DARPA Sponsors a Hunt For Malware In Microchips 106
Phurge links to an IEEE Spectrum story on an interesting DARPA project with some scary implications about just what it is we don't know about what chips are doing under the surface. It's a difficult problem to find invasive or otherwise malicious capabilities built into a CPU; this project's goal is to see whether vendors can find such hardware-level spyware in chips like those used in military hardware. Phurge excerpts: "Recognizing this enormous vulnerability, the DOD recently launched its most ambitious program yet to verify the integrity of the electronics that will underpin future additions to its arsenal. ... In January, the Trust program started its prequalifying rounds by sending to three contractors four identical versions of a chip that contained unspecified malicious circuitry. The teams have until the end of this month to ferret out as many of the devious insertions as they can."
All about China (Score:5, Insightful)
Looks like someone finally clued these geniuses of national security in on the obvious Archilles' heel in their web of protection.
I just hope our clueless protectors have at least had the common sense to slip in some spys at that new big "Fab 68" [forbes.com] Intel plant they're building in China.
Re: (Score:2)
Re: (Score:1)
No wait, it's worse than that, the only people you can trust are your relatives.
No wait, it's worse than that, they only people you can trust are your direct family.
No wait, it's worse than that, the only people you can trust are direct family who haven't betrayed you yet.
No wait, it's worse than that, the only person you can trust is yourself.
Nationalism is a powerful force, but it's just tribalism writ large.
worse than that -- (Score:1)
Re: (Score:2)
Re: (Score:2)
That's what I thought before I came to love Big Brother. (If you're thinking the TV show you haven't got a clue)
Re: (Score:1)
A state of the art problem (Score:4, Interesting)
Here's a classic example. Startups in Silicon Valley prefer not to bring in a hardware team to develop a new box from scratch, especially when they can just buy a COTS box elsewhere for the first round. The Imaginary Property resides in the Software Apps that they can develop to run on these boxes.
Consequently, they contract out with companies that used to be known for their motherboards, but who have moved up and will sell you a complete cutting edge system, and customize it to meet your needs. No hardware development time is required, and it's a lot cheaper.
The catch is that, in order to support these boxes, the Startup or the customer MUST NEVER OPEN THEM. If you do, you void the warranty. At $10,000-$20,000 per box (in the storage biz) that's a very strong incentive to never ever peek inside.
Add to that proprietary IPMI [wikipedia.org] cards.
In short, these boxes are the best backdoor into an Organizations' IT infrastructure. You'd be surprised at the big, well-known names currently deploying them.
The beauty of this approach is that most of these companies are based in Taiwan. Simply put, with little effort, Taiwan gets to own both China and the U.S. at the same time. That would be amusing if it weren't so sad.
Re: (Score:2)
trusting ALL our electronics to the chinese is a fool's decision!
then again, we have had a good amount of fools running this country, so I'm not all that surprised.
if I was president (yeah right..) I would create a program to ENSURE that all chips, transistors, parts (etc) are ALSO made here (at least for security related equipment and sensitive gear). we NEED to have ma
Re: (Score:3, Insightful)
Re: (Score:2)
its true and could be a very real possibility in the future.
its dangerous, I think, to put so much trust in foreign manufacturing. for economic as well as security and 'peace of mind' reasons, it would be really good if this could be addressed. imagine taking even just 1 month's worth of 'iraq money' and creating (funding) local manuf in the US for essential things (not just electr
Re: (Score:2)
Re: (Score:3, Informative)
The thing with embargoes is that they work both ways. Currently, China is so dependent on the US consumer market to absorb its production that an embargo would hurt them as much as it hurts us.
The other thing is that, despite what you've been hearing, China is not the be-all-end-all for electronics. Korea still holds the crown for manufacturing memory, Taiwan is still the leader for TFT LCDs, Israel is still manufacturing networking equipment, etc. If China embargoes the US, these other countries will r
Re: (Score:3, Funny)
It amazes me sometimes how clueless a lot of Americans are WRT how fortunate/lucky we have been lately.
Re: (Score:2)
Re: (Score:2)
Of course, the US is still too big a market for them to do this. One of the reasons that the US dollar hasn't fallen further, is that it is in Chinas interested to keep it high, or they would lose a lot of money.
Re: (Score:2)
no we cant. companies like Apple and Dell would go out of business overnight as their products shoot up in price 300%. that new Macbook Air is no longer salable at $4500.00. not to mention the myriad of smaller companies that would go out of business overnight as sourcing I
Re: (Score:2)
That may be true, but you also have to look at the impact on China. Think of the thousands of factories that are dedicated almost exclusively to supplying companies like Dell, Wal*Mart, Apple, etc. If our companies go out of business, then, guess what? Those factories go out of business too. And, given that China is a totalitarian country, its more afraid of unemployment and economic hardship than we are. Historically, dictatorships have been more vulnerable to political discontent fueled by economic h
Re:All about China - Manufacturing Return (Score:2)
Yes indeed! We should keep of all critical parts, components, and materials about 30% production here (USA or within the EU, etc). These companies should focus on top quality manufacturing - not "good enough". Then these companies should be subsidized a little to make up for cheaper parts offshore.
We already do this in the USA for some items. Take farming for example. Many crops are subsidized for the same reasons we need other vital manufacturing elements supported. Take the
Re:All about China - appreciate your ingeunity (Score:2)
I replace a few things from time to time and I am rank beginner kit type guy (i.e. Nixie Clock kit, with WWV update). Kudos to you for finding and doing this. Most people today, 99.999%, would shrug and replace the whole board.
So how about some details. In addition to your great pictures.
1. A capacitor failure is always plainly visible like this?
2. What are the three most common failures in electronics? How to find and fix them? Perhaps this answer is on a blog
Cynical about China (Score:1)
Re: (Score:2)
"National Security" means protecting cowardly politicians. How many US politicians take a train? None? Do you have metal detectors ate the train station? No? But try to get on an airplane!
Are there metal detectors at Walmart or JC Penny or the grocery store? Nope. But they're at the place you get license plates and in the courthouses and city halls.
They don't worry about YOUR securiuty and safety, they wo
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
Well, the teams may as well quit now... (Score:2, Funny)
Re: (Score:2)
Speaking from a military perspective (Score:3, Interesting)
Re:Speaking from a military perspective (Score:4, Insightful)
Re: (Score:2)
Are you willing to pay the extra money for microchips? Do you think the market is willing to pay the extra money?
If the answer to either of those questions is NO, then it to be a heavily (government) subsidized effort or you can expect to pay at a lot more for computers than you do now. There's building Fabs here, there's the cost of labor, better environmental enforcement, taxation, etc, etc. That's a lot of setup cost and the companies aren't going to eat it.
That's not to say there's
Re: (Score:2)
Re: (Score:3, Interesting)
You do realize that most third world factory workers want to be working in a factory, since its much better than the alternative, which is usually subsistence farming, right?
Re: (Score:2)
Maybe it would move into software so I can get paid not to code.
Re: (Score:2)
I would posit that it's not where it's made, but who made it. If it's made by a multinational corporation like Sony or Erricson, it's safe for the US military, because the US Government has been bought and paid for by those corporations.
To the American government, you don't matter. Sony and BP and Shell matter. Sony contributes wads of money to "campaign contributions", all you do is vote for one paid off fool or another.
Re: (Score:2)
You mean like this [intel.com] or this [intel.com] or their sites in
Folsom, CA
Santa Clara, CA
Hudson, MA
Rio Rancho, NM
Hillsboro, OR
Dupont, WA
Irvine, CA
Fort Collins, CO
Raleigh, NC
Parsippany, NJ
Columbia, SC
Austin, TX
Riverton, UT
Chantilly, VA
AMD uses Fabs in Germany, which is much friendlier to us than China. Ireland ditto, which has at least one Intel fab, and Israel, whose Intel facility you can thank for the Core Duo revolution and the death o
Right out of the fiction section (Score:2, Informative)
Re: (Score:2)
Pffft. Crazy alarmists.
(note: sarcasm)
Re: (Score:2)
Well, look, if he hadn't ignored Clarke then 9-11 might not have happened. 9-11 was not only an Orwellian dream come true for a power-hungry politician, the Afghanistan war got Americans in a war mood which led to Iraq, which further destabilized the region which cause oil prices to skyrocket, which directly affected the coffers of oil men Bush and Cheney.
And people call Bush
Re: (Score:2)
I have been subject to hardware attacks, twice - suspected firmware and chip crowding techniques, 10 years apart, on Macintoshes. The result was a lot of name calling and personal attacks by people who would not even investigate past their reputations.
It's a sad commentary.
This DARPA initiative is a real
Speaking as a chip designer... (Score:5, Informative)
I deal with foreign fab houses on every project. The odd things is that most of the backend software used by these fab houses are sold by American companies (much of which is written in India).
There is a step in the process where a point tool (one not written by the fab house - but again an American company) is used to re-extract the design out from the polygons that describe the silicon to be fabbed. This is compared to the source gate level design I originally supplied using formal verification methods. This is done by me.
So I suppose someone could surreptitiously change the gates I'm getting back to hide what is being inserted in there (not an easy thing to do all by itself at this level) There are places where it could be done in the process.
At the same time - to add additional logic to a design you are not well versed in is REALLY difficult.
Re: (Score:1)
Finally... (Score:2)
Posters who don't know what they're talking about? (Score:1)
Re: (Score:1)
At the same time - to add additional logic to a design you are not well versed in is REALLY difficult.
As you said, its real difficult but its not impossible, right? This is a good reason why it is in the national interest to preserve our industries. We need both old industries such as steel making and the new industries such as software writing and chip manufacture. If we get into a war with our primary supplier, is that nation going to sell us what we need to defeat them? Don't get me wrong, I'm really against almost all wars. As the song said "War is only good for the undertaker".
Re: (Score:2)
In some cases I don't think they need to add additional logic. They may just need certain stuff to fail when a particular sequence of radio frequencies, or pulses are detected.
Summary and a few observations (Score:2)
Portions of a chip design cycle are untrusted - eg. the fab stage because its not DARPA certified etc. A malicious entity could embed small, functionally irrelevant circuits that when activated could disable(kill switch)/give unauthorized access (back door)/reveal chip secrets (reveal crypto secret key). In order to prevent it, DARPA is looking for proposals that will mitigate this, while not requiring exhaustive testing.
logically impossible (Score:3, Funny)
ChipMaker: Sorry, I can't do that.
USgov: And WHY NOT???
ChipMaker: Because it's logically impossible you retarded oaf. You can't prove a negative.
USGov: But if you DON'T then we will have to TAKE ACTION!
ChipMaker: Oh, jeez... like what? You bumbling fuckhead!
USGov: we will STOP BUYING CHIPS from you! We will build them ourselves!
ChipMaker: Sorry, Wally, but you're not going to get that past your neoliberal internal trade agreements. I can see it now: "USGov goes into Chip Making"... Intel, AMD, and IBM would crack a loaf in their pants and sue. No, you'll have to subcontract to them, and they will have to set up a multijillion dollar fab plant in the USA that is populated by expensive american workers, and suddenly every laptop made for the USGov will be slower and more expensive than any other laptop on the market. Good move, Ace. Lemme know how that works out for ya.
USGov: buh buh buh WE NEED SECURITY!!!!
ChipMaker: look, dumbass, we make chips. We don't care what they go in, we don't care what they do, we just make chips. Test them all you want, you're not going to find anything, because we really don't give a shit. Now, if the ultraparanoid wing of your wingnut contingent can't swing with that, tought shit.
USGov: it would be SO much better if you simply PROVE THAT YOU'RE NOT putting bad things in our chips.
chipMaker: (sigh). How's this, USGov, just shut the fuck up, and get with the program.
USGov: But WE HAVE TO PROTECT OUR FREEDOMS!!!!
ChipMaker: WHEN were your FREEDOMS ever attacked? Some crazy fucking nutjobs from a loosely organised international political crime syndicate flew some planes into your buildings. They didn't attack your freedom, they just wanted you to get your jarheads out of Saudi Arabia. And then you invaded Iraq. "I'd like to know when Iraq attacked your freedoms - I'd like to know what day it was when the Iraqi Invasion Force stormed your beaches and dumped hot lead into your freedoms, because I must been on vacation that day in someplace called REALITY." Your paranoid abuse of logic is THE SAME. And we, the Rest Of The World, are getting sick and fucking tired of your penny ante tirades that end up getting thousands of people killed. So, for the jillionth time: NO, We Can't PROVE that our chips are not full of malware, because you CAN'T PROVE A NEGATIVE. You can test all you want, but you will never be 100% sure, and thusly, you're an idiot for demanding it. Heck - even if you build them yourself, you have no proof, as some employee might etch a wee corner of the chip to cause a computer to make fart noises and blit every other frame to the screen with an image of Jesus butt raping Mohammed, but only on even numbered Tuesdays.
USGov: BUT WE WANT SECURITY!!! We want to PROTECT OUR FREEDOMS!!!
ChipMaker: OK, OK, you fucking moron: "I solemnly swear, cross my heart and hope to die, that there is no bad stuff on any of the chips we make. Promise. Now, is that better?"
USGov: YOU ARE A GREAT ALLY!!! I feel so much more secure now.
RS
We have always been at war with Oceania.
Re: (Score:2)
Oh really? [bloomu.edu]
Re: (Score:2)
from the article linked:
For one thing, a real, actual law of logic is a negative, namely the law of non-contradiction. This law states that that a proposition cannot be both true and not true. Nothing is both true and false.
OK: "this statement is wrong."
Goedel blew that article's line of reasoning out the door 80 years ago.
RS
Re: (Score:2)
The article linked summed it up: You say you cannot prove a negative? Then prove it!
Re: (Score:1)
Re: (Score:2)
John
Re: (Score:2)
Just look at what happened to the USSR [wikipedia.org]. The US should know that when you procure parts from a strategic adversary you open yourself up to these kinds of attacks...
Re: (Score:2)
Examples given:
Five is not equal to four
The ancient Egyptians did not watch Seinfeld
The tsetse fly is not native to North America
OK. 5 = 4. I can build a mathematics that works that says 5 = 4, by abstracting the number 5 into a super position, where 5 = (x). so, in YOUR math, 5 can't equal 4, but in MY math 5 can equal whatever I want.
We have no proof of the Egyptians watching or not watching Seinfeld. We can make a good ASSUMPTION they did not do so, but we have no PROOF the
Quick and simple test.. (Score:3, Funny)
10 PRINT "HELLO WORLD"
Comes out as HERRO WORD
You're pwned.
Conspiracy! (Score:1)
It's about the design, not the fab (Score:3, Informative)
And, for that matter, a designer or even an applications engineer can tell, at a glance, if the silicon that came back from the fab is the same as their design. Some of our applications engineers can tell, without a microscope, what another manufacturer's raw silicon does, just by looking at it. (Not everything, obviously, but they can say "this part is logic, this part is a big power FET, there's a bunch of ESD stuff over here...")
Bottom line: if you have to trust the design, you need to have your designer and your design review team where you can see them. The fabs don't really matter that much.
Re: (Score:2, Informative)
First off, the most important thing is how large the die is.
Obviously they would not change the die size. If the military orders .25mm bolts and gets .45mm bolts that don't fit, they don't need a security audit to figure that out.
Secondly, every bit of the die space you have is used.
There's lots of ways to make space. De-optimize some areas: Remove the carry lookahead logic, shrink the cache. Remove some of the full-complementary logic. Replace fast structures with smaller sub-optimal things like transmission-gate XORs. If the chip has duplicate cache to compensate for manufacturing yield
Re: (Score:2)
I don't know how big digital chips get tested. I do know that for our chips, we test hundreds of parts and thousands of chips still on the wafer for tens
Re: (Score:1)
Remove the carry lookahead logic, shrink the cache, etc.
Even if changes cannot be spotted by examination, they can be caught by Manufacturing and Benchmarking tests that are used to validate each revision. JTAG tests, current consumption tests, functional tests, end to end performance tests, etc. After MFG tests wafers, QA runs its tests on packaged dies, then AEs take a look at it, then the SW and HW design teams use them as part of their development process. Then Customer engineers beat on them before they ever ship anything. Thats a lot of engineers with S
Re: (Score:2)
Which is exactly what the Chinese ARE doing, and why the DOD is testing suppliers for their ability to detect modifications to chips. they decided that every chip used by the DOD now need to be checked for modifications, so they want whomever is best at finding those modifications to do it.
It's kinda hard to keep things secure if the Chinese have found a way to smuggle counterfeit chips into the DO
Word games do not define engineering. (Score:1)
Those so-called "counterfeit" chips and boards you are talking about were actually unauthorized builds by contract manufacturers. If they don't work right, it is because they used seconds or substituted cheaper parts( eg lower voltage, temp rated capacitors, etc.) on the PCB. Essentially, the danger would be shipping boards that do not meet spec, the kind of stuff that can happen even without any monkey business involved.
That has nothing to do with embedding "malware" type features into working chip and h
Re: (Score:2)
I agree that making chips fail under usage is comparatively easy: screw up the ESD protection structures. The US did this on purpose to the USSR [nytimes.com] during the Cold War and sent them chips that failed during use, causing massive damage, but I think that failure is differ
real world examples (Score:2)
Then, you have built-in kill switches used to fight satellite TV piracy, like the dreaded DirecTV Black Sunday [securityfocus.com] killer packets that killed unauthorized access cards.
So this stuff has happened.
How many Counterfeit Cisco Routers [slashdot.org] have built in exploits or kill switches is another question...
Re: (Score:3, Funny)
As they watched in shock and awe, randomly typed letters scrolled across a screen. The words were gibberish.
The sender "left breadcrumbs," Hank related. The deliberately attached ISP (Internet Service Provider) pointed to China.
This was bad enough. But what really freaked out the officers was the realization that none of these "stand alone" machines was online. None of them contained a modem!
So, first there's an "ISP" attached, and then there's no modem. It gets better.
How did the PLA hack supposedly secure air force computers lacking network modems? Just like as select power companies can now pipe the Internet to home computers through electrical power lines, the Chinese were able to play on SAC's supposedly secure computers through the AC power cables connecting them to the national power... "grid".
Okay. The PRC has invented the fantastic ability to first, hack into the U.S. national power grid from China and modulate a signal onto the power line. Then they somehow direct this signal unerringly into one of the U.S. g
Kill switch - possible but by no means probable (Score:2)
Adding a trojan at the hardware level would be incredibly difficult and risky. In the first place, reverse-engineering a design from its GDS files, determining how and where to add hidden circuitry, and then incorporating
Re: (Score:1)
BUT, the payoff could be tremendous. I'm thinking Cylons here. Mod me funny if you dare, but think of simply the idea that US chips are compromised. The US did it to the USSR, the example that comes to mind is this: htt [msn.com]
Get Them a Clue For Christmas (Score:1)
Found some! (Score:2)
http://smithsonianchips.si.edu/chipfun/graff.htm [si.edu]
On my favorite design we had nearly 100% coverage on the test vectors, someone said to "marx the uncovered nets" so we named them Groucho, Chico and Harpo in the netlist.
Missing the point... (Score:2)
DARPA is obviously seeing if they can do it. The end goal is probably to get chips manufactured for the rest of the world that the US Govt can disable at will -- something like GPS Selective Availability [wikipedia.org].
Presumably they're doing it themselves (Score:3, Insightful)
In the microprocessor case, suppose they added a bit of logic to look for a particular data sequence, and if found, switch to system management mode or ring 0 and execute whatever follows. Then they could take over any machine simply by sending it a data packet. Presumably there would be some code signing to prevent anyone else from exploiting the backdoor.
Intel, Cisco, et al are involved in the Critical Infrastructure Protection program and undoubtedly have other high-level contacts with the national security apparatus. It seems obvious that the US is in a better position than anyone else to carry out this type of attack.
Network traffic and firewalls (Score:1)
the ice queen shatters (Score:1)
scented chips (Score:2)