The US Air Force is taking a crucial step to safeguard its technological edge by investing nearly half a billion dollars in anti-tamper technologies. This initiative, spearheaded by the Air Force Life Cycle Management Center, aims to equip military electronics with robust defenses against adversaries seeking to steal sensitive information through reverse engineering.
Why Anti-Tamper Technologies Matter
Military technology is a prime target for espionage. Enemies may attempt to reverse-engineer captured equipment to understand its functionalities and potentially exploit vulnerabilities. This can compromise national security and hinder military operations
Military technology can be compromised following foreign sales to an ally, accidental loss, or capture during a conflict by an enemy. There is a growing threat of reverse engineering US military systems by Russia and China. On the commercial side, China has a long history of reverse engineering intellectual property of all kinds and then closing its markets to all but Chinese companies. But when this tendency is applied to military systems the stakes are even higher, threatening to erode the US edge in national security. Likewise, Soviets reverse engineered the Sidewinder air-to-air missiles. China extensively learnt from F-117 that crashed in Serbia in 1999 through inspection and analysis of aircraft’s stealth features.
Because U.S. military hardware and software have a high technical content that provides a qualitative edge, protection of this technological superiority is a high priority.
Determining Anti-Tamper Requirements
Anti-Tamper (AT) encompasses the systems engineering activities intended to deter, prevent, delay, or respond to reverse engineering (RE) attempts that may lead to compromise of Critical Program Information (CPI) in US weapons systems. AT’s goal is to prevent adversary countermeasure development, unintended technology transfer, or alteration of a system due to RE.
These activities involve the entire life cycle of systems acquisition, including research, design, development, implementation and testing of AT measures. Properly employed, AT adds significant longevity to CPI by deterring efforts to reverse-engineer, exploit, or develop countermeasures against a system or system component.
The use of AT protective techniques will vary depending on the technology being protected. For example, state-of-the-art technology of a critical nature typically requires more sophisticated AT applications. Some examples of AT techniques include software encryption, integrated circuit protective coatings, and hardware access denial systems
The process of interest can be divided into two main parts: the front half, which involves developing an estimate of the means and probability of exploitation, and the back half, where one determines an appropriate solution to the need once it has been properly characterized.
The first of these steps is to identify the critical technologies that are under consideration for design into a weapon system. According to the Department of Defense (DoD) 5200.1-M, an essential or critical technology is one that “if compromised would degrade combat effectiveness, shorten the expected combat effective life of the system, or significantly alter program direction.” Access to such information could force undesirable changes to tactics and concepts of operations (conops), premature retirement of a weapons system, or major system design changes to regain some level of effectiveness.
Critical technologies include both software and hardware. Once these technologies have been identified, the “threats” to them are usually ascertained through some process involving “red-teaming” or scrutiny by those experts in friendly and adversarial exploitation. This step consists not only of identifying who might be interested and capable of exploiting identified critical technologies, but why and how they might be exploited. Technologies can be exploited to determine how they can be defeated or how they can be reengineered and improved upon.
…a multidisciplinary counterintelligence threat assessment and a risk assessment are conducted. These assessments provide the basis for any decision pertaining to the protection of the [critical technologies] as part of the overall risk management strategy and the implementation of cost-effective risk mitigation measures (i.e., countermeasures).
The next two steps consist of identifying both vulnerabilities of critical technologies to exploitation and the actual means by which they might be exploited. Again, these assessments must look to the hardware and software aspects of a system and their relationship to system performance. These steps are critical to the design efforts going into the weapon system proper, since they usually indicate if and where measures must be taken to protect the constituent critical technologies.
While understanding how a critical technology can be exploited is very insightful, so is projecting what the impacts would be if exploitation efforts were indeed successful. For example, if a critical technology is exploited, it may result in countermeasure developments that render the weapon system performance inadequate to do the job. By the same token, exploitation may not result in lost capability if other factors are important to the realization of a weapon system’s full performance potential. Another factor that should be considered is the cost to develop replacement technology or to find other means to regain lost military advantage. Such data can be important for determining if the cost of incorporating protective schemes are worthwhile compared to the cost of measures that must be taken once a technology is compromised.
The last step in the front half of the requirements process is to assess possible exploitation timelines that serve to mitigate the need for, or required amount of, AT necessary for a weapon system. To illustrate, consider the impact of the pace of technological advancement in the microprocessor field. When a certain microprocessor, let us say an application-specific integrated circuit (ASIC), is designed into a weapon system, it may indeed represent a critical technology. But when one considers that similar commercial technology will match and overcome the ASIC’s performance capabilities within 3 to 5 years, it may not make much sense to invest heavily in its protection
through AT. The technological advantage will be lost in a relatively short amount of time through means available on the open market.
In contrast, consider the case of protection of software through encryption. Use of more sophisticated means for encryption may not render a software code absolutely secure, but it might increase the time it takes to break the encryption code by an order of magnitude—ensuring that the weapon cannot be exploited during its expected life.
Once the first six steps of the process are complete, then a preliminary requirement for AT can be stipulated. The second main part or back half of the requirements process consists of four steps. The first of these is to identify AT techniques that are available to counter the exploitation threats. The nature of the critical technologies requiring protection will naturally provide a first filter for those techniques that may have application. At this stage the alternatives being considered may be quite different even if they have the same end result, that is, to inhibit exploitation. The second step is to select a preliminary set of potential countermeasures that are identified for more indepth analysis. This first “cut” can usually be accomplished by eliminating those options whose affordability or efficacy are clearly unattractive compared to the other options. Typically a top-level look at the countermeasures proposed will surface relative strengths and weaknesses that facilitate this initial tradeoff.
During the third step a traditional engineering design analysis is conducted in which all considerations are accounted for and evaluated. On the weapon system design side such considerations include life-cycle cost, implications for schedule (both development and production), impact on weapon system performance, ease of manufacture, reliability and maintainability, and safety.
The last step in the AT requirements process is final selection of the favored solution set. This solution may not be unique; another choice may achieve similar results at a similar cost.
AT techniques
These are security measures embedded within electronic systems to deter, prevent, or delay attempts to tamper with them. Here’s how the Air Force plans to achieve this:
- Secure Processing: Creating secure environments for processing sensitive data within various electronic components, including single-board computers and microelectronics. This can involve establishing physical barriers or implementing software-based security protocols. for example nonetchable thin opaque coatings applied to semiconductor wafers.
- Volume Protection and Sensors: Integrating sensors and other technologies to detect tampering attempts. These safeguards can sound alarms or even disable the system if unauthorized access is detected, or even self-destructing components.
- Cryptographic Protection: Employing robust encryption algorithms and key management techniques to safeguard sensitive information. This makes it virtually impossible for unauthorized parties to decipher critical data even if they manage to gain access to the system.
A Decade-Long Defense Investment
In August 2022, the Air Force Life Cycle Management Center’s Anti-Tamper Executive Agent Program Office (ATEA PO) at Wright-Patterson Air Force Base, Ohio, issued a draft request for proposal (AT2022DraftRFP) for a groundbreaking initiative. This program, dubbed the Anti-Tamper Executive Agent Program Office Multiple Award Indefinite Delivery/Indefinite Quantity Contract (MAC ID/IQ) project, is poised to span a decade and could potentially be worth half a billion dollars.
The program aims to support new and ongoing research and development efforts to create and refine anti-tamper (AT) technologies. These technologies are crucial for safeguarding Department of Defense (DoD) critical program information (CPI) and critical technologies from reverse engineering (RE). Given the rapid pace of advancements in electrical, electronic, digital, optical, and materials fields, AT techniques must continually evolve to remain effective.
Scope of Technologies
The AT technologies under consideration encompass a wide array of areas, including:
- Software Solutions: Developing robust software defenses against tampering and reverse engineering.
- Hardware Innovations: Creating resilient hardware components designed to withstand tampering attempts.
- Component Design and Packaging: Enhancing the security of component designs and their packaging to prevent unauthorized access.
- Materials Development and Application Methods: Innovating new materials and application methods to fortify defense systems.
- Manufacturing Techniques: Implementing advanced manufacturing processes that incorporate anti-tamper features.
- Key Management Solutions: Establishing secure methods for managing cryptographic keys and other sensitive information.
U.S. Air Force Collaborates with Defense Industry Leaders to Enhance Anti-Tamper Technologies
In a significant move to bolster information security, the U.S. Air Force has enlisted 17 leading defense technology companies to develop and deploy advanced anti-tamper technologies aimed at preventing adversaries from reverse-engineering critical military electronics. This initiative, managed by the Air Force Life Cycle Management Center at Wright-Patterson Air Force Base, Ohio, involves contracts worth a collective $499 million.
Securing Critical Military Electronics
The primary objective of this initiative is to safeguard U.S. military programs from adversarial tamper efforts that could lead to reverse-engineering and compromise of sensitive technologies. These anti-tamper solutions are crucial in protecting microprocessors, sensors, and cryptographic systems from unauthorized access and exploitation.
Companies Awarded Contracts
The companies selected for this vital project include:
- Battelle Memorial Institute (Columbus, Ohio)
- Boeing Co. Defense, Space & Security (St. Louis)
- Charles Stark Draper Laboratory (Cambridge, Mass)
- Chip Scan Inc. (Rockaway Beach, N.Y.)
- General Dynamics Corp. Mission Systems (Dedham, Mass.)
- GE Aerospace (Grand Rapids, Mich.)
- Honeywell International (Clearwater, Fla.)
- Idaho Scientific LLC (Boise, Idaho)
- Kratos Defense (San Diego)
- L3Harris Technologies (Palm Bay, Fla.)
- Lockheed Martin Corp. (Orlando, Fla.)
- Mercury Systems Inc. (Andover, Mass.)
- Microsemi SOC Corp. (San Jose, Calif.)
- Northrop Grumman Corp. Mission Systems (Linthicum Heights, Md.)
- Radiance Technologies Inc. (Huntsville, Ala.)
- Raytheon Technologies Corp. (McKinney, Texas)
- Sabre Systems Inc. (Warminster, Pa.)
Objectives and Outcomes
The overarching goal of these efforts is to deter, prevent, delay, or respond to reverse-engineering attempts that could compromise critical program information. By developing integrated anti-tamper technologies, the program aims to:
- Prevent adversary countermeasure development
- Avoid unintended technology transfer
- Mitigate the risks of system alterations due to reverse-engineering
This initiative underscores the Air Force’s commitment to enhancing the security and resilience of its defense systems against sophisticated adversarial threats.
Implementation and Timeline
The selected companies will perform the work across various locations within the continental United States, with the project expected to be completed by February 2030. For more information, interested parties can contact the Air Force Life Cycle Management Center via their official website.
Strategic Significance
The proposed MAC ID/IQ contract reflects the Air Force’s strategic approach to defending its critical technologies. By involving a diverse range of technologies and methodologies, the program aims to develop comprehensive solutions that address multiple facets of anti-tamper protection.
Looking Ahead
The Air Force’s commitment to this extensive program underscores its proactive stance in maintaining technological superiority and protecting national security interests. As the draft request for proposal progresses to the next stages, the defense community eagerly anticipates the advancements and innovations that will emerge from this decade-long endeavor.
Conclusion
By harnessing the expertise of leading defense technology companies, the U.S. Air Force is taking proactive steps to secure its critical electronic systems from tampering and reverse-engineering efforts. This comprehensive approach not only enhances the protection of sensitive technologies but also ensures that the U.S. military maintains its technological edge in an increasingly contested environment.