DoD Scratches Its Head Over Foundry Security

Counterfeiting continues to grow in the semiconductor supply chain, but now several programs in the military and commercial worlds intend to stamp it out.

popularity

When the GlobalFoundries deal with IBM to acquire its foundries closes, as it is slated to sometime during 2015, the U.S. Department of Defense has a small problem on its hands. Military programs no longer will have access to a trusted fab to manufacture semiconductors. How do you ensure that the foundry did not modify or alter your design, add backdoor access or implement a remote control mechanism?

GlobalFoundries is based in the United Arab Emirates, Samsung is based in South Korea, and TSMC is based in Taiwan. So aside from Intel, there are no other advanced digital fabs owned by U.S.-based companies with the capabilities to make the kinds of devices used by the military. You can bet your tax dollars there are a lot of secret discussions going on to make sure military programs are not put at risk.

There are also several slightly more public programs that are attempting to secure the supply chain for semiconductors so that issues such as theft, counterfeiting and relabeling of parts become a lot easier to detect than they are today.

How big is this issue? While it is never possible to fully enumerate a criminal business, Government hearings in 2011 estimated that 15% of all spare and replacements part purchased by military programs were counterfeit. The estimated total costs of counterfeits was $7.5B a year.

At DAC, a SKY talk was provided by Saverio Fazzari from Booz Allen, who is an advisor to several DARPA programs. He provided an overview of the electronic threat space and some of the ideas DARPA is developing to mitigate them.

brianblogpic

TRUST attempted to detect logic insertions without performing highly destructive measures, and IRIS was a set of capabilities for discovering reliability compromises. A new program called SHIELD (Supply Chain Hardware Integrity for Electronics Defense), launched in January of 2015 at an initial cost of more than $23 million, is learning from these programs and hopes to add the ability to store a private key on a chip that would be difficult to reverse engineer, and would destroy the part if reverse engineering is attempted.

brianblog2

The “dielet” will have no electrical connection to the host circuitry, instead operating in a completely standalone mode using scavenged power. After a device has been scanned, an appliance will upload a serial number to a central, industry-owned server. The server will then send an unencrypted challenge to the dielet, which will send back an encrypted answer and data from passive sensors, such as light exposure that could indicate tampering. The program is expected to yield results by mid-2016.

Another part of the program hopes to make it clear where a part was manufactured using signatures from fabs that are associated with their tools, recipes, sequences and other idiosyncrasies. When a counterfeit part is found, it then can be traced to its place of origin.

Other programs, such as those initiated by the Semiconductor Industry Association (SIA), have been attempting to educate the industry about the importance of securing the supply chain and dealing only with reputable, factory authorized agents.

The National Science Foundation (NSF) and Semiconductor Research Corporation (SRC) also are jointly providing funding to universities for research that will lead to Secure, Trustworthy, Assured and Resilient Semiconductors and Systems (STARSS).

It is clear that everyone is taking this problem seriously and that the industry needs to do something to slow the rapid increase in the counterfeit semiconductor market. Hopefully, the manufacturing industry is smarter than the counterfeiters, unlike in the software security industry where the hackers always seem to be a little ahead of the countermeasures.



  • In comparison, the AS6171 (WIP) Standards at the packaged/component level are a joke. Essentially, the current
    standards appear to leave tests up to the discretion of the component supplier/reseller based upon their perceived
    ‘risk’. The component reseller should be required to re-screen the
    devices to MIL STD 883. But no component reseller would ever want to invest the dollars required to have this done at a local Reliability/FA Service lab, let alone pay for the
    equipment to do it themselves.