Slashdot Mirror
New Lock Aims To End Chip Piracy
Stony Stevenson writes "Pirated microchips based on stolen blueprints could soon be a thing of the past thanks to computer engineers at Rice University and the University of Michigan. The engineers have devised a way to head off this costly infringement by giving each chip its own unique lock and key. The patent holder would hold the keys, and the chip would securely communicate with the patent holder to unlock itself. The chip could operate only after being unlocked. The Ending Piracy of Integrated Circuits (Epic) technique relies on established cryptography methods, and introduces subtle changes into the chip design process without affecting performance or power consumption. With Epic protection enabled, each integrated circuit would be manufactured with a few extra switches that behave like a combination lock."
If I read the original article correctly:
If someone gets the chip design and is copying it to be built in another fab, it'd be possible (difficult, but much less difficult than a complete chip redesign or re-engineering) to remove this part of the chip (and increase the profit margin, since A: no investment on research and B: more die per unit silicon.)
What this is going to affect is people who run a fab making legitimate parts, but also run the same parts from the same masks but keep them off the books and sell them independently of the company that owns the design -- OEM ripoffs.
Nostalgia's not what it used to be.
That's how it starts, but that's not how it would end. Think of how much the government or any power abusing company seeking more of that would be on this like FOS. Especially if it becomes commonly manufactured. Not that this is 100%, but I wouldn't see a situation like this technology being force trickled on consumers to be completely unlikely either.
We've had it before, I believe it was called trusted computing. Boy do people love how that has turned out, if I recall correctly.
I understand that a processor blueprint is not something that people want compromised. Throwing a technical attempt to solve the problem rather than dealing with human error is just putting the blame in the wrong places and throwing stuff at the wall hoping things will stick.
Patents are rarely detailed enough to fully implement in practice; usually they cover only a subset of the design, and are written broadly enough that several different paths could be taken to implement them. Looking up a patent would show you the concept, but not an exact design such as a blueprint provides.
The research paper describing EPIC http://www.eecs.umich.edu/~imarkov/pubs/conf/date08-epic.pdf will be presented next week in Munich http://date-conference.com/
I know this is /. but I took the time to find the actual paper, they cover the typical attacks on the security mechanism quite thoroughly. Apparently its very difficult to scan a mask, especially at the small scales the industry deals in today - they suggest it would be cheaper to simply design the chip yourself.
(Off-topic: the anti-spam mechanism atm gives an interesting result for my email address..."'poo' in gap" oO)
I think the [MS Word] paperclip is a great idea. - Miguel de Icaza
It's bad in China. They like to pass the prints from the "premium" contractor in Taiwan, to somebody cheap on-shore that will knock them off to Southeast Asia markets. Probably half the stuff on the streets of Hong Kong or Seoul is counterfeit made from the actual prints, but at unauthorized manufactures. It's a problem when that gets back to the USA and the equipment builder is held up for liability for a product they didn't make because the parts get into their installed systems as "spares" for cheap.
You seem to be missing the fact that the patent owner (who this is designed to protect) is a completely separate entity from the manufacturer. The manufacturer is nothing more than a subcontractor. The manufacturer obviously requires the blueprints to produce the chip. It is the manufacturer who is selling the patent owner's chips on the black market. Nothing is being "leaked". You can bet your life that the "signed agreements" you mention are without exception already in place. They're just being flouted.
Others who responded to my post have argued that you therefore shouldn't hire Chinese or other cheap chip production plants, because they are well known for failing to respect intellectual property and you have no possible recourse against them.
The thing is, businesses are always going to opt for the cheapest option. If this technological measure is cheaper than opting for a more expensive, "trustworthy" producer, then I don't think you have a case against it. This doesn't harm consumers in any way shape or form, simply because it doesn't involve them. The restrictions will have already been removed long before it reaches their hands.
this involves cryptography. let's say that you use 128-bit encryption that's 128 gates per bit of the key/unlock mechanism. 128 gates is nothing on a large, say graphic processor, even 20,000 gates is nothing on a large graphic or general purpose cpu. so how are you going to crack this when each chip has it's own key/lock pair? and the 'key' pair, only goes across a trusted network in another country?
yeah, this isn't dvd movie crypto where the 'client' has to have access to a way to decrypt the movie.
this is the kind of crypto that can't be broken without a backdoor. of course since epic is built into the original chip blue print, just 'masking off that part' renders in a cpu that only spits out 'error, epic not found, halt now' that locks the chip from running. depending on how the chip maker designs this into chips, it's not like they can just engineer a 'mod chip' that tells the cpu everything is okay and to run code... the cost of trying to circumvent 'epic' instantly becomes more than you'd get for say, a pirate dvd player chip.
this is a big deal, really big, because right now sub standard dvd players around the globe are using 'pirate' chips, and usually 'pirate' code to run those chips. Prior to epic they were resorting to programming the firmware of retail dvd players to try and thwart piracy, but then the pirates just waited for a system to come out with the 'real' chip, and steal the firmware so they could program the pirate players themselves. or even worse just program them with 'firmware' downloaded off the net from god only knows the source..
epic will be used by countless dvd and blu-ray chip fabs, so they can benefit from low cost Chinese fabrication, and never have to worry about the design being stolen again.
i've tried to think of ways to break epic, but if it's on chip, tearing apart the chip to see what gets written on chip (especially if it's Different For Every chip) isn't going to work, a mod chip solution could work, but then you need to design a special chip, that only works with revision x. of the 'real' chip, and the cost of doing this is going to be somewhere in the $50 per modchip if you only sell a few hundred thousand of the pirate chip... the cost goes down if you sell millions of units, but most pirate chip stuff is so substandard that it only gets bought when it's 'carrying' a name brand that it isn't, and they do try their best to catch that kind of fraud.... and a big old mod-chip that isn't in the 'real' system makes it a really easy spot for guys with x-ray viewers to screen the stuff. so then you have to hide the 'mod-chip' as say a flash reader
so yeah, epic will very likely reduce the amount of counterfeit dvd players etc. of course, they can always just counterfeit the pre-epic designs, but better blu-ray designs are going to come along, and those will all (i'm guessing) feature epic.
https://www.gnu.org/philosophy/free-sw.html
I read the paper (thanks for the link.) I wouldn't say they cover this thoroughly. In fact, I'd argue that they handwaved this, even though it is the most likely and most important attack vector.
They argue that modifying masks is a problem, which may be true. However, there are several stages of design data before the masks, and I would expect that a corporate-level pirate could have access to something early enough in the process that it could be modified by someone skilled in the art. Design data is probably transfered to the FAB as a flattened layout, with no circuit/design hierarchy. However, it should be possible for someone who knows the chip interfaces related to this unlocking mechanism to work backwards from them and find where to tie things off to make the chip work. The labor cost would probably be pretty low compared to the cost of prepping a second mask to manufacture the modified chips.
It's been a while since I worked with JTAG, but IIRC you can set a flag on most implementations that disables reading the firmware out. All you can do is install new firmware or delete what's in there at that moment. If you could just get the firmware out of most chips, the Linux driver problem wouldn't exist the way it does.
None of what you said makes any sense. This is not a "phone home system". It doesn't compare to cracking systems where you have control over the system during the validation process. Validation is not "via a server".
It's this simple:
1) The processor is manufactured.
2) The fab customer receives the processors from the fab.
3) The fab customer unlocks them.
4) The fab customer pays the fab and sells/ships the processor.
There is no opportunity for anyone to observe or tamper with the unlocking process. No validation is needed prior to unlocking because the fab customer will only unlock processors he has physical custody of.
it dont work that way. most chips that are programmable can be designed to not allow a reverse load. Hell all PIC chips allow me to lock them. Then you need to grind the surface off and try and read what the flash portion is set to with an electron microscope.
It aint that easy, most current production chips have protection for this built in.
Do not look at laser with remaining good eye.