems to me that most of you didn't bother to read the article. In a nutshell, DARPA wants a small electrically isolated chip that acts as a RFID chip and sends an encrypted response to an interrogation. Method of use
1. Specialized probe scans chip. Obtains serial number of chip.
2. Specialized probe sends serial number information to centralized server.
3. Centralized server sends back to probe query string.
4. Probe passes onto chip, the query string.
5. Chip sends back encrypted response to query string.
6. Probe passes back to centralized server, encrypted chip response.
7. Centralized server sends back to probe "good" or "bad" results.
Notice that the encryption key may be unique for each chip. The keys are known by the centralized server, but don't need to be known by anything else.
In order to create a counterfeit, the attacker needs to do one of two things.
1. Duplicate an existing chip to include the serial number and encryption key.
2. Create a new chip with a new serial number and encryption key and implant that serial number and key into the database maintained by the centralized server.
If an attacker is capable of compromising the central server, then it's game over. But the assumption is that is a "hard task". So the security is likely to be aimed at protecting the encryption key for each chip. Perhaps store the key in TLC Nand and arrange for the value to be corrupted if it's exposed to light (and of course, encapsulate the chip in an opaque material).
So when you manufacture a "non-counterfeit" component, you
1. Manufacture component.
2. Glue a chip to the component.
3. Register the chip with the centralized server.
To verify that a component isn't a counterfeit.
1. Scan for chip and do the entire song and dance to verify the chip.
Re: (Score:1)
2. Specialized probe sends serial number information to centralized server.
2a. The centralized server gets decomissioned.
2b. The centralized server is (D)DOSed.
2c. You have the same control over the centralized server as you do over your data stored on facebook, dropbox, s3, etc.
2d. Your credentials expire either because you stopped paying for protection^Wservice or you just forgot to change your password when you got IT's "your password is about to expire" email.
No one needs to read past Step 2 to realize this whole thing is a bad joke, right?
examples of the danger? (Score:2)
The summary and the article state that these counterfeit parts are so dangerous. Can anybody provide examples of harm done? And not just to somebody's bank account? I'm not saying I disagree, but if you tell me I should be afraid, at least point to examples of why I should be afraid.
Re: (Score:2)
The summary and the article state that these counterfeit parts are so dangerous. Can anybody provide examples of harm done? And not just to somebody's bank account? I'm not saying I disagree, but if you tell me I should be afraid, at least point to examples of why I should be afraid.
That's about it.
For commercial purposes, the claim is somehow that your cheap off-brand machines are obviously inferior to the brand name equipment made by the same assembly lines. It doesn't work well in practice, since chip clones and cheap knockoffs usually mean success for the brand they are impersonating.
Government agencies are trying to find a way to allow cheap manufacture of standard certified equipment, using untrustworthy, lowest-bidder, often foreign manufacturing plants, while at the same time
Re: (Score:2)
The DARPA project is not about protecting consumer-grade electronics from cheap knockoffs and badly-swapped ICs.
The project's stated purpose, and the DoD and other government acronym interests fall squarely inside the spy-vs-spy realm.
Sure, I suppose it is technically possible that businesses are going to invest in embedding this type of security inside critical chips, then spot-check every production run for authenticity. This might happen at bigger corporations for important big-budget projects.
But no,