Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

DARPA Sponsors a Hunt For Malware In Microchips

Posted by timothy on Thu May 01, 2008 08:23 AM
from the double-barreled-microscope-loaded-for-vermin dept.
Security The Military United States Technology Hardware
Phurge links to an IEEE Spectrum story on an interesting DARPA project with some scary implications about just what it is we don't know about what chips are doing under the surface. It's a difficult problem to find invasive or otherwise malicious capabilities built into a CPU; this project's goal is to see whether vendors can find such hardware-level spyware in chips like those used in military hardware. Phurge excerpts: "Recognizing this enormous vulnerability, the DOD recently launched its most ambitious program yet to verify the integrity of the electronics that will underpin future additions to its arsenal. ... In January, the Trust program started its prequalifying rounds by sending to three contractors four identical versions of a chip that contained unspecified malicious circuitry. The teams have until the end of this month to ferret out as many of the devious insertions as they can."
+ -
story

Related Stories

Submission: Hunt for the kill switch in microchips by Phurge (1112105)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

DARPA Sponsors a Hunt For Malware In Microchips 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • All about China (Score:5, Insightful)

    by elrous0 (869638) * on Thursday May 01 2008, @08:25AM (#23262300)
    It cracks me up how the U.S. government is always taking ludicrous steps to "protect national security," fighting off hacker attacks with billions of dollars in specialized firewalls and security, using NSA backdoors into windows, etc. And all the while they're lecturing us on all these heavy-handed precautions, they're doing EVERYTHING, classified and not, on computers built largely of Taiwanese and Chinese manufactured chips and motherboards.

    Looks like someone finally clued these geniuses of national security in on the obvious Archilles' heel in their web of protection.

    I just hope our clueless protectors have at least had the common sense to slip in some spys at that new big "Fab 68" [forbes.com] Intel plant they're building in China.

    • I've wondered this too, although more along the lines of what if 'war were declared'? Really cloak and dagger cold war stuff where we're never sure who is friend and who is foe, and even if we are sure it changes on a daily basis anyway. Suddenly the only people you can really trust to build your stuff are the people born and bred inside your borders. It would change _everything_, even if a shot were never fired or a bomb was never dropped...

        • No wait, it's worse than that, the only person you can trust is yourself.

          That's what I thought before I came to love Big Brother. (If you're thinking the TV show you haven't got a clue)

    • A state of the art problem (Score:4, Interesting)

      by btarval (874919) on Thursday May 01 2008, @08:45AM (#23262546)
      Well, considering that the current wave in high-tech is to outsource the hardware development, it's a very valid concern.

      Here's a classic example. Startups in Silicon Valley prefer not to bring in a hardware team to develop a new box from scratch, especially when they can just buy a COTS box elsewhere for the first round. The Imaginary Property resides in the Software Apps that they can develop to run on these boxes.

      Consequently, they contract out with companies that used to be known for their motherboards, but who have moved up and will sell you a complete cutting edge system, and customize it to meet your needs. No hardware development time is required, and it's a lot cheaper.

      The catch is that, in order to support these boxes, the Startup or the customer MUST NEVER OPEN THEM. If you do, you void the warranty. At $10,000-$20,000 per box (in the storage biz) that's a very strong incentive to never ever peek inside.

      Add to that proprietary IPMI [wikipedia.org] cards.

      In short, these boxes are the best backdoor into an Organizations' IT infrastructure. You'd be surprised at the big, well-known names currently deploying them.

      The beauty of this approach is that most of these companies are based in Taiwan. Simply put, with little effort, Taiwan gets to own both China and the U.S. at the same time. That would be amusing if it weren't so sad.
    • having JUST replaced about 6 capacitors in an older motherboard (due to bad chinese caps, infamous story from about 5 yrs ago) - I concur!

      trusting ALL our electronics to the chinese is a fool's decision!

      then again, we have had a good amount of fools running this country, so I'm not all that surprised.

      if I was president (yeah right..) I would create a program to ENSURE that all chips, transistors, parts (etc) are ALSO made here (at least for security related equipment and sensitive gear). we NEED to have ma

      • Re: (Score:3, Insightful)

        by elrous0 (869638) *
        Not only that, but what if China ever decided to embargo us? It would (for a time at least) cripple most of our tech industry.
        • Not only that, but what if China ever decided to embargo us? It would (for a time at least) cripple most of our tech industry.

          its true and could be a very real possibility in the future.

          its dangerous, I think, to put so much trust in foreign manufacturing. for economic as well as security and 'peace of mind' reasons, it would be really good if this could be addressed. imagine taking even just 1 month's worth of 'iraq money' and creating (funding) local manuf in the US for essential things (not just electr

        • Re: (Score:3, Informative)

          by quanticle (843097)

          The thing with embargoes is that they work both ways. Currently, China is so dependent on the US consumer market to absorb its production that an embargo would hurt them as much as it hurts us.

          The other thing is that, despite what you've been hearing, China is not the be-all-end-all for electronics. Korea still holds the crown for manufacturing memory, Taiwan is still the leader for TFT LCDs, Israel is still manufacturing networking equipment, etc. If China embargoes the US, these other countries will r

          • The Euro zone is a pretty big importer of China tech as well. Then you have Japan, and the rest of the world.

            Of course, the US is still too big a market for them to do this. One of the reasons that the US dollar hasn't fallen further, is that it is in Chinas interested to keep it high, or they would lose a lot of money.
            • Well, at least we had a good run for the last 50 years.

              It amazes me sometimes how clueless a lot of Americans are WRT how fortunate/lucky we have been lately.
    • It cracks me up how the U.S. government is always taking ludicrous steps to "protect national security,"

      "National Security" means protecting cowardly politicians. How many US politicians take a train? None? Do you have metal detectors ate the train station? No? But try to get on an airplane!

      Are there metal detectors at Walmart or JC Penny or the grocery store? Nope. But they're at the place you get license plates and in the courthouses and city halls.

      They don't worry about YOUR securiuty and safety, they wo
  • I already found the hidden "porn" circuitry.

  • Speaking from a military perspective (Score:3, Interesting)

    by Erie Ed (1254426) on Thursday May 01 2008, @08:30AM (#23262380)
    This is going to be a huge issue in the future. Another reason why buying anything not made in the US is a bad idea. We have MIL-Spec products for almost everything, yet most of our comm equpiment is simply COTS with slight modifications to the software/hardware. I'd really like to see intel/amd move operations back to the states just for this reason, also it would be a benifit to the government and the american people. The government gets what they want secure, malware free chips, and americans get good paying jobs back.

    • Re:Speaking from a military perspective (Score:4, Insightful)

      by Applekid (993327) on Thursday May 01 2008, @08:33AM (#23262406)
      Although I do agree from a military perspective the less reliance on others is probably for the best, "Made in the USA" is not an alternate spelling of "exploit-free".
    • That sounds great.

      Are you willing to pay the extra money for microchips? Do you think the market is willing to pay the extra money?

      If the answer to either of those questions is NO, then it to be a heavily (government) subsidized effort or you can expect to pay at a lot more for computers than you do now. There's building Fabs here, there's the cost of labor, better environmental enforcement, taxation, etc, etc. That's a lot of setup cost and the companies aren't going to eat it.

      That's not to say there's
      • then it to be a heavily (government) subsidized effort

        Maybe it would move into software so I can get paid not to code.
        • Yeah, I know. We don't have enough chip fabs to handle all the demand of moving ALL production for US computer components on-shore, however.

        • Re: (Score:3, Interesting)

          by quanticle (843097)

          It's always cheaper to build in countries that employ what amounts to Slave Labor.

          You do realize that most third world factory workers want to be working in a factory, since its much better than the alternative, which is usually subsistence farming, right?

    • Another reason why buying anything not made in the US is a bad idea

      I would posit that it's not where it's made, but who made it. If it's made by a multinational corporation like Sony or Erricson, it's safe for the US military, because the US Government has been bought and paid for by those corporations.

      To the American government, you don't matter. Sony and BP and Shell matter. Sony contributes wads of money to "campaign contributions", all you do is vote for one paid off fool or another.
    • "I'd really like to see intel/amd move operations back to the states just for this reason"

      You mean like this [intel.com] or this [intel.com] or their sites in

      Folsom, CA
      Santa Clara, CA
      Hudson, MA
      Rio Rancho, NM
      Hillsboro, OR
      Dupont, WA
      Irvine, CA
      Fort Collins, CO
      Raleigh, NC
      Parsippany, NJ
      Columbia, SC
      Austin, TX
      Riverton, UT
      Chantilly, VA

      AMD uses Fabs in Germany, which is much friendlier to us than China. Ireland ditto, which has at least one Intel fab, and Israel, whose Intel facility you can thank for the Core Duo revolution and the death o
  • This issue is a main element in Richard Clarke's latest book - Breakpoint. Clarke is the terrorist guru from the late '90s in the Clinton administration ... and the guy the Bush administration chose to ignore. Bottom line is if you let your key silicon + hardware be exclusively built in forgien countries ( i.e. China) you're at risk of hardware level "back doors". Published in '06 - Clarke again signals a warning for the US .....
    • Oh, you mean the guy who had that fixation on some crazy Islamic fundamentalist group attacking on US soil?

      Pffft. Crazy alarmists.

      (note: sarcasm)

    • Clarke is the terrorist guru from the late '90s in the Clinton administration ... and the guy the Bush administration chose to ignore

      Well, look, if he hadn't ignored Clarke then 9-11 might not have happened. 9-11 was not only an Orwellian dream come true for a power-hungry politician, the Afghanistan war got Americans in a war mood which led to Iraq, which further destabilized the region which cause oil prices to skyrocket, which directly affected the coffers of oil men Bush and Cheney.

      And people call Bush
    • I admire the man (Richard Clarke), but have never read his books through and through, I think it's a commentary on these United States when you have to write the truth disguised as fiction to clue people in.
      I have been subject to hardware attacks, twice - suspected firmware and chip crowding techniques, 10 years apart, on Macintoshes. The result was a lot of name calling and personal attacks by people who would not even investigate past their reputations.
      It's a sad commentary.
      This DARPA initiative is a real

  • Speaking as a chip designer... (Score:5, Informative)

    by stevew (4845) on Thursday May 01 2008, @08:54AM (#23262628) Journal
    I find this intersting.

    I deal with foreign fab houses on every project. The odd things is that most of the backend software used by these fab houses are sold by American companies (much of which is written in India).

    There is a step in the process where a point tool (one not written by the fab house - but again an American company) is used to re-extract the design out from the polygons that describe the silicon to be fabbed. This is compared to the source gate level design I originally supplied using formal verification methods. This is done by me.

    So I suppose someone could surreptitiously change the gates I'm getting back to hide what is being inserted in there (not an easy thing to do all by itself at this level) There are places where it could be done in the process.

    At the same time - to add additional logic to a design you are not well versed in is REALLY difficult.
    • IANACD or from the US. I had to scroll past pages and pages of nationalistic and economic drivel before finding someone who knew what the hell they were talking about.
    • I am not a chip designer.

      In some cases I don't think they need to add additional logic. They may just need certain stuff to fail when a particular sequence of radio frequencies, or pulses are detected.
  • Ok heres a quick summary for those who dont have the patience to read the 3 pages :

    Portions of a chip design cycle are untrusted - eg. the fab stage because its not DARPA certified etc. A malicious entity could embed small, functionally irrelevant circuits that when activated could disable(kill switch)/give unauthorized access (back door)/reveal chip secrets (reveal crypto secret key). In order to prevent it, DARPA is looking for proposals that will mitigate this, while not requiring exhaustive testing.

  • logically impossible (Score:3, Funny)

    by Ralph Spoilsport (673134) * on Thursday May 01 2008, @09:16AM (#23262852) Journal
    USgov: OK Mister smarty pants commie chip maker! PROVE TO ME that YOU"RE NOT putting malware into your chips!

    ChipMaker: Sorry, I can't do that.

    USgov: And WHY NOT???

    ChipMaker: Because it's logically impossible you retarded oaf. You can't prove a negative.

    USGov: But if you DON'T then we will have to TAKE ACTION!

    ChipMaker: Oh, jeez... like what? You bumbling fuckhead!

    USGov: we will STOP BUYING CHIPS from you! We will build them ourselves!

    ChipMaker: Sorry, Wally, but you're not going to get that past your neoliberal internal trade agreements. I can see it now: "USGov goes into Chip Making"... Intel, AMD, and IBM would crack a loaf in their pants and sue. No, you'll have to subcontract to them, and they will have to set up a multijillion dollar fab plant in the USA that is populated by expensive american workers, and suddenly every laptop made for the USGov will be slower and more expensive than any other laptop on the market. Good move, Ace. Lemme know how that works out for ya.

    USGov: buh buh buh WE NEED SECURITY!!!!

    ChipMaker: look, dumbass, we make chips. We don't care what they go in, we don't care what they do, we just make chips. Test them all you want, you're not going to find anything, because we really don't give a shit. Now, if the ultraparanoid wing of your wingnut contingent can't swing with that, tought shit.

    USGov: it would be SO much better if you simply PROVE THAT YOU'RE NOT putting bad things in our chips.

    chipMaker: (sigh). How's this, USGov, just shut the fuck up, and get with the program.

    USGov: But WE HAVE TO PROTECT OUR FREEDOMS!!!!

    ChipMaker: WHEN were your FREEDOMS ever attacked? Some crazy fucking nutjobs from a loosely organised international political crime syndicate flew some planes into your buildings. They didn't attack your freedom, they just wanted you to get your jarheads out of Saudi Arabia. And then you invaded Iraq. "I'd like to know when Iraq attacked your freedoms - I'd like to know what day it was when the Iraqi Invasion Force stormed your beaches and dumped hot lead into your freedoms, because I must been on vacation that day in someplace called REALITY." Your paranoid abuse of logic is THE SAME. And we, the Rest Of The World, are getting sick and fucking tired of your penny ante tirades that end up getting thousands of people killed. So, for the jillionth time: NO, We Can't PROVE that our chips are not full of malware, because you CAN'T PROVE A NEGATIVE. You can test all you want, but you will never be 100% sure, and thusly, you're an idiot for demanding it. Heck - even if you build them yourself, you have no proof, as some employee might etch a wee corner of the chip to cause a computer to make fart noises and blit every other frame to the screen with an image of Jesus butt raping Mohammed, but only on even numbered Tuesdays.

    USGov: BUT WE WANT SECURITY!!! We want to PROTECT OUR FREEDOMS!!!

    ChipMaker: OK, OK, you fucking moron: "I solemnly swear, cross my heart and hope to die, that there is no bad stuff on any of the chips we make. Promise. Now, is that better?"

    USGov: YOU ARE A GREAT ALLY!!! I feel so much more secure now.

    RS

    We have always been at war with Oceania.

    • Because it's logically impossible you retarded oaf.

      Oh really? [bloomu.edu]

      • wrong.

        from the article linked:

        For one thing, a real, actual law of logic is a negative, namely the law of non-contradiction. This law states that that a proposition cannot be both true and not true. Nothing is both true and false.

        OK: "this statement is wrong."

        Goedel blew that article's line of reasoning out the door 80 years ago.

        RS

    • I don't think that anyone would mind the US government making chips for themselves. You are making a ridiculous argument.

      John
    • Strategically the US is in a bad position when it depends on military/infrastructure supplies from foreign nations.

      Just look at what happened to the USSR [wikipedia.org]. The US should know that when you procure parts from a strategic adversary you open yourself up to these kinds of attacks...

  • Quick and simple test.. (Score:3, Funny)

    by Linker3000 (626634) on Thursday May 01 2008, @09:22AM (#23262912)
    If:

    10 PRINT "HELLO WORLD"

    Comes out as HERRO WORD

    You're pwned.

  • It's about the design, not the fab (Score:3, Informative)

    by smellsofbikes (890263) on Thursday May 01 2008, @09:49AM (#23263232) Journal
    I've written about this before. It's all about the design of the IC -- they're tightly integrated designs. The designer works with a design team, who reviews the layout, and sends it off to get fabricated. If what comes back isn't exactly the same as what went out it's going to be *completely* obvious. First off, the most important thing is how large the die is. Nobody can change that without everything downstream breaking -- your wafersort test hardware won't match up with the die (and wafersort is done by test engineers working with the designer, so is done where the designer works). So you can't make a larger die to put extra malicious circuitry in. Secondly, every bit of the die space you have is used. There's never unused silicon because that's wasted money. People will completely relayout a design from a square to a rectangle if that means they can get 10 more chips off a wafer. So you can't sneak malicious circuitry into an existing design.
    And, for that matter, a designer or even an applications engineer can tell, at a glance, if the silicon that came back from the fab is the same as their design. Some of our applications engineers can tell, without a microscope, what another manufacturer's raw silicon does, just by looking at it. (Not everything, obviously, but they can say "this part is logic, this part is a big power FET, there's a bunch of ESD stuff over here...")
    Bottom line: if you have to trust the design, you need to have your designer and your design review team where you can see them. The fabs don't really matter that much.

    • Re: (Score:2, Informative)

      by MobyDisk (75490)
      I respectfully disagree.

      First off, the most important thing is how large the die is.

      Obviously they would not change the die size. If the military orders .25mm bolts and gets .45mm bolts that don't fit, they don't need a security audit to figure that out.

      Secondly, every bit of the die space you have is used.

      There's lots of ways to make space. De-optimize some areas: Remove the carry lookahead logic, shrink the cache. Remove some of the full-complementary logic. Replace fast structures with smaller sub-optimal things like transmission-gate XORs. If the chip has duplicate cache to compensate for manufacturing yield

      • I grant you I'm talking purely about analog power chips, because that's what I know. I'm sure you're right about microcode -- that's probably something that could be changed. But that stuff is really optimized, isn't it? It's not like you can sneak a tcp/ip stack in there so you can do your own communication -- you'd have to go off-chip, for one thing.
        I don't know how big digital chips get tested. I do know that for our chips, we test hundreds of parts and thousands of chips still on the wafer for tens
        • "It would be far easier to supply your own counterfeit chip with the mods and sneak it into the supply chain."

          Which is exactly what the Chinese ARE doing, and why the DOD is testing suppliers for their ability to detect modifications to chips. they decided that every chip used by the DOD now need to be checked for modifications, so they want whomever is best at finding those modifications to do it.

          It's kinda hard to keep things secure if the Chinese have found a way to smuggle counterfeit chips into the DO
      • I guess you're designing way different types of chips than we are. We never leave *any* extra gates unless it's a part that needs on-die trimming during test, and even then, we have control of the tester and blow all the gates we've left open.

        I agree that making chips fail under usage is comparatively easy: screw up the ESD protection structures. The US did this on purpose to the USSR [nytimes.com] during the Cold War and sent them chips that failed during use, causing massive damage, but I think that failure is differ
  • Early Motorola 6809 microprocessors had an "unused" opcode hackers named HCF -- halt and catch fire [wikipedia.org]...

    Then, you have built-in kill switches used to fight satellite TV piracy, like the dreaded DirecTV Black Sunday [securityfocus.com] killer packets that killed unauthorized access cards.

    So this stuff has happened.

    How many Counterfeit Cisco Routers [slashdot.org] have built in exploits or kill switches is another question...

  • I'm one of the people who was interviewed for this article. Several people in my department spent an afternoon talking to the IEEE Spectrum technical writer. Although it didn't really come out in the article, our take on the kill-switch concept was that it was possible but very unlikely.

    Adding a trojan at the hardware level would be incredibly difficult and risky. In the first place, reverse-engineering a design from its GDS files, determining how and where to add hidden circuitry, and then incorporating
  • Extra stuff has been placed in chips for years:

    http://smithsonianchips.si.edu/chipfun/graff.htm [si.edu]

    On my favorite design we had nearly 100% coverage on the test vectors, someone said to "marx the uncovered nets" so we named them Groucho, Chico and Harpo in the netlist.
  • I think people are missing the real point here.

    DARPA is obviously seeing if they can do it. The end goal is probably to get chips manufactured for the rest of the world that the US Govt can disable at will -- something like GPS Selective Availability [wikipedia.org].

  • Presumably they're doing it themselves (Score:3, Insightful)

    by currivan (654314) on Thursday May 01 2008, @01:07PM (#23266032)
    If they think this approach is valuable to an enemy, what do you suppose the chances are that they aren't doing it themselves, but by pressuring the companies rather than surreptitiously inserting circuitry at the fab?

    In the microprocessor case, suppose they added a bit of logic to look for a particular data sequence, and if found, switch to system management mode or ring 0 and execute whatever follows. Then they could take over any machine simply by sending it a data packet. Presumably there would be some code signing to prevent anyone else from exploiting the backdoor.

    Intel, Cisco, et al are involved in the Critical Infrastructure Protection program and undoubtedly have other high-level contacts with the national security apparatus. It seems obvious that the US is in a better position than anyone else to carry out this type of attack.
  • me thinks the government is worried about smelling funny. http://mobile.slashdot.org/article.pl?sid=08/05/01/129230 [slashdot.org]
    • So I was reading one of your links with interest, seeing as it's been a long time since I got into a really juicy conspiracy theory. Those internet vandals keep debunking the good ones! And I came across this:

      As they watched in shock and awe, randomly typed letters scrolled across a screen. The words were gibberish.

      The sender "left breadcrumbs," Hank related. The deliberately attached ISP (Internet Service Provider) pointed to China.

      This was bad enough. But what really freaked out the officers was the realization that none of these "stand alone" machines was online. None of them contained a modem!

      So, first there's an "ISP" attached, and then there's no modem. It gets better.

      How did the PLA hack supposedly secure air force computers lacking network modems? Just like as select power companies can now pipe the Internet to home computers through electrical power lines, the Chinese were able to play on SAC's supposedly secure computers through the AC power cables connecting them to the national power... "grid".

      Okay. The PRC has invented the fantastic ability to first, hack into the U.S. national power grid from China and modulate a signal onto the power line. Then they somehow direct this signal unerringly into one of the U.S. g

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.