Last year the Pentagon's Defense Advanced Research Projects Agency (DARPA) requested proposals for a 100x100 micron chip (a "dielet") that could be attached to or packaged with an IC to combat counterfeiting. The campaign is known as Supply Chain Hardware Integrity of Electronics Defense, or SHIELD (see "DoD’s Anti-Counterfeiting Battle Plan; DARPA Seeks a Tech Solution"). SHIELD would equip an IC with a permanent, unique, and unclonable identifier that would be nearly impossible to alter or copy.
Earlier this year DARPA awarded three contracts to technology suppliers as part of its SHIELD anti-counterfeiting program. Northrop Grumman Systems received a $12.3 million (m) contract, SRI International a $6.8m contract and the Charles Stark Draper Laboratory of MIT was the recipient of a $4.1m contract, all to help develop the tiny components that could be used to identify counterfeit or otherwise illicit electronic parts.
As one might expect, DARPA is being close-mouthed about details of the awards, but we do know and can surmise a few things:
- The contractors are expected to complete their projects by the middle of 2016;
- Consuming less than 50uW the dielet will get its operating power from energy harvesting sources rather than a traditional battery
- As such, the dielets are likely to be RF powered and will communicate with the outside world through their RF antennas.
- Dielets are expected to contain up to 100,000 transistors and include features such as on-board encryption and passive sensors for tamper-detection, recording malicious events which can later be read out during an authentication protocol.
- SHIELD is expected to offer strong security by supporting a 256-bit cryptographic protocol.
- Sensitive material such as the keys and unique identifiers probably will be stored within SHIELD in a way that is prohibitively expensive to reverse engineer.
- SHIELD will be resilient to non-invasive attacks and may even self-destruct upon invasive attack.
- Dielets would sense exposure to light that might occur if hardware is opened up and tampered with.
- The dielet will be inserted into the electronic component’s package at the manufacturing site or affixed to existing trusted components, without any alteration of the host component’s design or reliability.
- Authenticity testing is expected to be done anywhere with a handheld probe (or an automated RFID device to scan large shipments). As in the case of other RFID apps probes will need to be close to the dielet for scanning. After a scan, the scanning device (which could even be a smartphone) would upload a serial number to a secure server. The server would send an unencrypted challenge to the dielet, which would then send back an encrypted answer and data from its passive sensors.
- Target cost for each dielet is expected to be a fraction of a cent.
DARPA has released photos to give us an idea of the size of its anti-counterfeit electronics chip. On the left above, you’ll see a tiny dielet placed on the tip of Abraham Lincoln’s nose on a U.S. penny. To the right, there are three similar dielets sitting comfortably in the eye of a needle.
In a published release DARPA Program Manager Kerry Bernstein said: "We are on track to build the world’s smallest highly integrated computer chip. If we succeed, then an untrained operator at any place along the supply chain will be able to interrogate the authenticity of any component used by the Defense Department or in the commercial sector, and get high-confidence results back immediately, on site, securely and essentially for free".
In a related development, in an attempt to clarify contractor requirements for counterfeit electronic part detection and avoidance, on Sept. 21 the Department of Defense (DoD) issued a proposed revision of its regulations. The rule would amend DFARS 246.870, Contractors’ Counterfeit Electronic Part Detection and Avoidance Systems, creating a new DFARS clause that would apply to acquisitions of: (1) electronic parts; (2) end items, components, parts, or assemblies containing electronic parts; or (3) services-- if the contractor will supply electronic parts or components, parts, or assemblies containing electronic parts as part of the service.
The proposal includes new proposed definitions of "authorized dealer" and "trusted supplier." It clarifies that an "authorized dealer" is not the same thing as an "authorized reseller." While an authorized reseller can obtain parts from an authorized dealer, an aftermarket manufacturer or an independent distributor, an "authorized dealer" has a contractual arrangement with the original manufacturer to buy, stock, repackage, sell and distribute its product lines..
A "trusted supplier" includes not only the original manufacturer, an authorized dealer for the part or a supplier that obtains the part exclusively from the original component manufacturer, but also a supplier that a contractor or subcontractor has identified as a trustworthy supplier, using DoD-adopted counterfeit prevention industry standards and processes, including testing.
Contractors and subcontractors that are not the original manufacturer are required to have a risk-based system to trace electronic parts from the original manufacturer to product acceptance by the government. The proposed rule provides guidance on how contractors may accomplish this requirement. If such traceability is not feasible for a particular part, the contractor must have a system in place that provides for the consideration of an alternative part or for the use of tests and inspections to avoid counterfeit electronic parts. If the contractor is unable to obtain an electronic part from a trusted supplier, the contractor must notify the contracting officer. The contractor is then responsible for the inspection, testing and authentication (in accordance with existing applicable industry standards) of the electronic part obtained from a source that is not a trusted supplier
Finally, the rule proposes to delete the term "embedded software or firmware" from the definition of "electronic part." According to the DoD: "although electronic parts may include embedded software or firmware, the requirements of this rule are more applicable to hardware. Further industry standards are still under development to address testing of embedded software or firmware in electronic parts."
Any comments on the proposed rule must be submitted by Nov. 20, 2015.