DARPA Looks To End the Scourge of Counterfeit Computer Gear

coondoggie writes "Few things can mess up a highly technical system and threaten lives like a counterfeit electronic component, yet the use of such bogus gear is said to be widespread. A new Defense Advanced Research Projects Agency (DARPA) program will target these phony products and develop a tool to 'verify, without disrupting or harming the system, the trustworthiness of a protected electronic component.'"

Not going to happen

[WilliamGeorge]

"SHIELD demands a tool that costs less than a penny per unit, yet makes counterfeiting too expensive and technically difficult to do"

and at the same time

"What SHIELD is seeking is a very advanced piece of hardware that will offer an on-demand authentication method never before available to the supply chain"

These appear to be mutually exclusive.

Whatever became of the counterfeit bolt problem?

[IgnorantMotherFucker]

It occurred quite a long time ago, but at the time no solution was proposed.

Regular steel bolts have hexagonal heads that are flat on top. Bolts made of high-strength steel are marked with three - if I recall correctly - radial lines.

You can see that it would be easy and cheap to mark a regular steel bolt with those three lines, then sell it for the high-strength premium.

This caused at least on death: a worker who was torquing a bolt while building the first Saturn car factory snapped the head off a bolt and fell to his death.

An Army general commented that when he took his battalions tanks out for training in the desert, their tracks were littered with bits of broken off bolts, as well as the occasional tank tread.

What they actually did about this was to test samples of bolt shipments, but such testing was very expensive and so could not provide good coverage.

However it has been years since I last heard about it. Has the counterfeit bolt problem been solved? If so how?

Counterfeit?

[Archangel+Michael]

How can one discern between counterfeit and real, when both are coming off the same assembly line in China?

This is what is called "third shift" products, where the first two shifts make XYZ product for ABC corp, and the third shift makes XYZ Counterfeit for black market.

Fairly easy and cheap.

[jcochran]

It seems to me that most of you didn't bother to read the article. In a nutshell, DARPA wants a small electrically isolated chip that acts as a RFID chip and sends an encrypted response to an interrogation. Method of use

1. Specialized probe scans chip. Obtains serial number of chip.
2. Specialized probe sends serial number information to centralized server.
3. Centralized server sends back to probe query string.
4. Probe passes onto chip, the query string.
5. Chip sends back encrypted response to query string.
6. Probe passes back to centralized server, encrypted chip response.
7. Centralized server sends back to probe "good" or "bad" results.

Notice that the encryption key may be unique for each chip. The keys are known by the centralized server, but don't need to be known by anything else.

In order to create a counterfeit, the attacker needs to do one of two things.
1. Duplicate an existing chip to include the serial number and encryption key.
2. Create a new chip with a new serial number and encryption key and implant that serial number and key into the database maintained by the centralized server.

If an attacker is capable of compromising the central server, then it's game over. But the assumption is that is a "hard task". So the security is likely to be aimed at protecting the encryption key for each chip. Perhaps store the key in TLC Nand and arrange for the value to be corrupted if it's exposed to light (and of course, encapsulate the chip in an opaque material).

So when you manufacture a "non-counterfeit" component, you
1. Manufacture component.
2. Glue a chip to the component.
3. Register the chip with the centralized server.

To verify that a component isn't a counterfeit.
1. Scan for chip and do the entire song and dance to verify the chip.

Re:Am I just not thinking about this correctly?

Used to be easy back when ICs had few layers and feature sizes that were resolvable with optical light microscopy.

I used to verify ICs for trustable computing back in the day, We would take aligned dieshots, develop them, project them through a red filter, project the master copy of the dieshot through a blue filter, overlay them and look for any large red or blue bits indicative that the metal was not the same. In light of recently published dopant sabotaged parts, it is obvious the technique we used back then was flawed, and not really applicable to modern chips which have many metal layers.

Destructive testing of representative samples can yield verification of all metal layers, but still doesn't cover the dopant sabotage technique (which we were not aware of at the time), of course you could try and slip things through by only sabotaging 5% or 10% of the parts.

I think a much more prevalent problem is counterfeit parts for commercial gain than sabotage, for example taking some cheap MOSFET with similar but worse characteristics and relabelling it as some expensive MOSFET. This happens frequently (found a batch of fake BJTs when I was building an amplifier, as the fake part had the wrong CBE pinout). Another common technique is taking low speed-grade DRAM, assembling it on DIMMs and programming SPD data that claims to be highspeed DRAM, often they don't even bother to change the labels on the device packages, as they are covered by a heatsink on most modern DIMMs.

The problem with out-of-grade counterfeiting is that the different grades are produced from identical masks, and can only be differentiated by very careful measurement of the device parameters. In some cases the counterfeits even meet every parameter, as they are produced by binning in the same way the the original manufacturer bins the parts prior to labelling. There are opamps which cost $40/each, and they are binned from the same line which makes parts costing $1/each, the manufacturer is even up front about this. Sometimes, the line produces more parts that would qualify for the $40/each part number than there is demand for the $40/each part, so the manufacturer just bins them as a lower price part. If the counterfeiter was upfront about it like the OEM, they would relabel them as their own part, with some guarantee about performance like the OEM provides, but then they wouldn't be a counterfeiter, but a legitimate re-binning service.

An example of legitimate rebinning is many of the high end audio equipment or lab equipment manufacturers. They often use commercial grade parts, have an internal test jig, and resell or dispose of parts that don't meet their higher-than-spec required parameters.