Home / Military / Air Force / Shielding the Arsenal: US Air Force Invests in Anti-Tamper Tech

Shielding the Arsenal: US Air Force Invests in Anti-Tamper Tech

The US Air Force is taking a crucial step to safeguard its technological edge by investing nearly half a billion dollars in anti-tamper technologies. This initiative, spearheaded by the Air Force Life Cycle Management Center, aims to equip military electronics with robust defenses against adversaries seeking to steal sensitive information through reverse engineering.

 

Why Anti-Tamper Technologies Matter

Military technology is a prime target for espionage. Enemies may attempt to reverse-engineer captured equipment to understand its functionalities and potentially exploit vulnerabilities. This can compromise national security and hinder military operations

 

Military technology can be compromised following foreign sales to an ally, accidental loss, or capture during a conflict by an enemy. There is a growing threat of reverse engineering US military systems by Russia and China. On the commercial side, China has a long history of reverse engineering intellectual property of all kinds and then closing its markets to all but Chinese companies. But when this tendency is applied to military systems the stakes are even higher, threatening to erode the US edge in national security. Likewise, Soviets reverse engineered the Sidewinder air-to-air missiles. China extensively learnt from F-117 that crashed in Serbia in 1999 through inspection and analysis of aircraft’s stealth features.

 

Because U.S. military hardware and software have a high technical content that provides a qualitative edge, protection of this technological superiority is a high priority.

 

Determining Anti-Tamper Requirements

Anti-Tamper (AT) encompasses the systems engineering activities intended to deter, prevent, delay, or respond to reverse engineering (RE) attempts that may lead to compromise of Critical Program Information (CPI) in US weapons systems. AT’s goal is to prevent adversary countermeasure development, unintended technology transfer, or alteration of a system due to RE.

 

These activities involve the entire life cycle of systems acquisition, including research, design, development, implementation and testing of AT measures. Properly employed, AT adds significant longevity to CPI by deterring efforts to reverse-engineer, exploit, or develop countermeasures against a system or system component.

 

The use of AT protective techniques will vary depending on the technology being protected. For example, state-of-the-art technology of a critical nature typically requires more sophisticated AT applications. Some examples of AT techniques include software encryption, integrated circuit protective coatings, and hardware access denial systems

 

The process of interest can be divided into two main parts: the front half, which involves developing an estimate of the means and probability of exploitation, and the back half, where one determines an appropriate solution to the need once it has been properly characterized.

 

The first of these steps is to identify the critical technologies that are under consideration for design into a weapon system. According to the Department of Defense (DoD) 5200.1-M, an essential or critical technology is one that “if compromised would degrade combat effectiveness, shorten the expected combat effective life of the system, or significantly alter program direction.” Access to such information could force undesirable changes to tactics and concepts of operations (conops), premature retirement of a weapons system, or major system design changes to regain some level of effectiveness.

 

Critical technologies include both software and hardware. Once these technologies have been identified, the “threats” to them are usually ascertained through some process involving “red-teaming” or scrutiny by those experts in friendly and adversarial exploitation. This step consists not only of identifying who might be interested and capable of exploiting identified critical technologies, but why and how they might be exploited. Technologies can be exploited to determine how they can be defeated or how they can be reengineered and improved upon.

 

…a multidisciplinary counterintelligence threat assessment and a risk assessment are conducted. These assessments provide the basis for any decision pertaining to the protection of the [critical technologies] as part of the overall risk management strategy and the implementation of cost-effective risk mitigation measures (i.e., countermeasures).

 

The next two steps consist of identifying both vulnerabilities of critical technologies to exploitation and the actual means by which they might be exploited. Again, these assessments must look to the hardware and software aspects of a system and their relationship to system performance. These steps are critical to the design efforts going into the weapon system proper, since they usually indicate if and where measures must be taken to protect the constituent critical technologies.

 

While understanding how a critical technology can be exploited is very insightful, so is projecting what the impacts would be if exploitation efforts were indeed successful. For example, if a critical technology is exploited, it may result in countermeasure developments that render the weapon system performance inadequate to do the job. By the same token, exploitation may not result in lost capability if other factors are important to the realization of a weapon system’s full performance potential. Another factor that should be considered is the cost to develop replacement technology or to find other means to regain lost military advantage. Such data can be important for determining if the cost of incorporating protective schemes are worthwhile compared to the cost of measures that must be taken once a technology is compromised.

 

The last step in the front half of the requirements process is to assess possible exploitation timelines that serve to mitigate the need for, or required amount of, AT necessary for a weapon system. To illustrate, consider the impact of the pace of technological advancement in the microprocessor field. When a certain microprocessor, let us say an application-specific integrated circuit (ASIC), is designed into a weapon system, it may indeed represent a critical technology. But when one considers that similar commercial technology will match and overcome the ASIC’s performance capabilities within 3 to 5 years, it may not make much sense to invest heavily in its protection
through AT. The technological advantage will be lost in a relatively short amount of time through means available on the open market.

 

In contrast, consider the case of protection of software through encryption. Use of more sophisticated means for encryption may not render a software code absolutely secure, but it might increase the time it takes to break the encryption code by an order of magnitude—ensuring that the weapon cannot be exploited during its expected life.

 

Once the first six steps of the process are complete, then a preliminary requirement for AT can be stipulated. The second main part or back half of the requirements process consists of four steps. The first of these is to identify AT techniques that are available to counter the exploitation threats. The nature of the critical technologies requiring protection will naturally provide a first filter for those techniques that may have application. At this stage the alternatives being considered may be quite different even if they have the same end result, that is, to inhibit exploitation. The second step is to select a preliminary set of potential countermeasures that are identified for more indepth analysis. This first “cut” can usually be accomplished by eliminating those options whose affordability or efficacy are clearly unattractive compared to the other options. Typically a top-level look at the countermeasures proposed will surface relative strengths and weaknesses that facilitate this initial tradeoff.

 

During the third step a traditional engineering design analysis is conducted in which all considerations are accounted for and evaluated. On the weapon system design side such considerations include life-cycle cost, implications for schedule (both development and production), impact on weapon system performance, ease of manufacture, reliability and maintainability, and safety.

The last step in the AT requirements process is final selection of the favored solution set. This solution may not be unique; another choice may achieve similar results at a similar cost.

 

AT techniques

These are security measures embedded within electronic systems to deter, prevent, or delay attempts to tamper with them. Here’s how the Air Force plans to achieve this:

  • Secure Processing: Creating secure environments for processing sensitive data within various electronic components, including single-board computers and microelectronics. This can involve establishing physical barriers or implementing software-based security protocols. for example nonetchable thin opaque coatings applied to semiconductor wafers.
  • Volume Protection and Sensors: Integrating sensors and other technologies to detect tampering attempts. These safeguards can sound alarms or even disable the system if unauthorized access is detected, or even self-destructing components.
  • Cryptographic Protection: Employing robust encryption algorithms and key management techniques to safeguard sensitive information. This makes it virtually impossible for unauthorized parties to decipher critical data even if they manage to gain access to the system.

A Decade-Long Defense Investment

In August 2022, the Air Force Life Cycle Management Center’s Anti-Tamper Executive Agent Program Office (ATEA PO) at Wright-Patterson Air Force Base, Ohio, issued a draft request for proposal (AT2022DraftRFP) for a groundbreaking initiative. This program, dubbed the Anti-Tamper Executive Agent Program Office Multiple Award Indefinite Delivery/Indefinite Quantity Contract (MAC ID/IQ) project, is poised to span a decade and could potentially be worth half a billion dollars.

 

The program aims to support new and ongoing research and development efforts to create and refine anti-tamper (AT) technologies. These technologies are crucial for safeguarding Department of Defense (DoD) critical program information (CPI) and critical technologies from reverse engineering (RE). Given the rapid pace of advancements in electrical, electronic, digital, optical, and materials fields, AT techniques must continually evolve to remain effective.

Technology and Product Development Areas

The following sections outline the scope and requirements for the Anti-Tamper (AT) Multiple Award Indefinite Delivery/Indefinite Quantity (MAC ID/IQ) technology and product development efforts. This guidance aims to ensure comprehensive protection of critical program information (CPI) against reverse engineering (RE) threats.

4.1. Secure Processing

The contractor is tasked with establishing products and technologies that ensure a secure processing environment. These should include, but are not limited to, single-board computers, custom microelectronics, commercial microelectronics, or modified commercial processing devices. The contractor must demonstrate methods to extend security across multiple devices, including physical hardware, intellectual property (IP), and software used to manage security.

Key requirements:

  • Development of secure single-board computers and custom microelectronics.
  • Integration of security features in commercial and modified commercial processing devices.
  • Techniques for maintaining security across interconnected devices and systems.

4.2. Volume Protection and Sensors

The contractor must establish and maintain a secure physical boundary around critical components within products. This includes the detection and prevention of unauthorized access by non-privileged users to critical components or information. Products should provide protection for Line Replaceable Units (LRUs) and Shop Replaceable Units (SRUs).

Key requirements:

  • Implementation of secure physical boundaries for critical components.
  • Development of detection mechanisms to identify and prevent unauthorized access.
  • Protection solutions for LRUs and SRUs.

4.3. Cryptographic Protection

The contractor is responsible for designing and demonstrating the protection of critical information through cryptographic means. This includes, but is not limited to, developing algorithms, cryptographic key generation methods, key storage products, and techniques to reduce the risk of adversaries gaining access to cryptographic keys.

Key requirements:

  • Development and implementation of robust cryptographic algorithms.
  • Secure methods for cryptographic key generation and storage.
  • Techniques to safeguard cryptographic keys from unauthorized access.

Objectives and Capabilities

The results of these AT development efforts will equip engineers, system developers, and platform developers with the tools and techniques necessary to protect CPI. Each AT development effort aims to defend against specific or multiple RE attacks. The defensive measures include, but are not limited to, components, hardware, firmware, software, materials, and data, incorporated into the platform or system to safeguard against open-source or classified attacks. As RE tactics evolve, AT development must also advance in a flexible and extensible manner.

Key Objectives:

  • Provide comprehensive protection against reverse engineering attacks.
  • Develop and integrate defensive measures across various platforms and systems.
  • Ensure flexibility and scalability in AT solutions to adapt to emerging threats.

By adhering to these guidelines, contractors will contribute to the robust protection of U.S. military systems and technologies, ensuring they remain secure against evolving adversarial threats.

 

Scope of Technologies

The AT technologies under consideration encompass a wide array of areas, including:

  • Software Solutions: Developing robust software defenses against tampering and reverse engineering.
  • Hardware Innovations: Creating resilient hardware components designed to withstand tampering attempts.
  • Component Design and Packaging: Enhancing the security of component designs and their packaging to prevent unauthorized access.
  • Materials Development and Application Methods: Innovating new materials and application methods to fortify defense systems.
  • Manufacturing Techniques: Implementing advanced manufacturing processes that incorporate anti-tamper features.
  • Key Management Solutions: Establishing secure methods for managing cryptographic keys and other sensitive information.

 

U.S. Air Force Collaborates with Defense Industry Leaders to Enhance Anti-Tamper Technologies

In a significant move to bolster information security, the U.S. Air Force has enlisted 17 leading defense technology companies to develop and deploy advanced anti-tamper technologies aimed at preventing adversaries from reverse-engineering critical military electronics. This initiative, managed by the Air Force Life Cycle Management Center at Wright-Patterson Air Force Base, Ohio, involves contracts worth a collective $499 million.

Securing Critical Military Electronics

The primary objective of this initiative is to safeguard U.S. military programs from adversarial tamper efforts that could lead to reverse-engineering and compromise of sensitive technologies. These anti-tamper solutions are crucial in protecting microprocessors, sensors, and cryptographic systems from unauthorized access and exploitation.

Companies Awarded Contracts

The companies selected for this vital project include:

  • Battelle Memorial Institute (Columbus, Ohio)
  • Boeing Co. Defense, Space & Security (St. Louis)
  • Charles Stark Draper Laboratory (Cambridge, Mass)
  • Chip Scan Inc. (Rockaway Beach, N.Y.)
  • General Dynamics Corp. Mission Systems (Dedham, Mass.)
  • GE Aerospace (Grand Rapids, Mich.)
  • Honeywell International (Clearwater, Fla.)
  • Idaho Scientific LLC (Boise, Idaho)
  • Kratos Defense (San Diego)
  • L3Harris Technologies (Palm Bay, Fla.)
  • Lockheed Martin Corp. (Orlando, Fla.)
  • Mercury Systems Inc. (Andover, Mass.)
  • Microsemi SOC Corp. (San Jose, Calif.)
  • Northrop Grumman Corp. Mission Systems (Linthicum Heights, Md.)
  • Radiance Technologies Inc. (Huntsville, Ala.)
  • Raytheon Technologies Corp. (McKinney, Texas)
  • Sabre Systems Inc. (Warminster, Pa.)

Objectives and Outcomes

The overarching goal of these efforts is to deter, prevent, delay, or respond to reverse-engineering attempts that could compromise critical program information. By developing integrated anti-tamper technologies, the program aims to:

  • Prevent adversary countermeasure development
  • Avoid unintended technology transfer
  • Mitigate the risks of system alterations due to reverse-engineering

This initiative underscores the Air Force’s commitment to enhancing the security and resilience of its defense systems against sophisticated adversarial threats.

Implementation and Timeline

The selected companies will perform the work across various locations within the continental United States, with the project expected to be completed by February 2030. For more information, interested parties can contact the Air Force Life Cycle Management Center via their official website.

 

Strategic Significance

The proposed MAC ID/IQ contract reflects the Air Force’s strategic approach to defending its critical technologies. By involving a diverse range of technologies and methodologies, the program aims to develop comprehensive solutions that address multiple facets of anti-tamper protection.

Looking Ahead

The Air Force’s commitment to this extensive program underscores its proactive stance in maintaining technological superiority and protecting national security interests. As the draft request for proposal progresses to the next stages, the defense community eagerly anticipates the advancements and innovations that will emerge from this decade-long endeavor.

Conclusion

By harnessing the expertise of leading defense technology companies, the U.S. Air Force is taking proactive steps to secure its critical electronic systems from tampering and reverse-engineering efforts. This comprehensive approach not only enhances the protection of sensitive technologies but also ensures that the U.S. military maintains its technological edge in an increasingly contested environment.

 

References and Resources also include:

https://www.militaryaerospace.com/trusted-computing/article/14073303/antitamper-trusted-computing-enabling-technologies

https://www.dau.edu/library/arj/ARJ/arq99/huber.pdf

About Rajesh Uppal

Check Also

Vulnerability Management: A Guide for Organizations

Imagine your organization as a digital fortress. No matter how strong the walls, even the …

error: Content is protected !!