Do you have any examples of commercial uses for this technology? If it is just military, then there is nothing to discuss here, since it is hard to tell how well it works in practice.
Sure, there was a Directive by the pervious US president that pointed directly to the Power Grid system in the US and the use of foreign equipment and components. Many of the critical microprocessor and controller chips utilized today were identified as possible means for
adversalials (edit spelling)to gain control access to the power grid a weak havoc!! If they have a "back door" all the easier!!
Remember the East Coast Power Grid failure awhile back, you can bet this was studied by friend and foe alike and the many vulnerabilities exposed. How do I know about this? Well this was predicted (failure of the Eastern Grid due to a simple equipment malfunction either intentional or accident) way back in the mid 70s when I designed protection & control equipment for the power industry (patents 4310771, 4218625, 4256972). At that time we did not want remote access to our equipment for these very reasons.
Over 10 years ago I was consulted, again 3 years ago and followed up last year on this subject of power grid & controlling equipment vulnerability, even before the Directive was issued, then after the Directive.
https://www.govinfo.gov/content/pkg/FR-2020-05-04/pdf/2020-09695.pdfhttps://www.energy.gov/oe/articles/securing-united-states-bulk-power-system-executive-orderAnother obvious target is the internet and servers, think of what could be done with backdoor access to all the critical servers. How about the airport terminal equipment, or the equipment on the airplanes, or the water supply control equipment. The list goes on and on, so thinking this is just about military use seems a little uninformed!!
This may not be so viable for mass produced stuff, but military would not care, of course.
See above, it's absolutely necessary for the many reasons mentioned and will soon be a requirement for suppliers and users of critical components and equipment. I'm sure there will be different levels of pedigree verification depending on use.
I was thinking more of attacks like we intercept the batch of chips on their way from the fab to the board assembly site. Dissolve the package, extract the secure IC. Place the secure IC into a fake chip. This is obviously not trivial, but possible for a targeted attack. This is why they have those intentionally fragile meshes on top of the chip. I don't know how well they will survive epoxy etching and consequent handling.
But there may be better ways to extract those tiny chips without dissolving, keeping some of the original epoxy around. Depending on how well interrogating RF signal penetrates, you may not even need to go a good job hiding your work, if it is ok to place the RFID chip near the bottom of the package.
If a critical batch of chips were "lost" I'm sure this would alert the proper folks to have a close lookout for these specific chips, and prevent their possible use. Agree, it's likely some scenario will be able to find a way around this. One preventive measure already in place is the Trusted Foundry accreditation does not allow any foreign nationals access to the design files, fabrication processes, packaging and shipping. Critical fab members, designers and managers are security cleared, and all documents and files are secured with strict approved security procedures & equipment, not the usual commercial practices.
Anyway, the DARPA approach seems like a reasonable and cost effective method considering the alternatives, but certainly not completely foolproof!!
It is probably fine for the military, but does absolutely nothing for commercial users.
The DARPA approach certainly does address the commercial use, that's why the $0.01 target chip price!! Sure it's not going to be used on a resistor, or capacitor, or transistor, but where it needs to be used, on the controllers and microprocessors that are utilized in critical systems, both commercial and military.
Where do we get those microwave readers? And as soon they are widely available, readers themselves and computer systems they are attached to will be a vector of attack. Why bother replacing the chips when I can just install the malware and let your system always accept any junk you give to it?
Well that goes for any system that's connected to the internet, why bother connecting to the net with anything including your phone or computer?? Designing and producing the reader are straight forward and easily verified utilizing the same means as most highly classified systems are designed and produced, no different and many companies already in place. The reader use would require following some straight forward procedures for sensitive & classified equipment, already in place with strict limits on users and locked away when not in use.
I think if you follow the above then the DARPA approach is a reasonable approach for military and commercial use.
Do you have a better solution??? Please elaborate!!
Best,