recommended reading

DARPA Chip Aims to Secure Electronics Throughout the Supply Chain

Zadorozhnyi Viktor/Shutterstock.com

The Pentagon is experimenting with computer chips inside parts for defense systems and other electronics, such as iPhones, that would identify compromised or counterfeit components.

The ID chips would self-destruct if outsiders replicate, or "reverse engineer," the chips to try to outsmart them.

The four-year effort is expected to involve multiple developers tapped by the military's testing arm, the Defense Advanced Research Projects Agency. 

The Supply Chain Hardware Integrity for Electronics Defense, or SHIELD, technology is meant to solve the long-standing problem of forgery in the chain of custody. Contractors are subject to a growing number of rules to counter the threat of faulty parts. But Pentagon officials and vendors admit efforts have been slow going.

Contractors have said they will be unable to immediately comply with the latest regulation, which takes effect as early as this month, and requires suppliers to either develop a new system for detecting counterfeit parts or not get paid. The criteria for what this system must do lack specifics, companies say. The congressionally-mandated deadline for the Defense Department to finalize the edict was two years ago. Defense spokesman Mark Wright in August said, "Capitol Hill is aware of the status of DoD efforts to implement" the law and aware of "the fact that this is a multi-pronged effort" involving several other pending rules related to unauthorized equipment in the supply chain.

The DARPA project seems to differ from the business process rule, by placing greater responsibility for synthetic parts on the original manufacturer.  

A call for proposals released on Monday provides the example of a smartphone to conjure images of how the "physically-fragile but electrically-robust" tool should work. Inside the chip would be a code, akin to a secret message. A digital key for unlocking the code would be stored in a computer server owned by the manufacturer of the authentic part. If the chip in the part and the key in the server aren't, in essence, speaking the same language, the part is likely suspect.

The server issues "a random challenge 'question' which is downloaded through [an external probing device] to the SHIELD," the notice explains. In the chip, an "encryption engine" codes the question using an internal, secure cryptographic key and sends the encrypted "answer" back up to the server. Then, the server unencrypts the answer using its cryptographic key, and compares it to the original challenge for confirmation.

Also, the ideal chip "self-destructs upon any attempts to physically open, remove, or transfer it from its host component using standard reverse-engineering de-processing techniques," officials said. 

In addition, to the question-answer mechanism, a passive sensor in the chip would provide assurances that the SHIELD’s hardware hasn't been toyed with. 

"As part of the encrypted reply, the server also receives the status of the passive sensors to verify the integrity of the SHIELD,” DARPA officials said. There are several kinds of sensing devices that developers might try. X-rays, for instance, or light could verify a part -- which would be sensitive to various wavelengths -- that has not been opened or removed. 

"Threats from counterfeit parts of unknown provenance may be associated with: their questionable quality control, unknown age/wear-out; uncertain version vintage; and/or uncertainty about whether the parts meet specifications and are free from adulteration," DARPA officials said. "A failure in any one of these components can put warfighter lives as well as missions at risk. 

Faulty authentic parts and fake electronic components are widespread, according to federal officials. A Senate Armed Services Committee two-year investigation uncovered 1 million suspect electronic parts in the Pentagon supply chain. The pieces were found in mission computers for a Terminal High Altitude Area Defense missile, military aircraft and other key systems. The compromises were traced to China more than 70 percent of the time. 

The National Institute of Standards and Technology last month issued a voluntary framework of broad cyber guidelines for key industries that likely will become mandatory for contractors under federal acquisition regulations. Later on Monday, Alan Chvotkin, counsel at the Professional Services Council, said, "with the release of the NIST framework I am anticipating a FAR rule soon" on the anti-counterfeit measures.

In order for companies to embrace the smart chip concept, the equipment must come cheap. "To be used ubiquitously and adopted by industry as well as government," the encoding technology, decoding technology and the chip itself need "to be extremely inexpensive to acquire, implement, and execute," DARPA officials said.  

(Image via Zadorozhnyi Viktor/Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.