Slashdot Mirror

← Back to Stories (view on slashdot.org)

DARPA Technology Could Uncover Counterfeit Microchips

Posted by samzenpus on from the go-ahead-and-scan dept.

coondoggie writes The Defense Advanced Research Projects Agency said this week one of its contractors, working on one of the agency's anti-counterfeit projects has developed and deployed what it calls an Advanced Scanning Optical Microscope that can scan integrated circuits by using an extremely narrow infrared laser beam, to probe microelectronic circuits at nanometer levels, revealing information about chip construction as well as the function of circuits at the transistor level.

35 comments

  1. Once again by ArcadeMan · · Score: 1

    Why are big websites never posting images? In this particular case it would have been nice to see at least what a scan of an IC looks like.

    --
    Get free satoshi (Bitcoin) and Dogecoins
  2. Re:oh you mean tools to counterfeit? by Anonymous Coward · · Score: 1

    Indeed, now the U.S. government will have tools it needs to create malicious counterfeit chips that are nearly undetectable.

  3. This tool needs to hit the market asap. by Grog6 · · Score: 3, Interesting

    I have had numerous problems with counterfeit transistors and Zener diodes.

    How can you profitably screen thousands of rectifier diodes for their zener point, then grind off the original markings, and mold on new partnumbers??

    At $0.003 each?

    At least the transistors failed spectacularly. :)

    --
    Truth isn't Truth - Guliani
    1. Re:This tool needs to hit the market asap. by ericloewe · · Score: 1

      This does not sound like it will be of much use for discrete electronic components.

    2. Re:This tool needs to hit the market asap. by Anonymous Coward · · Score: 0

      They get their hands on the rejects, then sell them third-party to people that can't possibly check them all.

    3. Re:This tool needs to hit the market asap. by Kyogreex · · Score: 1

      What ericloewe said. Also, I would imagine that in practice this might be used more to verify the integrity of some "mission critical" hardware rather than inspections on a massive scale.

  4. A Scanning Microscope? by Anonymous Coward · · Score: 1

    The modern day processor has about 2 billion transistors. That may take a while.

  5. Define "counterfeit" by retroworks · · Score: 4, Informative

    Most of the accused "counterfeit" chips I've read about aren't "counterfeit" at all. They are used, secondary market, chips harvested from used boards. The "infamous Guiyu" of China e-waste fame is a hub where workers cut out individual microprocessors and chips from boards and repurpose them. The general term in the industry is "gray market"... gray because it's not purely black market, and because of the difficulty in distinguishing what the illegality is when a Chinese factory has substituted a working used part for an OEM part.

    --
    Gently reply
    1. Re:Define "counterfeit" by Anonymous Coward · · Score: 1

      Yes I have had the same experience. Id add that many 'fakes' are also simply batches from the oem that failed process control, but not too badly, and were either unknowingly or knowingly sold to black markets for relabeling as original components. Sometimes for more money than the ones that didn't fail thier spec tests.

      More than once I've used simple magnification and reflection of light off the surface to see original markings that were 'erased' so they could be reprinted and resold.

    2. Re:Define "counterfeit" by TubeSteak · · Score: 1

      Most of the accused "counterfeit" chips I've read about aren't "counterfeit" at all.

      Please feel free to share what you've been reading.

      The general term in the industry is "gray market"... gray because it's not purely black market, and because of the difficulty in distinguishing what the illegality is when a Chinese factory has substituted a working used part for an OEM part.

      I'd like to know where you read that Chinese vendors have "substituted a working used part for an OEM part"
      Here's where I read that counterfeit chips are a problem:

      http://hardware.slashdot.org/story/09/11/25/1940247/man-pleads-guilty-to-selling-fake-chips-to-us-navy
      http://tech.slashdot.org/story/11/11/09/0255231/us-military-trying-to-weed-out-counterfeit-parts
      http://tech.slashdot.org/story/12/03/29/0038231/gao-sting-finds-more-fake-military-parts-from-china

      --
      [Fuck Beta]
      o0t!
    3. Re:Define "counterfeit" by petermgreen · · Score: 1

      Often manufacturers seem to do a really shitty job of marking their chips requiring you to hold them to the light in just the right way to read the bloody things.

      I suspect you wouldn't even need to erase the markings to relabel those, just print the new markings in a way that was actually visible under normal conditions.

      --
      note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
    4. Re:Define "counterfeit" by ArcadeMan · · Score: 2

      Some of the markings are so bad that the only way to read them properly is to go down to the cellar, with a flashlight, in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Counterfeits'.

      --
      Get free satoshi (Bitcoin) and Dogecoins
    5. Re:Define "counterfeit" by moeinvt · · Score: 1

      That's a very good question, but DARPA actually did define "counterfeit" in the SHIELD RFP. It was a very broad and very verbose definition that covered used and other sub-standard parts.

    6. Re:Define "counterfeit" by retroworks · · Score: 1

      Glad to. Did you read the articles linked behind the Slashdot stories you cite? The only two sources of "disputed" chips in the articles are 1) first use lawsuit chips (parts purchased by OEM 2 from OEM 1, sold as surplus to OEM 3 which lacks licensing agreement with OEM 1), and 2) used harvested chips from military parts.

      I witnessed it first hand in 3 Chinese factories, and have previously read and/or commented on the three /. links. None of the articles discounts/contradicts used and harvested chips at the sources. In fact the only one of the three articles to mention the source of chips describes them orienting from a chip harvesting center profiled in Junkyard Planet (2014 Adam Minter).

      Back at you, where is the fake chip manufacturing plant? You realize how difficult it replicate Intel chips below the cost of Intel? Check the court cases on chip patent infingement cases (e.g. Qualcomm), and the maker of the chip is always the original chip maker, the suits are over the license and the first use doctrine (Samsung sells 1000 chips to LG, LG uses 800 of them and sells 200 excess to Qualcomm, Samsung sues Qualcomm). Now, for military grade, it is possible and even probable that a foreign government would reverse engineer and copy a restricted chip. But they couldn't likely produce them cheaply at commercial sale. Consumer product chip counterfeiting is something I've never seen and isn't evidenced in your links.

      --
      Gently reply
  6. Interdepartmental synergy here by Anonymous Coward · · Score: 0

    Not a problem. The DoD has already worked out the protocol for this.

    1. "Outsource" your technology objectives
    2. Discover your technology has been hijacked
    3. Destroy the technology you paid for
    4. Pay again for the technology, this time having it in the hands of people slightly less-likely to hijack it

    I believe it's called the "ISIS" methodology.

  7. Re:oh you mean tools to counterfeit? by Anonymous Coward · · Score: 2, Funny

    Why would the ability to flawlessly clone hardware crypto chips ever be useful to a government that respects privacy?

  8. Counterfeiting? Or...? by blackiner · · Score: 5, Interesting

    I am no engineer or scientist, but are these precise enough to be used to extract hw encryption keys? Because if so, I think I can guess the real purpose for developing these.

    1. Re:Counterfeiting? Or...? by Anonymous Coward · · Score: 0

      Depends on a chip really, there are methods to protect chips from any kind of probing. And these methods are used in some security chips. But for chips that are not properly protected there are many ways to get information out of them, from power analysis to physical probing.

  9. Layers by manu0601 · · Score: 1

    It is great to have a tool for visual inspection, but IC has many layers. If I was to introduce some nasty feature in an IC, I could bury it in lower layers so that it cannot be seen.

    1. Re:Layers by Anonymous Coward · · Score: 0

      Generally no, metal can run in several layers, but N and P areas cant, they have to be on the substrate surface, you cant bury them and you cant grow more substrate on them. But in some cases features are hidden under metal grids etc to protect from probing. Generally nobody bothers with that tho.

  10. Question from the lawn by Earthquake+Retrofit · · Score: 1

    Granted that my experience is way out of date, but why not just try every possible op code, especially undocumented codes and see if they do what is expected? This wouldn't detect counterfeits but could turn up any built-in monkey business.

    --
    Fifty years of Yippie! 1968-2018
    1. Re:Question from the lawn by kesuki · · Score: 2

      the real use of this tech is not to kill counterfeiting it is to know what a chips parts look like. also a malware/spyware IC isn't something that can be ruled out by a simple test of if it does as advertised. i have a $40 tablet that connects to a chatbot system based on yahoo messenger everytime i activate the official android yahoo messenger from play market i get a 'friend' request from an offline user who one or more days later asks if i want to see them naked on a webcam.

      if that iRulu tablet is feeding my data to a yahoo messenger botnet (they are a F rated company on the BBB have a cheesy website etc) who knows what else it is trying to do... and if you think 'just root the damn thing' there isn't a really well documented screen shot by screenshot of how to say load an alternative os, because apparently it is illegal to do so on a tablet because the term 'tablet' was too obscure for the judge to rule on it.

      so yeah shining a laser on a chip to know what it really has on there is huge, especially for military use.

      --
      https://www.gnu.org/philosophy/free-sw.html
    2. Re:Question from the lawn by petermgreen · · Score: 3, Informative

      The problem is testing "every possible op code" is insufficiant, you would have to test every possible opcode/operand/register state combination since the condition for "evil behviour" may test on a tight combination of those. Doing so is compututationally infeasible.

      --
      note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
    3. Re:Question from the lawn by Anonymous Coward · · Score: 0

      Counterfeit products generally come off the same production lines as originals, there is just unofficial "night shift" making them. China.

  11. Counterfeiting? Or...? by Anonymous Coward · · Score: 2

    From the article:

    "The ASOM technology housed at Naval Surface Warfare Center in Crane will help engineers provide forensic analysis of microelectronics, including integrated circuits confiscated by law enforcement officials, DARPA stated."

    Vague? Move along civilian......

  12. There are easier ways to discover them... by MindPrison · · Score: 1

    ...just take a look at the chip top.

    It really isn't rocket science. Take a look at the top of the IC or Transistor, often you'll see a "glazed" top which indicate that the chip has been painted over, and the new fake numbers gets printed on top of the paint.

    Another way, look closely at the transistor or semiconductor - just use glasses or a magnifying glass to take a close look, a hobby microscope will do just fine too...if you discover that the surface has been "sanded", you should be on alert.

    Cheap knockoffs are IMHO a far greater problem than counterfeit chips, on eBay you'll often encounter 2nd grade components that have failed the factory quality control, these may be fine for hobby usage (in fact, I use them myself - but not for anything serious). These include LED's and transistors, I often purchase these bulk so I can afford to toss them away like candy wrapping and do as many experiments as I wish without thinking about the economics behind it.

    The most surefire way to test for counterfeit components is - surprise - to test them. I have a Curve tracer for the Diodes and Transistors, and I can test them in 10-20 current/voltage steps, drain, amplification, switching speed etc...and the curves will show me the actual specs of the semiconductor on the screen, practical stuff. These are rarely cheap though, you can pick one up at eBay...but you're probably better off making one yourself with a Stepping/multiplier-PSU + a cheap oscilloscope as these are VERY expensive, even 30 year old units like mine.

    I've shopped for components at eBay for a long time, we're talking over 10 years, and yes...I can confirm that it IS an increasing problem, but not at a disastrous level yet, It's very rare for me to come across counterfeit products...it's FAR more common to come across second-grade components.

    --
    What this world is coming to - is for you and me to decide.
    1. Re:There are easier ways to discover them... by moeinvt · · Score: 1

      Their broad definition of "counterfeit" includes the cheap knockoffs that might be functionally equivalent but substandard.

  13. Re:oh you mean tools to counterfeit? by cavreader · · Score: 1

    Most of the chips built in China are being built by fabs set up by foreign companies, not indigenous Chinese foundries. There is a big difference. I can't understand why so many companies are willing to provide their technical knowledge to China just to do business with them. Even for people looking to make an extra buck off the cheap labor should see the shortsightedness of taking this path.

  14. Fuck DARPA by Anonymous Coward · · Score: 0

    Sorry, this isn't a reply to your comment, but Beta is fucking me in the ass 6 ways to Sunday & I can't post otherwise.

    There are some smart people at DARPA, but most of them are pudgy, boring, balding, uninspired, lazy government piggies, sucking on the teat of the American taxpayer.

    There seems to be an ongoing and concentrated PR campaign from DARPA. To point:

    http://threatpost.com/darpa-working-on-provably-secure-embedded-software

    Anyone remember this quote? "Beware of bugs in the above code; I have only proved it correct, not tried it."

    Provably secure?!?!? How the fuck do these lazy government slugs prove /mathematically/ that it's immune from side channel attacks? Or single event upsets?

    Anyone remember this quote? "Beware of bugs in the above code; I have only proved it correct, not tried it."

    My job is bypass the security of embedded systems. These pencil-pushers are just fleecing the public, waving their hands and throwing around mumbo-jumbo and jibber-jabber (those are very technical terms.)

    Fuck you, DARPA. Shut Ms. Prabhakar's PR machine down before I put my 63 year-old size 13 up your figurative ass. And yes, DARPA, get the fuck off my lawn.

  15. Re:oh you mean tools to counterfeit? by Anonymous Coward · · Score: 0

    Oh, you do not understand, that money does not have a homeland?
    So, the CEOs and international conglomerate owners do not think about "shortsightedness of taking this path".

  16. "Less than a penny per part"??? by Anonymous Coward · · Score: 0

    " 'SHIELD demands a tool that costs less than a penny per unit, yet makes counterfeiting too expensive and technically difficult to do...' "

    This is really frustrating. Some former colleagues and I were trying to form a startup company to develop a solution for semiconductor authentication using the same technology the article is describing. When we examined the SHIELD RFP, we figured that we could meet the technical specifications, but their "penny per part" demand led us to conclude that we had no viable business model. There are multiple competing solutions. For example, there's a Swiss company that will custom engineer a chemical taggant which would be very expensive to reverse-engineer. We guessed that theirs was the cheapest solution. But now it sounds like DARPA has chosen to implement the same sort of solution that my colleagues and I were developing -something based on integrated circuit technology. How the hell can anyone possibly meet that price point??? Just designing an IC isn't cheap. You need expensive CAD software, computers and skilled engineers. At a penny each you would have to sell tens of millions of units to break even on your development costs. The military has nothing close to that volume.
    Now they're talking about building a "100 micron x 100 micron dielet..." to insert on a product? Does anyone know of a wafer fab that will build you a 100um x 100um integrated circuit for a fraction of a penny? I doubt that you could purchase and dice up a BLANK wafer for that cost! Your kerf loss is going to ~50 um if you're lucky!
    Penny per part my a$$! They gave this work to someone knowing that the per unit cost will inevitably be several thousand percent higher than what the specification demanded.

  17. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  18. Re:oh you mean tools to counterfeit? by cavreader · · Score: 1

    The "shortsightedness" is giving away your technology advantages to a country that is slowly losing their only advantage, namely cheap labor. Low labor costs and little to no corporate regulations in the labor and environmental areas plus some considerable currency manipulation has allowed China's exports to surge. Now other countries in SE Asia are able to compete with China's low labor costs while China's labor force is asking for better wages and benefits which if granted would help stimulate their domestic economy. If China cannot improve it's citizens buying power the size of their market will no longer justify doing anything to enter their market. China may post a high GDP but their per-capita statistics are far behind countries such as Japan and the US. China is not known for their innovation or quality they are just manufacturing what others have designed. Companies willing to give China all their proprietary technology just to operate within China is a one time event. If they decide to move their manufacturing out of China they don't get to ask for their technology back. One good example is when Google folded up their tents and left China instead of capitulating to China's demands.

  19. Nonsense! by Ivan+Stepaniuk · · Score: 1

    Once you decap a chip, a toy microscope is enough to tell a counterfeit die from the real thing. Using a laser to stimulate the chip is not a tool to detect counterfeit chips, but for testing, reverse engineer, and thus potentially make counterfeits.

    --
    My other signature is a car