|
|
 |
home > February 2008 issue > article
Building trust into integrated circuits
By Brian Robinson
Special to Defense Systems
DARPA aims to reduce the risk of malicious code being inserted into chips
The Defense Advanced Research Projects Agency is looking
to develop a system for assessing the extent to which program managers
can trust the source of the integrated circuit chips they are buying
for use in everything from communications systems to weapons.
DARPA recently awarded contracts to three vendors to work
on the first phase of the Trust in Integrated Circuits program.
The program is intended to address concerns that chips with malicious
code could end up in defense electronics, causing them to stop
functioning or perhaps perform unintended operations. The problem
is that many integrated circuits are manufactured overseas, and
defense program managers have no way to know whether a given
manufacturer is reliable.
The goal of the program is to develop measurement techniques
that will allow the military to quantify the level of trust that can be
applied to any IC, something that has never been done either for the
design or fabrication of ICs.
“You can do very interesting things with an extra 1,000 transistors,
which would probably not be noticeable in modern chips
that have a total of a billion transistors or more,” said Dean
Collins, deputy director of DARPA’s Microsystems Technology
Office.
Current industry IC design and manufacturing protocols only
call for a chip to be examined to make sure it can do what it is
designed to do, he said. As long as its intended functions are not
interfered with, those extra transistors — which would become active
only at a specific time or when a certain event happens — would not
be detected.
“The problem then is trying to find if the IC can do anything else
that it isn’t designed to do, and the tools for that are generally not yet available,” Collins said.
The U.S. military already has one way to obtain the chips it needs,
through the Trusted Foundry program it began in 2004 based on a
contract the Defense Department already had with IBM. The
National Security Agency was later assigned to manage that program
and expand the number of accredited chip suppliers.
But the newer DARPA program goes beyond this
and attempts to involve nonaccredited chipmakers. The
intent is not to replace the Trusted Foundry program,
DARPA executives said, but to address trust issues for products
manufactured in nontrusted foundries or commercial products.
The need for these new tools comes as the U.S. military’s influence
over IC design and manufacturing has waned. In the 1960s
and 1970s, it was the biggest single customer of the U.S. chip industry,
but its needs now provide less than 1 percent of the U.S. chip
market’s demand.
Along with that has come a dramatic decline in chip manufacture
in the United States. Now, Taiwan and China are reckoned to
account for as much as 70 percent of global semiconductor manufacturing
capacity, with much of the rest situated in places such as
Europe, Singapore and Japan.
Most U.S. chip companies are now mainly design houses that
send their designs overseas to be manufactured in foreign
foundries.
Because DOD depends so strongly on global commercial
sources for the majority of its IC purchases, and many of them are
likely to continue to come from those foreign sources, the military
cannot rely on the Trusted Foundry program alone to provide its
chip needs, said Brian Cohen, assistant director of the information
technology and systems division at the Institute for Defense
Analyses.
Cohen has been working with DOD since 2002 to address the
military’s concerns about the decline in domestic sources of critical
ICs.
“While the criteria for a domestic supplier to become trusted...[are]
reasonably achievable and affordable, large foreign-based commercial
firms will not be able to readily clear their facilities and personnel,” he told a subcommittee of the House Armed Services
Committee last year.
In the long term, he said, that means DOD has to come to terms
with key research challenges focused on how to trust ICs from foreign
suppliers, domestic suppliers that face potential foreign influence
or exposure to insider threats or criminal acts, and suppliers
who are unable or unwilling to become accredited.
Malicious circuits can be inserted in various ways, Collins said.
The software that U.S. companies use to design ICs can contain software
modules that are developed by companies in other countries,
for example. But as long as they provide what’s needed for the IC’s
functionality, no one checks for other features they might contain.
Also, ICs called field programmable gate arrays are increasingly
being used in military systems for greater flexibility. They can be
reprogrammed in the field instead of being hard-coded. Besides
being vulnerable to the design software problems of other ICs, the
way they are designed requires much greater use of vendor-specific,
proprietary tools that call for different verification methods — which
brings up all kinds of issues.
The need is for tools that can quickly tell if a chip can be trusted,
Collins said. There are companies that can now go into a chip, take
it apart and tell you very specifically what is in it, he said, but that can
take as long as six months.
“Our program is aimed at developing ways to also do that, but do
it very quickly,” he said.
The eventual goal of the DARPA Trust in ICs program is to provide
government program managers a number that represents a
certain trust level. By establishing a trust level for ICs, the initiative
will provide program managers with another factor to consider,
beyond cost and availability, when making purchasing decisions,
Collins said.
Collins said he believes he can sell chip companies on the importance
of the program because they are always looking for ways to
ensure the quality of their products.
“They do have a big interest in high-reliability systems for use
in such things as automotive applications,” he said. “Since the
techniques we are developing are measurement techniques,
and there’s a linkage in what we are trying to do and the quality
of the product they are trying to sell, then that’s where they
become interested.”
|
|
|
|
![1105 Media [happiness]](/images/ds1_pntmlogo.gif "1105 Media [happiness]"){kind=small}
