SHIELD, a passive RF system authenticating integrated circuits with supply chain vulnerabilities
Security threats to electronics extend well beyond software, and even beyond physical hardware vulnerabilities of devices after they are produced. SHIELD is a DARPA program that addresses issues of integrated circuit vulnerabilities in the production supply chain. Between semiconductor design, manufacturing and packaging, PCB production, and distribution a single chip can pass through more than 14 different locations. Post initial use, ICs are often shipped to a developing country, stripped from their boards, refurbished and remarked, and repackaged and sold again. During this process uncontrolled heating or mishandling can lead to immediate failure or latent electrostatic discharge failures. Because of these factors, its nearly impossible to know whether a particular IC is genuine or up to performance standards.
There counterfeit and cloned parts as well that might present risks. A counterfeit part is manufactured by the OEM and presented as new, but the performance and reliability of the part is questionable:. Components may be recycled or remarked, they may have not passed OEM tests, they may be unlicensed or over manufactured. A cloned part is not manufactured by the OEM but may be designed to mimic the performance of the authentic part. Copies may be manufactured in foreign plant, or new design of reverse-engineered components using stolen IP, potentially with altered function to appear the same.
With all of these issues it is hard to tell whether a part is genuine. Visual inspection is time consuming and not always fully accurate. Each part must be carefully and manually inspected, but Trojan hardware attacks can easily escape close visual inspection. Instead of adding additional circuitry to the target design, hardware Trojans are made by changing the polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), it is resistant to most detection techniques, including fine-grain optical inspection and checking against original design specifications.
The SHIELD Dielet is an onboard encryption engine with secret key. It uses a unique Key Storage, 256-bit AES encryption engine, unpowered, passive intrusion sensors and RF power and communication to power the 100μm x 100μm delete with 50 μW. This tiny delete is $0.01, and is embedded into the silicon of the chip so it is not possible to remove or replace them across different ICs. The asymmetric security solution has an onboard encryption key that cannot be coaxed rom the dielet, ID and Key are unique to the individual IC host- not just the part number. The individual integration time, date, and location are stored on a secure server. The built in fragility structures kill the delete if it is removed from the IC host.
SHIELD program began in 2015, and is currently in its demo phase in 2019, demonstrating component authentication performed using a challenge-response protocol with an AES encryption engine and the secret key stored on the chip. The chip has 2 chip antennas, one for 5.8 GHz power and the other for 3.6 GHz half-duplex data communication.
Since the purpose of the dielet is to secure the supply chain for electronic components, the authentication server must be secure. The server is written in the Scala and hosted on Amazon Web Services (AWS). Users who are programming or authenticating dielets use OpenID Connect. The server takes place via a VPN connection and Transport Layer Security (TLS/HTTPS). When dielets are enrolled on the server, IDs and cryptographically secure keys are provided, and stored securely using the AWS Key Management Service. The dielet’s 32-bit sensor fingerprint is read and securely stored on the server as well.
During authentication the an android device initiates the transaction by requesting a 128-bit nonce from the server, which is generated cryptographically secure. The nonce is passed from the Android device to a reader, which transmits it to the dielet. The dielet returns the AES-encrypted nonce and measured sensor fingerprint to the reader, together with its ID in the clear. The response packet is passed to the server, which authenticates the message and, if authentic, uses the dielet’s ID to look up its key, and decrypts the nonce and fingerprint. If the decrypted nonce has the same value as what was originally sent, and the fingerprint has the correct enrolled value, with some margin for variation, this indicates that the dielet is authentic and is in its original host package, and the server responds with a message that the dielet has passed authentication, as well as metadata about the transaction (Kane et al. N.D).
The goal of this passive RF dielet provides secure reliable authentication for ICs which may be subject to hardware Trojans, cloning, counterfeit or recycling which can create performance issues. Because ICs change hands so frequently, solution must exist that can confirm the identity of specific ICs and not simply their part number.
Sources
Supply Chain Hardware Integrity for Electronics Defense (SHIELD), Serge Leef, December 2018
A 100 μm x 100 μm Radio-Frequency Authentication IC for Preventing Counterfeit Electronics, Michael G. Kane, Senior Member, IEEE, Alan Braun, Member, IEEE, Seth Caliga, Winston Chan, Member, IEEE, David Chodelka, Bayard Gardineer, Stephen Kenyon, Alex Krasner, Sterling McBride, Member, IEEE, Joseph Michalchuk, Leigh Moulder, Scott Oberg, Mark Schutzer, Thomas Senko, Member, IEEE, Zane Shellenbarger, Rich Sita, John Armer, Isaac Potoczny-Jones, Greg Stromire, Arne Knudsen, Drew Thomas, Siva Narendra, Member, IEEE, and Avner Kornfeld (N.D)
