recommended reading

DARPA Chip Aims to Secure Electronics Throughout the Supply Chain

Zadorozhnyi Viktor/Shutterstock.com

The Pentagon is experimenting with computer chips inside parts for defense systems and other electronics, such as iPhones, that would identify compromised or counterfeit components.

The ID chips would self-destruct if outsiders replicate, or "reverse engineer," the chips to try to outsmart them.

The four-year effort is expected to involve multiple developers tapped by the military's testing arm, the Defense Advanced Research Projects Agency. 

The Supply Chain Hardware Integrity for Electronics Defense, or SHIELD, technology is meant to solve the long-standing problem of forgery in the chain of custody. Contractors are subject to a growing number of rules to counter the threat of faulty parts. But Pentagon officials and vendors admit efforts have been slow going.

Contractors have said they will be unable to immediately comply with the latest regulation, which takes effect as early as this month, and requires suppliers to either develop a new system for detecting counterfeit parts or not get paid. The criteria for what this system must do lack specifics, companies say. The congressionally-mandated deadline for the Defense Department to finalize the edict was two years ago. Defense spokesman Mark Wright in August said, "Capitol Hill is aware of the status of DoD efforts to implement" the law and aware of "the fact that this is a multi-pronged effort" involving several other pending rules related to unauthorized equipment in the supply chain.

The DARPA project seems to differ from the business process rule, by placing greater responsibility for synthetic parts on the original manufacturer.  

A call for proposals released on Monday provides the example of a smartphone to conjure images of how the "physically-fragile but electrically-robust" tool should work. Inside the chip would be a code, akin to a secret message. A digital key for unlocking the code would be stored in a computer server owned by the manufacturer of the authentic part. If the chip in the part and the key in the server aren't, in essence, speaking the same language, the part is likely suspect.

The server issues "a random challenge 'question' which is downloaded through [an external probing device] to the SHIELD," the notice explains. In the chip, an "encryption engine" codes the question using an internal, secure cryptographic key and sends the encrypted "answer" back up to the server. Then, the server unencrypts the answer using its cryptographic key, and compares it to the original challenge for confirmation.

Also, the ideal chip "self-destructs upon any attempts to physically open, remove, or transfer it from its host component using standard reverse-engineering de-processing techniques," officials said. 

In addition, to the question-answer mechanism, a passive sensor in the chip would provide assurances that the SHIELD’s hardware hasn't been toyed with. 

"As part of the encrypted reply, the server also receives the status of the passive sensors to verify the integrity of the SHIELD,” DARPA officials said. There are several kinds of sensing devices that developers might try. X-rays, for instance, or light could verify a part -- which would be sensitive to various wavelengths -- that has not been opened or removed. 

"Threats from counterfeit parts of unknown provenance may be associated with: their questionable quality control, unknown age/wear-out; uncertain version vintage; and/or uncertainty about whether the parts meet specifications and are free from adulteration," DARPA officials said. "A failure in any one of these components can put warfighter lives as well as missions at risk. 

Faulty authentic parts and fake electronic components are widespread, according to federal officials. A Senate Armed Services Committee two-year investigation uncovered 1 million suspect electronic parts in the Pentagon supply chain. The pieces were found in mission computers for a Terminal High Altitude Area Defense missile, military aircraft and other key systems. The compromises were traced to China more than 70 percent of the time. 

The National Institute of Standards and Technology last month issued a voluntary framework of broad cyber guidelines for key industries that likely will become mandatory for contractors under federal acquisition regulations. Later on Monday, Alan Chvotkin, counsel at the Professional Services Council, said, "with the release of the NIST framework I am anticipating a FAR rule soon" on the anti-counterfeit measures.

In order for companies to embrace the smart chip concept, the equipment must come cheap. "To be used ubiquitously and adopted by industry as well as government," the encoding technology, decoding technology and the chip itself need "to be extremely inexpensive to acquire, implement, and execute," DARPA officials said.  

(Image via Zadorozhnyi Viktor/Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    View
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    View
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    View
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    View
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    View
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    View

When you download a report, your information may be shared with the underwriters of that document.