Few things can mess up a highly technical system and threaten lives like a counterfeit electronic component, yet the use of such bogus gear is said to be widespread.
A new Defense Advanced Research Projects Agency (DARPA) program will target these phony products and develop a tool to “verify, without disrupting or harming the system, the trustworthiness of a protected electronic component.”
DARPA said in March it will detail a program called Supply Chain Hardware Integrity for Electronics Defense (SHIELD) that will develop a small (100 micron x 100 micron) component, or dielet, that authenticates the provenance of electronics components. Proposed dielets should contain a full encryption engine, sensors to detect tampering and would readily affix to today’s electronic components such as microchips, the agency said.
DARPA said it eversions this dielet will be inserted into the electronic component’s package at the manufacturing site or affixed to existing trusted components, without any alteration of the host component’s design or reliability. There is no electrical connection between the dielet and the host component. Authenticity testing could be done anywhere with a handheld probe or with an automated one for larger volumes. Probes need to be close to the dielet for scanning. After a scan, an inexpensive appliance (perhaps a smartphone) uploads a serial number to a central, industry-owned server. The server sends an unencrypted challenge to the dielet, which sends back an encrypted answer and data from passive sensors-like light exposure-that could indicate tampering, DARP said.
“SHIELD demands a tool that costs less than a penny per unit, yet makes counterfeiting too expensive and technically difficult to do,” said Kerry Bernstein, DARPA program manager. “The dielet will be designed to be robust in operation, yet fragile in the face of tampering. What SHIELD is seeking is a very advanced piece of hardware that will offer an on-demand authentication method never before available to the supply chain.”
The idea behind SHIELD will be to develop what DARPA calls a “hardware root‐of‐trust” comprising full onboard encryption, intrusion sensors, wireless communication and power, and hardened cipher key storage.
Technical areas DARPA says the program will look to develop include a new on‐chip hardware‐root‐of‐ trust secret key containers, passive sensors that detect potential compromises, ID chip self‐ destruct mechanisms to counter attempted reverse engineering, new manufacturing process technologies to fabricate, personalize, and place these devices, the integration and design of the small ID chips comprising these features.
+More on Network World: How to protect Earth from asteroid destruction+
In the end, DARPA says a system that can successfully protect key core systems would be:
– Extremely low cost, with minimal impact to the component manufacturer, distributor, or end‐ user, as well as to the host component itself;
– Effective at mitigating most supply chain security threats;
– Be simple, very fast, and executable by untrained operators;
– Trustworthy, reliable, and prohibitively difficult to spoof;
– Executable at any place and at any time along the supply chain, providing instant results on‐site;
– Performed using a minimum of specialized, inexpensive interrogation equipment;
– Standardized and widely adoptable by government and industry;