New Lock Aims To End Chip Piracy

Stony Stevenson writes "Pirated microchips based on stolen blueprints could soon be a thing of the past thanks to computer engineers at Rice University and the University of Michigan. The engineers have devised a way to head off this costly infringement by giving each chip its own unique lock and key. The patent holder would hold the keys, and the chip would securely communicate with the patent holder to unlock itself. The chip could operate only after being unlocked. The Ending Piracy of Integrated Circuits (Epic) technique relies on established cryptography methods, and introduces subtle changes into the chip design process without affecting performance or power consumption. With Epic protection enabled, each integrated circuit would be manufactured with a few extra switches that behave like a combination lock."

I don't get it

[Deathlizard]

If fabless companies are so worried about overseas manufacturing, then why not use a fab that is inside the country your company resides in? That way, you can sue the living hell out of them when they do sell / steal your plans.

I would think that building the Chips in the US or Europe where the fabs are more reputable would be a better cost effective solution than sending it to an orient fab and watch it pump out pirate chips left and right, or relying on some sort of activation scheme that these pirate hardware companies would most likely reverse engineer out of them anyway.

Think PHYs, not Pentiums

[Skirwan]

There was a time when half the USB flash media readers on the market were based on the same pirated designs -- at least according to hardware folks I used to work with who'd be in a better position to know than I am (or, most likely, you are). I'm fairly sure this is a bigger problem than many people realize.

Re:Sure, great idea

[droopycom]

Read the paper. http://www.cse.umich.edu/~imarkov/pubs/conf/date08-epic.pdf.

The chip generate a unique Private Key when first powering up. The matching Public Key is sent to the IP holder for activation. Supposedly there is no way to force a chip to generate a known private key without modifying the masks.

Modifying the mask (blueprint) using a "microscope" (or other techniques), is much more difficult that just putting the original mask in the machine and churning out a few thousands of chips.

Chip piracy != music piracy

[FuzzyDaddy]

Chip piracy is a big problem.

My company got burned by it a few years ago. We had an 8 channel DAC (the MAX5308) in our design which didn't have a drop in replacement from another vendor. We needed some parts, and the lead times from Maxim were too long, so we contacted some distributors and found someone who had these parts.

We had a bunch of boards built, and we started getting a high failure rate, which we traced back to the DAC. A closer inspection of the part revealed it had a date code that was before the actual release date of the chip! We contacted Maxim and stopped payment on the parts. Maxim took some parts for evidence (and I believe sent us a few samples to tide us over).

We were building $14000 units that were being deployed in military communications systems.

It turns out the counterfeits were coming from Asia. The distributor in question probably knew that the chips were counterfeit and looked the other way.

Semiconductor companies put a lot of effort in making sure there products are reliable. (If a PC board has 100 parts, what failure rate is acceptable in your chips before you start to have very bad yield issues? What if it's 1000 parts?). We, as a society, have come to count on things being reliable, and real danger can result when their not. It's not as bad as counterfeit pharmaceuticals, but it's not so far off either.

I don't know if this scheme will work or not. But it's a real problem, with real consequences.