Outsourcing of integrated circuit (IC) and printed circuit board (PCB) design, fabrication, packaging, and testing have dramatically reduced the time and cost of product development. In doing so, this has enabled the widespread availability of microelectronics, which has indeed transformed modern life. However, unintended consequences include malicious design alteration (i.e., hardware Trojan insertion) and
the rise of the counterfeit electronics industry.
Time to market demand has forced integrated circuit design, manufacturing and testing to be done at different places across globe. This approach has led to numerous security concerns like overbuilding of chips from foundries, IP protection, counterfeiting and hardware Trojans. A counterfeit part is manufactured by the OEM and presented as new, but the performance and reliability of the part is questionable. Components may be recycled or remarked, they may have not passed OEM tests, they may be unlicensed or over manufactured. A cloned part is not manufactured by the OEM but may be designed to mimic the performance of the authentic part. Copies may be manufactured in foreign plant, or new design of reverse-engineered components using stolen IP, potentially with altered function to appear the same.
A 2012 Senate Armed Services Committee report on counterfeit electronic parts in the DoD supply chain found counterfeit parts to be a widespread problem in the defense supply chain. Faulty or fake components present a critical risk in military systems, electronics systems and sensors, where a malfunction of a single part could endanger missions and lives. The “supply chain” is how the Pentagon refers to its global network of suppliers that provide key components for weapons and other military systems.
Between semiconductor design, manufacturing and packaging, PCB production, and distribution a single chip can pass through more than 14 different locations. Post initial use, ICs are often shipped to a developing country, stripped from their boards, refurbished and remarked, and repackaged and sold again. During this process uncontrolled heating or mishandling can lead to immediate failure or latent electrostatic discharge failures. Because of these factors, its nearly impossible to know whether a particular IC is genuine or up to performance standards.
However, the increasingly complex nature of the global supply chain means that even primary government contractors have difficulty keeping track of subcontractors they rely on for many products. No one knows just how many recycled or counterfeit parts the government uses. “Right now, it is really difficult to tell the difference between recycled parts and new parts,” said Serge Leef, program manager of DARPA’s Supply Chain Hardware Integrity for Electronics Defense program. “They just end up back in our supply chain and get purchased without people really knowing.”
Apart from Counterfeit electronic components there is also risk of Hardware Trojans (HT), which are malicious circuit inclusions into the design from an adversary with an intention to damage the functionality of the chip at a much later date or leaking confidential information like keys used in cryptography. The hardware Trojans are designed in such a way that they are triggered only after the occurrence of rare event in the design or by a very rare inputs.
With all of these issues it is hard to tell whether a part is genuine. Visual inspection is time consuming and not always fully accurate. Each part must be carefully and manually inspected, but Trojan hardware attacks can easily escape close visual inspection. Instead of adding additional circuitry to the target design, hardware Trojans are made by changing the polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), it is resistant to most detection techniques, including fine-grain optical inspection and checking against original design specifications.
The Defense Advanced Research Projects Agency (DARPA) launched SHIELD whose goal was to eliminate counterfeit integrated circuits from the electronics supply chain by making counterfeiting too complex and time-consuming to be cost effective. It aimed to stop counterfeit electronic parts from entering the supply chain by implementing an authentication solution consisting of a miniaturized chip called a dielet, developed by Northrop Grumman, and software to validate the authenticity of electronic parts, being developed by RFID Global Solution. DARPA has begun development of tiny semiconductor chiplets known as “dielets,” which will enable the companies that install those microchips in circuit boards and other components to check whether the integrated circuits have been altered or substituted with fakes. DARPA’s SHIELD program
Parts and components are first “enrolled” in a database — the earlier in the production lifecycle the better — and given a unique ID number that can later be queried through a radio frequency wand. The wand can also ping the dielets, which contain a number of passive sensors, for a range of information. When activated by radio frequency, dielets share data on temperature changes, light exposure and other signs that a device has been opened or had parts removed, whether through brute force or more delicate manipulation of circuit boards.
SHIELD is now in the final phase of development, being road-tested by partners in the electronics supply chain. The US Defense Advanced Research Projects Agency (DARPA) has started working with IBM to integrate its SHIELD electronics anti-counterfeit system with the tech giant’s blockchain platform. “With this integration, IBM and DARPA are leveraging the open source Hyperledger platform with SHIELD to provide enhanced trust for smart contracts,” said DARPA in a tweet to announce the collaboration.
DUST Identity, a startup founded in 2018 by former MIT Media Lab researcher Ophir Gaathon, aims to accomplish the same kind of authentication for IT hardware using a different material: diamonds.
IDST Monthly Access Membership Required
You must be a IDST Monthly Access member to access this content.