Fake chips

[mawyatt]

Check out the Saelig newsletter about fake chips.

newsletter@saelig.com

Fake chips are a serious concern for military and other critical systems, so DARPA created a program ~8 years to help identify a legit chip. The idea was to have a tiny,  ~ $0.01 RFID tag chip embedded in the package. This tiny chip was powered from the RF signal from the reader and had a unique encrypted code for the specific chip which was returned when read with the proper encrypted code.

Best

[ataradov]

But if anyone can read the RFID chip, they can just clone it. I don't understand how that would work. You can try to track and record every code to see if there is a duplicate, but that sounds logistically hard.

With active request-response system it might be more viable, but it would not be $0.01. Military may not care, of course.

Also, what do you do with fake resistors and capacitors? Transistors?

[David Hess]

But if anyone can read the RFID chip, they can just clone it.

Not if they set the do not clone bit.  It was standardized by the same minds that came up with the evil bit for packet filtering.

https://datatracker.ietf.org/doc/html/rfc3514

[mawyatt]

But if anyone can read the RFID chip, they can just clone it. I don't understand how that would work. You can try to track and record every code to see if there is a duplicate, but that sounds logistically hard.

With active request-response system it might be more viable, but it would not be $0.01. Military may not care, of course.

Also, what do you do with fake resistors and capacitors? Transistors?

My understanding was the chip only responds after it received a proper encrypted code which is embedded in the RF signal that enables the chips and also powers it. The response was encrypted so that only the  proper received signal by the transmitting source could verify the chip's identity.

Keep in mind that even 10 years ago you could cram an entire 486 chip under a bond pad (100um sq) of a modern SOTA process. I remember the DARPA chips were less than 100um square, but still plenty of transistors available. Since they are wireless they have no pads and can be tested wirelessly, so the $0.01 per chip seems within reach on a large wafer.

Folks were more concerned about complex chips, not single transistors, R & Cs.

This is all related to the Trusted Foundry formed a couple decades ago, specifically created to guarantee the pedigree of certain special chips intended for critical applications. However there is an increasing reliance on standard commercial chips in critical applications, and having a means for identifying potential counterfeit chips which may have "backdoors" is highly beneficial to both the military and certain non-military uses.

Best,

[ataradov]

There is no way to make RFID work without pads. You need to attach the antenna, which also complicates overall packaging.  $0.01 per die is reasonable, but more complicated packaging would not be cheap.

You can investigate making the antenna out of bonding wire, but it is not a straightforward process either.

And I really don't see how this would work in practice. What if I get legitimate RFID ICs and package them with fake real die? If the supply of the RFID ICs is somehow tightly controlled, then why not apply the same control to the actual chips?

[mawyatt]

There is no way to make RFID work without pads. You need to attach the antenna, which also complicates overall packaging.  $0.01 per die is reasonable, but more complicated packaging would not be cheap.

You can investigate making the antenna out of bonding wire, but it is not a straightforward process either.

And I really don't see how this would work in practice. What if I get legitimate RFID ICs and package them with fake real die? If the supply of the RFID ICs is somehow tightly controlled, then why not apply the same control to the actual chips?

Sorry you are wrong. There are clever methods available (obviously not going to discuss) to make the antenna an integral part of the IC and no need for any pads. The frequency is high to achieve acceptable energy coupling, which is a few microwatts.

How would you get legit specific RFIC die? And how would you use them since they are encrypted for the specific IC they protect. If these were stolen from the fab, then there would be a record and preventive measures enforced.

See Trusted Foundry.

Try to reverse engineer a modern SOTA chip, say just 14nm feature size that wasn't even designed to be "protected"....good luck with that!!

In many applications where secure communications are necessary, the encryption mechanisms must remain protected even if the hardware falls into adversaries hands (think of a handheld military radio for example). We designed chips in larger feature sizes than 14nm, that were almost impossible to reverse engineer, and they would destroy themselves by permanently erasing all the critical encryption mechanizms if attempted tampering was detected. 

This brings up the point why DARPA was involved and why such effort and $ were put into this. Even with the resources available here in the US, reverse engineering a modern SOTA chip is almost impossible, which brings up the issue IF a chip was in fact a counterfeit, how would you be able to detect this?? Doing detailed optical mapping of the die in comparison with a known good reference die is one method where slight variations in the first few layers could help identify a counterfeit chip. Obviously this is a slow and expensive approach, and requires access to the bare die, a clever adversary could make the first few layers identical to the target die and place the devious sections deeper into the die. Recall that an older large die in 14nm has over 30km, yes Kilometers of interconnect, and over 13 interconnect layers, in todays 5 and 7nm processes, even more layers and interconnect lengths, so "hiding" something in that maze is plausible!! Which now begs the question, how would an adversary design such a counterfeit chip (access to the orginial design files??), and where would this die be fabricated?? These are all related to the previous mention Trusted Foundry where a secure foundry source is guaranteed, another difficult issue!!

Anyway, the DARPA approach seems like a reasonable and cost effective method considering the alternatives, but certainly not completely foolproof!!

Best,

[mawyatt]

Here's a few links in the public domain that are applicable.

https://en.wikipedia.org/wiki/Trusted_Foundry_Program

https://www.ndia.org/-/media/sites/ndia/meetings-and-events/divisions/systems-engineering/past-events/division-meetings/2016-december/ndia-se-tfp-outreach-201612072.ashx

https://www.darpa.mil/about-us/darpa-approach-to-trusted-microelectronics

https://www.darpa.mil/program/supply-chain-hardware-integrity-for-electronics-defense

https://www.darpa.mil/news-events/2015-04-13

https://www.darpa.mil/news-events/2021-03-18

https://www.darpa.mil/attachments/DisaggregatetheCircuit_Summary.pdf

Best,

[ataradov]

Sorry you are wrong. There are clever methods available (obviously not going to discuss) to make the antenna an integral part of the IC and no need for any pads. The frequency is high to achieve acceptable energy coupling, which is a few microwatts.

Do you have any examples of commercial uses for this technology? If it is just military, then there is nothing to discuss here, since it is hard to tell how well it works in practice.

I've read through some of the slides, and I guess I assumed they were solving a slightly different issue. They want to prevent just a straight forward chip replacement on a way from the fab to the final location.

And yes, the process involves getting each device into a database. This may not be so viable for mass produced stuff, but military would not care, of course.

I was thinking more of attacks like we intercept the batch of chips on their way from the fab to the board assembly site. Dissolve the package, extract the secure IC. Place the secure IC into a fake chip. This is obviously not trivial, but possible for a targeted attack. This is why they have those intentionally fragile meshes on top of the chip. I don't know how well they will survive epoxy etching and consequent handling.

But there may be better ways to extract those tiny chips without dissolving, keeping some of the original epoxy around. Depending on how well interrogating RF signal penetrates, you may not even need to go a good job hiding your work, if it is ok to place the RFID chip near the bottom of the package.

Also, their love for contrived acronyms is annoying.

Anyway, the DARPA approach seems like a reasonable and cost effective method considering the alternatives, but certainly not completely foolproof!!

It is probably fine for the military, but does absolutely nothing for commercial users. Where do we get those microwave readers? And as soon they are widely available, readers themselves and computer systems they are attached to will be a vector of attack. Why bother replacing the chips when I can just install the malware and let your system always accept any junk you give to it?

[mawyatt]

Do you have any examples of commercial uses for this technology? If it is just military, then there is nothing to discuss here, since it is hard to tell how well it works in practice.

Sure, there was a Directive by the pervious US president that pointed directly to the Power Grid system in the US and the use of foreign equipment and components. Many of the critical microprocessor and controller chips utilized today were identified as possible means for adversalials (edit spelling)to gain control access to the power grid a weak havoc!! If they have a "back door" all the easier!!

Remember the East Coast Power Grid failure awhile back, you can bet this was studied by friend and foe alike and the many vulnerabilities exposed. How do I know about this? Well this was predicted (failure of the Eastern Grid due to a simple equipment malfunction either intentional or accident) way back in the mid 70s when I designed protection & control equipment for the power industry (patents 4310771, 4218625, 4256972). At that time we did not want remote access to our equipment for these very reasons.

Over 10 years ago I was consulted, again 3 years ago and followed up last year on this subject of power grid & controlling equipment vulnerability, even before the Directive was issued, then after the Directive.

https://www.govinfo.gov/content/pkg/FR-2020-05-04/pdf/2020-09695.pdf
https://www.energy.gov/oe/articles/securing-united-states-bulk-power-system-executive-order

Another obvious target is the internet and servers, think of what could be done with backdoor access to all the critical servers. How about the airport terminal equipment, or the equipment on the airplanes, or the water supply control equipment. The list goes on and on, so thinking this is just about military use seems a little  uninformed!! 

This may not be so viable for mass produced stuff, but military would not care, of course.

See above, it's absolutely necessary for the many reasons mentioned and will soon be a requirement for suppliers and users of critical components and equipment. I'm sure there will be different levels of pedigree verification depending on use.

I was thinking more of attacks like we intercept the batch of chips on their way from the fab to the board assembly site. Dissolve the package, extract the secure IC. Place the secure IC into a fake chip. This is obviously not trivial, but possible for a targeted attack. This is why they have those intentionally fragile meshes on top of the chip. I don't know how well they will survive epoxy etching and consequent handling.

But there may be better ways to extract those tiny chips without dissolving, keeping some of the original epoxy around. Depending on how well interrogating RF signal penetrates, you may not even need to go a good job hiding your work, if it is ok to place the RFID chip near the bottom of the package.

If a critical batch of chips were "lost" I'm sure this would alert the proper folks to have a close lookout for these specific chips, and prevent their possible use. Agree, it's likely some scenario will be able to find a way around this. One preventive measure already in place is the Trusted Foundry accreditation does not allow any foreign nationals access to the design files, fabrication processes, packaging and shipping. Critical fab members, designers and managers are security cleared, and all documents and files are secured with strict approved security procedures & equipment, not the usual commercial practices.

Anyway, the DARPA approach seems like a reasonable and cost effective method considering the alternatives, but certainly not completely foolproof!!

It is probably fine for the military, but does absolutely nothing for commercial users.

The DARPA approach certainly does address the commercial use, that's why the $0.01 target chip price!! Sure it's not going to be used on a resistor, or capacitor, or transistor, but where it needs to be used, on the controllers and microprocessors that are utilized in critical systems, both commercial and military. 

Where do we get those microwave readers? And as soon they are widely available, readers themselves and computer systems they are attached to will be a vector of attack. Why bother replacing the chips when I can just install the malware and let your system always accept any junk you give to it?

Well that goes for any system that's connected to the internet, why bother connecting to the net with anything including your phone or computer?? Designing and producing the reader are straight forward and easily verified utilizing the same means as most highly classified systems are designed and produced, no different and many companies already in place. The reader use would require following some straight forward procedures for sensitive & classified equipment, already in place with strict limits on users and locked away when not in use. 

I think if you follow the above then the DARPA approach is a reasonable approach for military and commercial use.

Do you have a better solution??? Please elaborate!!

Best,

[thinkfat]

Any approach that is sufficiently expensive to fake should be successful.

[mawyatt]

Any approach that is sufficiently expensive to fake should be successful.

Depends on what level sufficiently expensive is, if it's 100's of millions for the chip design, then possible, but you'll need access to the proper fabs and where are you going to get the chip designers, most I know don't want any part of counterfeiting, but again could be "brought". Just reverse engineering the chip will prove extremely difficult, then you must duplicate the RFID tag, which will be very involved and very difficult to reverse engineer and crack the encryption codes.

So the likelihood of some anti-US or terrorist group being successful is nil, and even the likelihood of an adversarial (edit spelling) country being successful is not much better. They will need to employ "other" means like infiltration, blackmail, hostages and so on, breaking the technology will prove much too difficult and expensive IMO.

BTW to the best of knowledge no one, group or country has been successful at reverse engineering any of the encryption chips I'm aware of, and I'm sure many have tried and are still trying.

Best,