The Pentagon is experimenting with computer chips inside parts for defense systems and other electronics, such as iPhones, that would identify compromised or counterfeit components.
The ID chips would self-destruct if outsiders replicate, or "reverse engineer," the chips to try to outsmart them.
The four-year effort is expected to involve multiple developers tapped by the military's testing arm, the Defense Advanced Research Projects Agency.
The Supply Chain Hardware Integrity for Electronics Defense, or SHIELD, technology is meant to solve the long-standing problem of forgery in the chain of custody. Contractors are subject to a growing number of rules to counter the threat of faulty parts. But Pentagon officials and vendors admit efforts have been slow going.
Contractors have said they will be unable to immediately comply with the latest regulation, which takes effect as early as this month, and requires suppliers to either develop a new system for detecting counterfeit parts or not get paid. The criteria for what this system must do lack specifics, companies say. The congressionally-mandated deadline for the Defense Department to finalize the edict was two years ago. Defense spokesman Mark Wright in August said, "Capitol Hill is aware of the status of DoD efforts to implement" the law and aware of "the fact that this is a multi-pronged effort" involving several other pending rules related to unauthorized equipment in the supply chain.
The DARPA project seems to differ from the business process rule, by placing greater responsibility for synthetic parts on the original manufacturer.
A call for proposals released on Monday provides the example of a smartphone to conjure images of how the "physically-fragile but electrically-robust" tool should work. Inside the chip would be a code, akin to a secret message. A digital key for unlocking the code would be stored in a computer server owned by the manufacturer of the authentic part. If the chip in the part and the key in the server aren't, in essence, speaking the same language, the part is likely suspect.
The server issues "a random challenge 'question' which is downloaded through [an external probing device] to the SHIELD," the notice explains. In the chip, an "encryption engine" codes the question using an internal, secure cryptographic key and sends the encrypted "answer" back up to the server. Then, the server unencrypts the answer using its cryptographic key, and compares it to the original challenge for confirmation.
Also, the ideal chip "self-destructs upon any attempts to physically open, remove, or transfer it from its host component using standard reverse-engineering de-processing techniques," officials said.
In addition, to the question-answer mechanism, a passive sensor in the chip would provide assurances that the SHIELD’s hardware hasn't been toyed with.
"As part of the encrypted reply, the server also receives the status of the passive sensors to verify the integrity of the SHIELD,” DARPA officials said. There are several kinds of sensing devices that developers might try. X-rays, for instance, or light could verify a part -- which would be sensitive to various wavelengths -- that has not been opened or removed.
"Threats from counterfeit parts of unknown provenance may be associated with: their questionable quality control, unknown age/wear-out; uncertain version vintage; and/or uncertainty about whether the parts meet specifications and are free from adulteration," DARPA officials said. "A failure in any one of these components can put warfighter lives as well as missions at risk.
Faulty authentic parts and fake electronic components are widespread, according to federal officials. A Senate Armed Services Committee two-year investigation uncovered 1 million suspect electronic parts in the Pentagon supply chain. The pieces were found in mission computers for a Terminal High Altitude Area Defense missile, military aircraft and other key systems. The compromises were traced to China more than 70 percent of the time.
The National Institute of Standards and Technology last month issued a voluntary framework of broad cyber guidelines for key industries that likely will become mandatory for contractors under federal acquisition regulations. Later on Monday, Alan Chvotkin, counsel at the Professional Services Council, said, "with the release of the NIST framework I am anticipating a FAR rule soon" on the anti-counterfeit measures.
In order for companies to embrace the smart chip concept, the equipment must come cheap. "To be used ubiquitously and adopted by industry as well as government," the encoding technology, decoding technology and the chip itself need "to be extremely inexpensive to acquire, implement, and execute," DARPA officials said.