Darpa's "trust in IC": a smart article and our comments

07/07/2008 Written by SyS64738 (Roberto Preatoni)

microchip2 With­out any doubt, the best arti­cle pub­lished about the Darpa’s Turst in IC pro­gram has appeared on IEEE Spectrum’s web­site. We wel­come you to read that arti­cle, then to come back here as we posted our com­ments (oh boy, we have so much to say…)

Zone-​H Comments:

Are you a fan of comics? Are you inter­ested in dig­i­tal war­fare? Did you find this news about Darpa’s “Trust in IC” pro­gram appeal­ing? Foreviewing?

Take a look at our first Zone-​H comic episode “Pro­logue: Net­work Fail­ures”, pub­lished in year 2006 (but we started to work on its pro­duc­tion in year 2005). It’s the story of a total Inter­net fail­ure due to embed­ded unso­licited hard­ware, placed by wise Chi­nese pro­duc­ers in the core IC of the world’s net­work equipment.


Click on the image to down­load it

In this comic episode, the hard­ware spy­ware has been placed in the net­work card’s main chip, insert­ing extra func­tion­al­i­ties such an extra micro­proces­sor, some extra RAM and some extra ROM. The net­work card is usu­ally func­tion­ing as a tra­di­tional net­work card up to the moment it receives a spe­cific sequence of bits which acti­vate the embed­ded extra hard­ware, caus­ing net­work fail­ures (but also allow­ing to spy on each computer’s traffic).

Need­less to say, the comic’s char­ac­ters are using at some point, the same tech­nol­ogy adopted by Darpa’s con­trac­tors to reveal embed­ded unso­licited hard­ware (an x-​ray IC layer scanner).

Quite inter­est­ing coincidence.

Any­way, the point is that despite what per­formed in the real­ity by the Darpa’s con­trac­tors, such efforts might not be suf­fi­cient to detect embed­ded spy­ware in ICs. In fact, any com­plex Inte­grated Cir­cuit can be iden­ti­fied not only by the con­tained hard­ware, but being most of the time a logic cir­cuit, also by its nat­ural “embed­ded logic behavior”.

I remem­ber when I was attend­ing my high-​school classes (hell, 25 years ago…), one of the first thing I learned was to design logic cir­cuits, accord­ing to the task require­ments. A first step was to design the cir­cuit accord­ing to the logic require­ments. The sec­ond step was to sim­plify it by ana­lyz­ing its boolean redoun­dan­cies, strip­ping off the unnec­es­sary logic ports. After such oper­a­tion, a much sim­pler IC was obtained, with the same func­tion­al­ity of the more com­plex, orig­i­nal one.

All this to say that to be sure that any given IC is not embed­ding unso­licited behav­ior might not be enough the mere x-​ray analy­sis of its core com­po­nents. The IC should also be ana­lyzed in its orig­i­nally designed logic behavior.

At the cur­rent sta­tus, the Darpa’s pro­gram is focus­ing mainly in “hash­ing” the hard­ware, com­par­ing it to its orig­i­nal design. But as I explained before, extra func­tion­al­i­ties can be embed­ded even in the orig­i­nal hard­ware logic design, plac­ing cir­cuits with dou­ble logic behav­ior. In prin­ci­ple, it should be easy to design any com­plex enough logic cir­cuit that behaves always in a cer­tain way except when a sin­gle, spe­cific logic gate gets acti­vated, trig­ger­ing the sec­ondary behav­ior. With­out the need of extra cir­cuitry (ram, rom, etc).

Detect­ing such trig­ger­ing logic cir­cuit is a hard task, or even worse, detect­ing the sec­ondary behav­ior espe­cially in high den­sity chips and tech­niques such x-​ray scan­ning would not be help­ful at all. Darpa should focus also in pos­si­ble ways to detect unso­licited logic behavior.

How? Well, it’s not that easy. We do have some ideas here, we might explain them in a future’s comic episode. Or we might not, let’s see if it would be a wise move first.

But we have some more bad news for you guys. Do you know what is the lifes­pan of war gears? Decades. It means that what has been pro­duced so far and what is cur­rently pro­duced might already embed unso­licited hardware/​logic. The Syr­ian radar fail­ure story might be a demonstration.

Do you know which is one of the most used micro­proces­sor in mod­ern war gears? Noth­ing fancy nor ultra­mod­ern, as you might imag­ine. In fact, it’s the old 386 chip. Reli­able, pow­er­ful enough and, most impor­tant, long last­ing and not heat­ing. Even mod­ern war heli­copters are using the old 386 chip. And that was pro­duced more than 20 years ago. As to say, we might be already flooded by poi­soned hardware.

This is why peo­ple should stop in focus­ing only in open source soft­ware for secu­rity rea­sons but they should also focus on the neces­sity to have open sourced hard­ware. Which cur­rently is and prob­a­bly will stay a mere dream, given the cur­rent set of laws and the lob­bis­tic pres­sure behind them.

The only way to pro­tect your­self today would be to do any sort of hardware/​software reverse engi­neer­ing but as you well know, it’ll bring you legal trou­bles. War inter­ests apart, open­ing up hard­ware sys­tems should be in everybody’s long term inter­est, includ­ing the same hard­ware pro­duc­ers and gov­ern­ments. Because “Qui gladio ferit, gladio perit”

Share this content: