University Researchers Invent Solution To Protect Chips Against Manufacturing Sabotage

Siddharth Garg, an assistant professor of electrical and computer engineering at the NYU Tandon School of Engineering, along with a few researchers from other universities, is developing two modules that can validate that a chip works as it was intended in the original design. The technology should help ensure that the chip hasn’t been sabotaged by bad actors inside the manufacturing facilities.

Medical devices, public infrastructure and voting machines, as well as financial, military and government electronics could all be compromised long before their first use if backdoors were added to their chips during the manufacturing process. The issue could affect CPUs, GPUs and motherboards, but also storage and memory components.

These days we’re seeing more companies employ cryptographic signing for their software to ensure that the code delivered to the users is identical what was written by the vendors (although not all companies are taking this to heart yet). A similar validation process is needed for hardware to ensure its integrity.

“Under the current system, I can get a chip back from a foundry with an embedded Trojan. It might not show up during post-fabrication testing, so I’ll send it to the customer,” said Garg. “But two years down the line it could begin misbehaving. The nice thing about our solution is that I don’t have to trust the chip because every time I give it a new input, it produces the output and the proofs of correctness, and the external module lets me continuously validate those proofs,” he added.

Garg called this method “verifiable computing” (VC). Garg and his team created two modules, wherein one is embedded in the chip and proves that its calculations are correct, and an external module that checks whether the embedded module itself was compromised or not. The external module, which is an ASIC (application-specific integrated circuit), can be fabricated separately from the chip.

“Employing an external verification unit made by a trusted fabricator means that I can go to an untrusted foundry to produce a chip that has not only the circuitry-performing computations, but also a module that presents proofs of correctness,” said Garg.

The researchers plan to use a $3 million grant they received from the National Science Foundation to improve the performance of the two modules and test the concept on real silicon as soon as possible.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • acme64
    you telling me these are no good anymore? https://www.novavisioninc.com/orders/media/catalog/product/cache/1/image/600x600/9df78eab33525d08d6e5fb8d27136e95/h/o/hologram-sticker-xav40-01.jpg
    Reply
  • XaveT
    If you add a second chip to check the first chip's calculations... isn't that second chip performing the work of the first one too? Or a second unit in the same chip? So why use the first chip/unit at all? Plus, who's to say that the second chip won't be modified if that's what they are worried about?

    This seems like a monumental waste of research resources to me.
    Reply
  • Jesse_20
    It's more like a checksum device than another computational chip from what I gather. Each segment of the original chip could produce a binary signal on whether or not it completed it's task successfully or not, then the sum of those binary reports would produce a key which the second chip would verify as correct and not tampered with.
    -HTH-
    Reply
  • mrmez
    "Garg and his team created two modules, wherein one is embedded in the chip and proves that its calculations are correct, and an external module that checks whether the embedded module itself was compromised or not."

    But who's gonna make the device to check the external module????
    Reply
  • bit_user
    18502216 said:
    If you add a second chip to check the first chip's calculations... isn't that second chip performing the work of the first one too? Or a second unit in the same chip? So why use the first chip/unit at all? Plus, who's to say that the second chip won't be modified if that's what they are worried about?

    This seems like a monumental waste of research resources to me.
    Read more carefully, and check the Source link (below the headline), when you have questions. The verification module is simpler than the actual chip under test, and you don't need many of them. So, you can fab it at a trusted foundry and use it to test your production wafers. They needn't be as fast, either, so you can fab them on an older, cheaper process.

    Honestly, I think it's a good problem to solve. I think it's rare that this would really happen, but I expect sometimes it might.

    If you want to understand how it actually works, here's the paper:

    https://eprint.iacr.org/2015/1243.pdf
    Reply
  • gondor
    Garg ... Sounds like a leader of a hostile alien race.
    Reply
  • digitalgriffin
    It has long been suspected certain state actors have been modifying the internal writable memory of certain chips, or rewriting the mask. Certain Chinese companies have been caught doing this to certain components used by defense contractors. http://www.businessinsider.com/counterfeit-parts-from-china-raise-grave-concerns-for-both-us-companies-and-national-security-2012-6

    Rewriting the mask is a lot harder to do (and expensive) and this will be near impossible to check for changes. However it is possible to read the (e)PROM and assign a checksum like digital signature.

    It's about well bloody time we assigned digital signatures to these chips.
    Reply
  • bigpinkdragon286
    Maybe the cheapest contractor isn't always the best option? If something is that sensitive, why would you want to pay somebody you can't trust?
    Reply
  • Bobs Your Uncle
    @BIGPINKDRAGON286 - It's an extension of the model that AT&T employs when providing ISP & Cable TV services:

    - Pay a lower "discounted" rate for service & AT&T gets to hoover-up all the personally identifying information about you that they care to, for targeted advertising & sale to 3rd parties.

    - Pay a significantly higher rate (~2x) and your services are provided without intrusive (or perhaps only "minimal") data collection.

    (At least that's what AT&T "states" wrt their data collection policies. And of course AT&T has just a sterling reputation for trustworthiness).

    Marketing copy:
    Choose between Cheap Chips from our Backdoors-R-Us Foundry Line OR for the finest in a Spy-Free computing experience, pick a Premium Priced Chip from our Honest Abe Silicon Selection.
    Reply
  • grimfox
    These chips give you the option to send your expensive complex designs to a cheap manufacturer that may be influenced by a foreign actor and send the cheap verification chip to a trusted manufacturer. Overall this yields a net savings over sending the expensive design to a trusted manufacturer. At it's root it's a way to allow for safer outsourcing.
    Reply