DARPA*, the mad-as-a-bottle-of-crisps Pentagon warboffinry operation, has struck again - this time awarding a $13m contract to the University of Southern California to develop technology which will ensure that imported integrated circuits (ICs) used by the US military are trustworthy. It appears that there is already a scheme …
Well it ain't Rocket Science... errr
Ah yes. Dismantle every chip and scan them with an electron microscope to verify that the design and manufacture patterns match.
Of course you can't use them afterwards but it's a small price to pay to make sure those commies don't sneak in erm....."moleware?"
Is this a new ElReg standard measurement for sanity?
clearly they're concerned that Cylon agents may have compromised Colonial defence security. I blame that Gaius Balthar meself.
Phishing Chips ...... a Traditional British Delicacy/Simple Appetising Stalwart
"Furthermore, protecting intellectual property and military secrets is problematic because these are often embedded in the design of ICs, and the manufacturer in the fabrication process often needs the details of the designs." .... http://www.darpa.mil/mto/solicitations/baa07-24/index.html
Yes, although that would probably be truer reading ...."Furthermore, protecting intellectual property and military secrets is problematic because these are often to be embedded in the design of ICs, and the manufacturer in the fabrication process often needs the details of the designs."
However, armed with all such sensitive parameters can a failsafe design be easily fabricated to perform above and beyond the call of duty......... in order to herald the next phase of dDevelopment, hitherto probably not even considered. Although that old Rummy warhorse touched upon it, although whether just inadverently, it wouldn't really matter .... "Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns -- the ones we don't know we don't know."
And some would have you believe that aliens talk GBIrish. Let's get real. If something doesn't make Perfect Sense, it is probably because you do not yet understand IT Perfectly. The SMARTer Fool will then simply ask pertinent direct questions and listen to the responses/alternate answers.
follows-on from the Lenovo debacle
remember when IBM sold its laptop business to Lenovo, and the State Department and other US users had to suddenly rehome a large purchase of PC's because they discovered that they were made in China! - therefore unsuitable for diplomatic encryption/decryption work, or at least potentially unreliable as to where the plain text might end up!
At Marconi Radar Research in the 70's we regularly examined all "failed" microchips, every department had a small stock of paper envelopes and any component failures identified during research, factory build, commissioning or field-service was returned to the Microcircuits Failure Analysis dept. We gross-leaked, fine leaked, de-capsulated, macro-photographed, SEM, X-rayed and otherwise guessed what the chips were and why and how they had failed. A good QA base! It didn't then involve microcode analysis, but today if we had a UK DARPA or high-tech industry then we should be doing this verification for mission critical systems. All cryptography will be broken, it's just a matter of delaying this as much as possible!
They are not paranoids or part of the "tin foil army". There is real danger.
If you use common processors (ex: PICs & clones), someone may alter your shipment in order to include a small bug.
Then, in case of war, if these chips are used in the radar, for example, you may just send a certain pattern to the radar in order to cause a disruption.
Remember those Syrian radars? That is the kind of thing that you can do... so they are right to be afraid.
You may argue that you need detailed information: this may be true or not.. depending on the design and chip "hijacked".. but it is not hard tu suppose that they may be able to get the bluprints..
The big question here is: Why do they rely on foreign chips? and, why are foreign (not chinese) chips more secure than US chips? Perhaps it is that they do not trust their "chinese pals".
A Good Thing?
At first read I thought: "A Good Thing for all. If the US military is prepared to blow budget vetting chips for accuracy, the spin off should be more reliable componentry for all".
Then I noticed: "It appears that there is already a scheme under which US-made chips are checked out......"
How long has this been running? If it's long enough to cover a few high-profile cockups in the not too distant past (yes Intel, you with the FPUs that couldn't add up for one) the words "chocolate teapot" spring to mind......
Some things never change. At one point during the cold war, the US SAGE air defense system was being kept operating with spare parts from the Soviet Union. It was the only place still making the thermionic valves [tubes] that SAGE used...
The us already did this...
when they sold some intentionally buggy control software to the soviets through canadian channels and it ended up blowing up a siberian pipeline. The lenovo case wasn't a difference either. Until that point the tpm chips in the thinkpads had a master key that belonged to the nsa, like in every windows install. When the discovered that the chinese swapped the encrpytion keys to their own they had to get rid of the compromised machines.
As every equipment gets more and more complex and harder to analyse the us slowly loosing control over their own equipment to the manufacturing company or to the manufacturing nation. (in this case to china) You can't really analyse a chip that stores its program in flash and has its program read lines burned. You can cut and look at the microfuses in traditional eproms, but the electron charge in flash devices is exceptionally hard to discover, becuase any external force simply erases the device. Logic testing is out of question, beause a chip could contain a whole system with its own operating system. They have to make their own chips if they want to be sure or use old technology that can be analyzed.
ps: I hope they know that the CNN (cellular neural network) chips they bought from europe and used in their missile defense project as guidance computers contain an unofficial debug hook... (aka. backdoor)
Conspiracy theorist heaven
Just to side with the devil, I must say that it seems quite possible to have the main chip (the one passing the test) devoid of any "fault" that can be detected, and include another, less-important (and untested) chip that will somehow trigger a fault in the main one via a pattern of signals and/or frequencies.
If found inadvertently before use, said fault could be passed off as a "normal" bug, no feathers ruffled. But if it does manage to sneak under the radar, then when needed, the bug could be triggered and bang! there goes the satellite GPS system for all soldiers involved.
Sure it sounds far-fetched, but hey, it doesn't sound impossible, now does it ?
Guaranteeing we can trust our chips
What do they plan to do? Tie them up in a dark room under the remorseless glare of a desk lamp until they confess?
Not fabbing their own?
Ruth is stranger than Richard. Luther was intrigued to read recently that the famous piece of Skunkwork known as SR71 was fabbed from Ti mostly imported from the USSR.
As amanfromMars suggests, if you think really hard now, you might begin to understand tomorrow.
'All your bases are belong to us' takes on a new meaning :)
Any soldier who answers his mobile phone during the next conflict and hears a Chinese voice telling him to go home, the war is over, should immediately remove the back off his phone and check where the device was made.