NSF Awards $10 Million To Protect America's Processors

aarondubrow writes "The National Science Foundation and the Semiconductor Research Corporation announced nine research awards to 10 universities totaling nearly $4 million under a joint program focused on secure, trustworthy, assured and resilient semiconductors and systems. The awards support the development of new strategies, methods and tools at the circuit, architecture and system levels, to decrease the likelihood of unintended behavior or access; increase resistance and resilience to tampering; and improve the ability to provide authentication throughout the supply chain and in the field. "The processes and tools used to design and manufacture semiconductors ensure that the resulting product does what it is supposed to do. However, a key question that must also be addressed is whether the product does anything else, such as behaving in ways that are unintended or malicious," said Keith Marzullo, division director of NSF's Computer and Network Systems Division.

Microsoft drops Trustworthy Computing Group

[jkrise]

http://redmondmag.com/articles...

Make of these what you will.

Re:Microsoft drops Trustworthy Computing Group

[peragrin]

It gets better when eh NSA offers 400 million to open up the backdoors, and hand out the access keys.

Re:Microsoft drops Trustworthy Computing Group

[Z00L00K]

With resistance to tampering it also means that it's harder to find intentional backdoors placed by your favorite agency.

Re:Let's Outsource It!!

[Electricity+Likes+Me]

That's uh, kind of the point of this research. Verifying black box chip functionality is a huge concern for the military, who has a standing policy to use consumer hardware off-the-shelf where possible. With chips made in China and all. Beyond that, there's a big problem in just regular supply runs with counterfeit chips.

Wow, a whole $10 million?

[Maury+Markowitz]

I remember watching some show on a river in Africa that never makes it to the coast. Every spring it starts as a rushing torrent, but as the thaw ends and the water spreads out it evaporates and sinks into the land, leaving a huge inland river delta.

On can construct a similar imaginary money river for this story. $10 million? It will never see hardware, that money will disappear into the bureaucracy like water into the African plains.

To put this in perspective, $10 million is what, one hour of iPhone sales? That's how important the NSF considers this?

Re:Wow, a whole $10 million?

[bill_mcgonigle]

I suspect Intel spent $10M on chip R&D while my coffee was brewing.

Re:Wow, a whole $10 million?

[CastrTroy]

$10 million doesn't get you very far anymore. My city has spent over $10 million trying to construct a pedestrian bridge. The initial estimate was over 6.5 million. For a bridge. That people walk on. I think it allows for bikes too. Crazy. And it still hasn't been completed. Who knows how much it will cost by the end of it.

Where's the rest of the money coming from?

[pupsocket]

Does four million get even one item on this list?

(from the article)
Combating integrated circuit counterfeiting using secure chip odometers--Carnegie Mellon University
Intellectual Property (IP) Trust-A comprehensive framework for IP integrity validation--Case Western Reserve University and University of Florida
Design of low-cost, memory-based security primitives and techniques for high-volume products--University of Connecticut
Trojan detection and diagnosis in mixed-signal systems using on-the-fly learned, pre-computed and side channel tests--Georgia Institute of Technology
Metric and CAD for differential power analysis (DPA) resistance--Iowa State University
Design of secure and anti-counterfeit integrated circuits--University of Minnesota
Hardware authentication through high-capacity, physical unclonable functions (PUF)-based secret key generation and lattice coding--University of Texas at Austin
Fault-attack awareness using microprocessor enhancements--Virginia Tec
Invariant carrying machine for hardware assurance--Northwestern University

So of course this whole project will need to attract international support from all those other governments grateful that the US role protects the integrity of critical hardware worldwide.

After all, those same governments will probably send their very brightest and most dedicated graduate students and post-docs to the institutions conducting the research.

Maybe they're already supporting it and working on it.

Re:Let's Outsource It!!

[Required+Snark]

IBM also has a research group in Beijing.

To make my sarcasm more understandable to you, I'm trying to point out that in the US, even national security is sacrificed to the profit motive. This is one of the reasons that US defense (and other critical infrastructure firms) keep being hacked by Chinese and Russian based groups. They don't spend enough money on security because "profit".

The US Chamber of Commerce, one of the biggest and most influential lobbying groups, has successfully shut down any legislation addressing requirements for cyber-security. President Obama did try and address the issue via executive order, but that is not as effective as actual legislation.

So here is a real example that I ran across when I was posting on a different Slashdot thread. http://en.wikipedia.org/wiki/Lockheed_Martin_F-35_Lightning_II#Program_cost_increases_and_delays

On 21 April 2009, media reports, citing Pentagon sources, said that during 2007 and 2008, spies downloaded several terabytes of data related to the F-35's design and electronics systems, potentially compromising the aircraft and aiding the development of defense systems against it. Lockheed Martin rejected suggestions that the project was compromised, stating it "does not believe any classified information had been stolen". Other sources suggested that the incident caused both hardware and software redesigns to be more resistant to cyber attack.

Now do you understand what I am talking about?