[Infowarrior] - Spies, military looking for hacker-, backdoor-proof circuits

[Richard Forno]

Spies, military looking for hacker-, backdoor-proof circuits

By Adam Rawnsley, wired.com | Published about 2 hours ago

http://arstechnica.com/tech-policy/news/2011/06/spies-military-looking-for-hacker--backdoor-proof-circuits.ars
       
In 2010, the US military had a problem. It had bought over 59,000 microchips destined for installation  in everything from missile defense systems to gadgets that tell friend from foe. The chips turned out to be counterfeits from China, but it could have been even worse. Instead of crappy Chinese fakes being put into Navy weapons systems, the chips could have been hacked, able to shut off a missile in the event of war or lie around just waiting to malfunction.

The Intelligence Advanced Research Projects Agency, the spy community’s way-out research arm, is looking to avoid a repeat. The Trusted Integrated Circuit program is IARPA's attempt to keep foreign adversaries from messing with our chips—and check the circuits for backdoors once they’ve been made.

The US has been worried about its foreign-sourced chips in its supply chain for a while now.  In a 2005 report, the Defense Science Board warned that the shift towards greater foreign circuit production posed the risk that “trojan horse” circuits could be unknowingly installed in critical military systems. Foreign adversaries could modify chips to fizzle out early, the report said, or add secret back doors that would place a kill switch in military systems.

The problem is that the United States isn’t the only game in town anymore when it comes to building better chips. Foreign chip foundries—companies that manufacture chips for third parties—are churning out more advanced products and making regular chips cheaper and more quickly. American  military and intelligence customers would love to take advantage of some of these developments, but they don’t want to limit themselves to just US-made technology.

The Defense Science Board warned in its report that “trust cannot be added to integrated circuits after fabrication.” IARPA disagrees. The agency is looking for ways to check out chips once they’ve been made, asking for ideas on how the US can verify that its foreign chips haven’t been hacked in the production process.

Keep your suggestions original, though. IARPA's sister-shop, DARPA, has already done some work on chip verification. DARPA's TRUST program uses advanced imaging and X-rays to search for deviations from chips’ designs. Its IRIS program aims to check out chips when the US doesn’t have the full designs to compare them to.

One way IARPA would like to make chips from foreign foundries safe is by splitting up the manufacturing process. Under this scenario, the front-end-of-line (FEOL) stage of manufacturing would take place at offshore foundries, while the back-end-of-line processing would finish up at a more secure US facility.

IARPA is also interested in hearing ideas on chip obfuscation. The idea is to hide the “intent of digital and analog functions and their associated building blocks” of an integrated circuit in the FEOL manufacturing stage. If potential adversaries can’t reverse-engineer or understand how a circuit works, it’ll be harder for them to modify it for malicious purposes.

What kinds of chips is IARPA interested in? One type mentioned in its announcement are microelectromechanical systems, super-small chips that can be used to make things like very tiny advanced sensors. These kinds of chips have all kinds of military applications, helping to make 10-gram cameras for use on micro air vehicles and fast-acting sensors that can detect bacteria and viruses.

Photo by John R. Southern