@text: High tech folks still use the phrase “killer app” to convey the popularity or timeliness of a much-needed hardware or software application. For example, this year’s Design Automation Conference (DAC) boasted the usual mention of killer apps. These desired applications focused on purported solutions to the bleeding-edge choke points of electronic-systems level (ESL) design and design-for-manufacturability (DFM) issues. But a surprising number of folks at DAC were also discussing a more subtle and potentially lethal challenge that faces not only the high tech community but the nation as a whole.
In a world where chips are developed in a distributed and global arena, the killer app has given way to the broader concept of a “killer scenario” – and I mean killer in the literal sense of the word. The specific killer scenario that commanded the most attention in the hallways at DAC concerned the chip-level hardware (not software) equivalent of the ancient Trojan Horse attack. Here’s how it works: A foreign chip foundry inserts some seemingly innocuous RTL code into a U.S. military GPS system design prior to chip fabrication. The code is designed to disable the GPS electronics at the most fortuitous time for a unfriendly government or loose confederation of bad guys, for example, during the heat of battle.
Far-fetched, you say? Something you might read in the pages of a high-tech science-fiction novel? Not according to the Defense Advanced Research Projects Agency (DARPA), which recently called for help in developing the next generation of silicon security systems. The initiative was part of a larger drive by the Dept. of Defense to address rising concerns with the manufacture of U.S.-designed chips in overseas foundries.
The infamous National Security Agency (NSA) is another government body that is so concerned about the foreign influence on high-tech ICs that it has its own secure fab for development and creation of "super-important" cryptographic chips. These critical devices contain special encryption IP that is beyond the sensitivity of even the military’s standard security phones. This dedicated fab – one of the few left in the U.S. – is not a secret, though few citizens know of its existence. Circumstantial proof of this fab’s existence can be found on NSA's web site at http://www.nsa.gov/techtrans/techt00017.cfm and http://www.nsa.gov/coremsgs/corem00004.cfm.
The danger of silicon sabotage is real. This is why both the Focus Report and the lead editorial feature (by L3) in this issue of Chip Design magazine examines how the loss of a domestic design community and a supplier environment has affected the design flows and methodologies of mission-critical military and government ICs. Further, Max’s regular column (Chips & Dips) helps connect-the-dots to reveal how several new technologies highlighted at DAC are being used to combat silicon security concerns.
My own experience at DAC supports Max’s insights. Technologies from companies like Certicom (www.certicom.com) and Kilopass (www.kilopass.com) offer combined solutions that will help thwart sabotage and IP misuse throughout the silicon development process. For post-silicon production security, consider DAFCA’s (www.dafca.com) debug mechanism that could be used to monitor for intrusive RTL code during real-time chip operation.
As Dan O'Loughlin, director of hardware development at Certicom, points out; “It is entirely possible for an attack to occur against the chip design data at any point in the silicon manufacturing process. This attack could occur at the RTL description, gate level netlist, physical design description, or any intermediate binary format generated by chip design tools. The end result could include unexpected functional behavior, enable clandestine functionality, or result in a high failure rate.”
Although the killer scenario of a backdoor attack by foreign nationals is a clear and present danger, you will find little mention of it in the public press. This doesn’t mean that it is not being addressed by the U.S. government, at least for mission-critical electronics. Of particular concern is the sabotage of less cryptographically sensitive systems – like the GPS device I mentioned previously. Officials worry about these systems, since this technology has been outsourced to Asia, where the chips are designed in India, Taiwan, or China and then manufactured anywhere in the world. How can the U.S. be sure that the performance and integrity of these chips are not suspect?
The answer – as always – lies in the development of new technology combined with the creation and enforcement of policies that ensure the correct use of that technology.
Thanks to Leslie Cumming at Skye Marketing Comm for her contribution to this story. Please share your comments or questions with the editor at: firstname.lastname@example.org.