Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Lock Aims To End Chip Piracy

Posted by kdawson on from the can-you-unlock-me-now dept.

Stony Stevenson writes "Pirated microchips based on stolen blueprints could soon be a thing of the past thanks to computer engineers at Rice University and the University of Michigan. The engineers have devised a way to head off this costly infringement by giving each chip its own unique lock and key. The patent holder would hold the keys, and the chip would securely communicate with the patent holder to unlock itself. The chip could operate only after being unlocked. The Ending Piracy of Integrated Circuits (Epic) technique relies on established cryptography methods, and introduces subtle changes into the chip design process without affecting performance or power consumption. With Epic protection enabled, each integrated circuit would be manufactured with a few extra switches that behave like a combination lock."

17 of 312 comments (clear)

  1. Chip Piracy, Eh? by PC+and+Sony+Fanboy · · Score: 3, Interesting

    Wow, I havn't heard of chip piracy in a long time. Maybe it is because, like other forms of piracy, it isn't a big problem. I have problems with piracy when it involves safety equipment, and large purchases from reputable dealers ... but most of the time, you get what you pay for, and you're not being deceived, you're willingly purchasing counterfeit 'stuff'.

    Isn't it sad when people think of piracy in terms of music, when the REAL piracy problems (counterfeiting) are those which involve fake electrical/safety/baby equipment (or food)?

    1. Re:Chip Piracy, Eh? by Smidge204 · · Score: 2, Interesting

      Even better, given the sophistication of some of these bootleggers - couldn't they just reverse engineer the blueprints and modify them to bypass the feature?

      The chips need to be activated at the manufacturer's level, not the consumer level. It does this by an internal random number generator. So... Take one genuine chip, find out what it's random number/activation key is, then modify your blueprints to produce the SAME ID number (bypass the RNG) and then activate all of them with the same key.

      This sounds no more secure than programs that require user-name based serial numbers...

      Alternatively, produce the chips with the "combination lock" set to "open" to begin with and bypass activation altogether.
      =Smidge=

    2. Re:Chip Piracy, Eh? by asuffield · · Score: 2, Interesting

      It's bad in China. They like to pass the prints from the "premium" contractor in Taiwan, to somebody cheap on-shore that will knock them off to Southeast Asia markets. Probably half the stuff on the streets of Hong Kong or Seoul is counterfeit made from the actual prints, but at unauthorized manufactures.


      And the vast majority of it is every bit as good as the original, because it's made in the same plants by the same people who do all the other outsourced manufacturing. There is never any particular evidence presented to support the usual claim that the "unauthorized" product has a higher defect rate than the "authorized" product.

      This is about whether or not some large US corporation gets their cut of the profits. Nothing more. It should be no surprise that they behave the same way as the mafia.
  2. Well, if they have the blueprint... by FlyByPC · · Score: 2, Interesting

    ...wouldn't it be pretty straightforward to replace the hardware circuit that does

    if(bignastyDRM(uniqueDRMkey)==TRUE){}

    with

    if(TRUE){}

    ...?

    Yes, I know circuits are usually either designed with a capture program or modeled in VRML/Verilog -- but the logic still holds. Find out what part of the circuit locks the functionality -- and replace it with a wire to Vcc.

    (Unless, of course, they will require the chip to communicate with the mothership every time it has to blow its little digital nose etc...)

    --
    Paleotechnologist and connoisseur of pretty shiny things.
  3. Intul Inside! Powered by AMB! by themushroom · · Score: 2, Interesting

    But my pirated copy of Windows only works on my pirated CPU chip!

    Okay, show of hands, who has a pirated processor? Anyone? Anyone? Buehler? Is this really a huge problem? Doesn't it cost more to produce a pirate CPU than the potential profits from selling it? Methinks the issue is overstated, either that or the chip industry should contact the RIAA & MPAA's media moguls about an advertising deal (which is the same thing, overstatement but loud).

    --
    Laughter is the Spackle of the Soul.
  4. Hmm, this reminds me of something by fallen1 · · Score: 3, Interesting
    very, very foul and disturbing. Oh, yeah, P3 chips with unique Processor Serial Numbers. I realize that the goal of this project is not the same as the Intel PSNs, but it still strikes me as a way to get unique IDs into each CPU and end anonymity on the net -- what there is that remains of anonymity. Not to mention the complete foul-ups when some enterprising "hacker" figures out how to remotely lock CPUs or other chips that have been unlocked.

    While it sounds promising, it still raises the little hairs on the back of my neck. Danger Will Robinson, danger!

    --

    Dream as if you'll live forever.
    Live as if you'll die tomorrow.
    ~Anonymous~

  5. Re:Sure, great idea by KublaiKhan · · Score: 2, Interesting

    Slightly better, but still dodgy in my mind. If someone wants to counterfeit a chip design, then it'll be counterfeited--if by nothing else, then by someone with access to an electron microscope and a solid background in chip design theory, or by someone getting hold of a few of the 'unlocked' chips and reverse-engineering 'em that way.

    --
    In Xanadu did Kubla Khan
    A stately pleasure dome decree
  6. I don't get it by Deathlizard · · Score: 4, Interesting

    If fabless companies are so worried about overseas manufacturing, then why not use a fab that is inside the country your company resides in? That way, you can sue the living hell out of them when they do sell / steal your plans.

    I would think that building the Chips in the US or Europe where the fabs are more reputable would be a better cost effective solution than sending it to an orient fab and watch it pump out pirate chips left and right, or relying on some sort of activation scheme that these pirate hardware companies would most likely reverse engineer out of them anyway.

    --
    In Soviet Russia, Trojan exploits YOU!
  7. Overriding factor for implementation by The+Ancients · · Score: 3, Interesting

    ...will be cost. A 'few extra circuits' may not sound like much, but with chip manufacturers engaged in a protracted price war, every cent counts - especially when multiplied by the chip numbers we are talking here.

    --
    The Mothership
  8. Think PHYs, not Pentiums by Skirwan · · Score: 4, Interesting

    There was a time when half the USB flash media readers on the market were based on the same pirated designs -- at least according to hardware folks I used to work with who'd be in a better position to know than I am (or, most likely, you are). I'm fairly sure this is a bigger problem than many people realize.

  9. Re:Sure, great idea by droopycom · · Score: 4, Interesting

    Read the paper. http://www.cse.umich.edu/~imarkov/pubs/conf/date08-epic.pdf.

    The chip generate a unique Private Key when first powering up. The matching Public Key is sent to the IP holder for activation. Supposedly there is no way to force a chip to generate a known private key without modifying the masks.

    Modifying the mask (blueprint) using a "microscope" (or other techniques), is much more difficult that just putting the original mask in the machine and churning out a few thousands of chips.

  10. And when would this separate run be made? by Animaether · · Score: 2, Interesting

    Unless the fab has unused capacity / lines to produce these chips based on other dies/masks separately, they're going to have to swap dies / masks out when they want to produce their 'pirate' copies. This swap-out takes time. Calibration takes time. It also increases the likelihood of errors; not just in the 'pirate' copies but also in the originals when they switch back. A fab is going to explain this odd higher failure rate to their customer, how?

    At best somebody within the company could take the design and contract manufacture of it out to a smaller fab or sister fab that isn't booked by the same customer, and have them manufacture it during the same time the originals are produced. That'd be less noticeable, but it would also be more expensive - as the customer isn't footing part of the bill for that shadow fab.

  11. Re:Sure, great idea by Anonymous Coward · · Score: 1, Interesting

    The reason: to compete with other american companies, some american companies used trade secrets, etc... to pay them, instead of cash. China was just too smart to take just cash that would have left them American slaves. The other alternative was not dealing with the Chinese at all.

  12. Watermarks DRM by IdeaMan · · Score: 3, Interesting

    *Add* something instead. Add in a fusible link that would disable the protection scheme.
    It would have to be subtle enough to pass inspection by the original mask creators.

    Instead of creating a bogus, complicated and expensive DRM scheme, just introduce a watermark onto the mask. Use the watermark to identify which manufacturer is selling the extra chips.

    The counter of course is the good ole compare blueprints trick. However then we're back to what you mentioned before, the calibration expense issue.

    --
    They ARE out to get you simply because They are in it for themselves and they don't care about you.
  13. Re:Physical DRM by el+americano · · Score: 2, Interesting

    Right, executives aren't over paid. Stockholders are never surprised and outraged by the amount of money these same people walk away with after they're fired. I'm sure they also don't force mergers and other transactions that are in their own self-interest, but against the company's interest. There's no in-crowd who support and encourage these pay structures in the hope of cashing in themselves one day. But most of all, I know for a fact that the majority of these people are not overpaid for the value they add to their companies.

    In any case, if I'm not a CEO myself, I clearly have no room to talk.

    --
    Those are my principles. If you don't like them I have others. -Groucho Marx
  14. Re:Physical DRM by Chapter80 · · Score: 2, Interesting

    The issue talked about here is copying of blueprints, not theft.
    Perhaps you didn't see the 5th word in the summary: "Pirated microchips based on stolen blueprints..."

    Actually, since gang violence only becomes a problem in certain social conditions and since in our current social model money equals power, this is exactly so.
    Oh dear God, it's frightening that any sane person believes this. I suppose you would advocate locking up the rich victim of any gang violence. Or why just victims - why not all people over a certain level of wealth - let's lock them up? There was a gang shooting downtown; better arrest the mayor.

    Gotta love the real free market, free from copyrights and patents, with prices nearing the marginal cost of production asymptotically, and sometimes even reaching it; but for some reason, the so-called pro-free market people tend to start crying "regulate ! Copyrights ! Patents !" at that point :(.
    As much as people on Slashdot tend to want patent reform, I only see an occasional few advocate total removal of patents and copyrights. Has there ever been a "controlled experiment" (as much as that is possible) comparing a "totally free market" to one with the "rule of law" including patents and copyrights, such that we can compare the rates of innovation in this society? I know of none - the closest I can think of is Open Source Software. The rate of innovation in Open Source software vs. Proprietary software hasn't been very impressive in my opinion. (I'd like to see a study, but my gut feel is that proprietary software beats open source software 1000 to 1, in quantity and 'contribution to society', however that would be measured.)
  15. Chip piracy != music piracy by FuzzyDaddy · · Score: 4, Interesting
    Chip piracy is a big problem.

    My company got burned by it a few years ago. We had an 8 channel DAC (the MAX5308) in our design which didn't have a drop in replacement from another vendor. We needed some parts, and the lead times from Maxim were too long, so we contacted some distributors and found someone who had these parts.

    We had a bunch of boards built, and we started getting a high failure rate, which we traced back to the DAC. A closer inspection of the part revealed it had a date code that was before the actual release date of the chip! We contacted Maxim and stopped payment on the parts. Maxim took some parts for evidence (and I believe sent us a few samples to tide us over).

    We were building $14000 units that were being deployed in military communications systems.

    It turns out the counterfeits were coming from Asia. The distributor in question probably knew that the chips were counterfeit and looked the other way.

    Semiconductor companies put a lot of effort in making sure there products are reliable. (If a PC board has 100 parts, what failure rate is acceptable in your chips before you start to have very bad yield issues? What if it's 1000 parts?). We, as a society, have come to count on things being reliable, and real danger can result when their not. It's not as bad as counterfeit pharmaceuticals, but it's not so far off either.

    I don't know if this scheme will work or not. But it's a real problem, with real consequences.

    --
    It's not wasting time, I'm educating myself.