Back to news

June 1, 2020 | International, C4ISR

DARPA Seeks Secure Microchip Supply Chain

"Once a chip is designed, adding security after the fact or making changes to address newly discovered threats is nearly impossible," explains a DARPA spokesperson.

By on May 29, 2020 at 2:46 PM

WASHINGTON: DARPA has launched a four-year project to find ways to design security features into microchips as they are being made to help ensure the future supply chain.

While the name of the project is daunting — Automatic Implementation of Secure Silicon (AISS) — and the technical requirements are a serious challenge, the concept is pretty simple.

“AISS aims to automate the process of incorporating security into chip designs, making it easier and potentially more cost effective for any organization with even a small design team (start-ups, mid-size companies, etc.) to build security measures into their designs,” a DARPA spokesperson told Breaking D today.

“Overall, with AISS DARPA aims to bring greater automation to the chip design process to profoundly decrease the burden of including security measures,” the spokesperson said.

The two winning teams, according to a May 27 DARPA press release, are:

The two AISS research teams are:

  • Synopsys, Arm, Boeing, Florida Institute for Cybersecurity Research at the University of Florida, Texas A&M University, UltraSoC, and the University of California, San Diego
  • Northrop Grumman, IBM, University of Arkansas, and University of Florida

“Research and development on the $75 million program was commenced two weeks ago and incremental capabilities are expected to roll out to the chip design community over the next four years,” the spokesperson said in an email. “Our hope is that many of the capabilities will start appearing as features in commercial design automation software before the program completion.”

Digital integrated circuits are the engines that drive modern computers, and everyday digital devices such as smart phones. They are critical to the evolution of the Internet of Things (IoT). As such, they increasingly have become a key target of hacking by US adversaries and cyber criminals alike, DARPA explains.

“Threats to IC chips are well known, and despite various measures designed to mitigate them, hardware developers have largely been slow to implement security solutions due to limited expertise, high cost and complexity,” the DARPA release says. “Further, when unsecure circuits are used in critical systems, the lack of embedded countermeasures exposes them to exploitation.”

Indeed, the Department of Commerce on May 15 took another swipe at Chinese telecoms behemoth Huawei and tightened its earlier efforts to block it from exporting its semiconductors and products to the US and allies. The Trump administration alleges that Huawei's hardware and software, in particular that related to 5G wireless technology, are full of deliberate security holes in order to enable Chinese government spying. The ruling by Commerce's Bureau of Industry and Security, which will take effect in September, seeks to prevent companies around the world from using American-made software and machinery develop chips for Huawei or its subsidiary firms.

The problem for device-makers, particularly in the IoT world where the market is largely for commercial products (think smart refrigerators), is that fixing potential security holes often isn't seen as worth the time, effort and most importantly, money.

“The inclusion of security also often requires certain trade-offs with the typical design objectives, such as size, performance, and power dissipation,” the DARPA spokesperson said. “For example, something like a sprinkler isn't likely to require the highest level of security protections. Investing in security mechanisms that take up a lot of space on the underlying chip, or significantly impact chip performance likely doesn't make sense based on the sprinkler's expected use and application.”

And yet, that future IoT sprinkler also will be other IoT devices and computer networks in operation by an individual, a company or a facility, such as a weapons depot.

Even more unfortunately, the spokesperson explained, “modern chip design methods are unforgiving – once a chip is designed, adding security after the fact or making changes to address newly discovered threats is nearly impossible.”

Thus, the AISS program is aimed at spurring research into two areas that can address four types of microchip vulnerability, the release says: “side channel attacks, hardware Trojans, reverse engineering, and supply chain attacks, such as counterfeiting, recycling, re-marking, cloning, and over-production.”

The first area of research will be focusing on “development of a ‘security engine' that combines the latest academic research and commercial technology into an upgradable platform that can be used to defend chips against attacks, and provide an infrastructure to manage these hardened chips as they progress through their lifecycle,” DARPA said.

The second area, led by software specialists Synopsys, “involves integrating the security engine technology developed in the first research area into system-on-chip (SOC) platforms in a highly automated way,” the DARPA release said. The Synopsys team also will be working on how to integrate new security designs and manufacturing tools with currently available off-the-shelf products.

Nicholas Paraskevopoulous, sector VP for emerging capabilities development at Northrop Grumman, said in a May 27 press release that the firm's “design tools will enable the development of secure and trusted integrated circuits with reduced costs.” Northrop Grumman is involved in the first AISS research area.

Synopsis could not be reached for comment by press time.

https://breakingdefense.com/2020/05/darpa-seeks-secure-microchip-supply-chain/

On the same subject

  • Gen. Milley is right: The US Army is on the mend

    June 14, 2018 | International, Land

    Gen. Milley is right: The US Army is on the mend

    Last month, in an appearance before the Defense Subcommittee of the Senate Appropriations Committee, Chief of Staff of the U.S. Army Gen. Mark Milley provided a notably upbeat assessment of the state of his service. “The Army is on the mend. I can report out to you today, after two and a half years as the chief of staff of the Army, we are in significantly better shape than we were just a short time ago. And that is through the generosity of this Congress and the American people,” he said. Clearly, some of the credit for the Army's improved state of affairs is a result of the recently passed two-year budget, which provided a much-needed increase in resources. The Army has been able to grow its end strength, purchase needed munitions and spare parts, increase training activities, and recapitalize older and damaged equipment. More resources have also enabled the Army force to expand its presence in Europe, increase, albeit modestly, procurement of upgraded Abrams tanks, Bradley Fighting Vehicles and Strykers, and acquire the new Armored Multi-Purpose Vehicle. But much of the credit goes to the Army chief of staff himself. About a year and a half ago, I wrote a blog for the National Interest titled “Perhaps the Most Remarkable CSA in More than Half a Century.” It was Gen. Milley who made modernization the measure of success for his tenure as the Army chief of staff. This change in strategic direction came just in time, ahead of the reappearance of great power competition as the greatest threat to this nation's security. Gen. Milley is not alone in his quest. In fact, it is a troika consisting of Secretary of the Army Mark Esper, Under Secretary of the Army Ryan McCarty and the chief that is fashioning a new Army in record time and doing so while simultaneously transforming the Army's acquisition system. This is the proverbial case of changing the car's tires while speeding down the road. The early signs are that the Army modernization is on the mend and the acquisition system is being changed. An important example of these improvements is the Army's Rapid Capabilities Office. Established by the secretary and the chief in August 2016, the RCO is tasked to expedite critical capabilities to the field to meet combatant commanders' needs using alternative contracting mechanisms to deliver technologies in real time to the war fighter. One of the RCO's initial projects was to bring the Army back into the game with respect to electronic warfare. In 12 months, the RCO developed an initial integrated mounted and dismounted EW sensor capability that has been deployed with U.S. forces in Europe. A second phase of the project is underway that will add aerial sensors, additional ground-unit sets and improve functionality. Another program that is proceeding rapidly is a vehicle-mounted, jam-resistant positioning, navigation and timing capability for GPS-challenged environments. Prospective solutions are currently undergoing testing. The chief has directed the RCO to address several new areas. The RCO is working on a long-range cannon concept that may be able to double the range of 155mm howitzers, as well as optical augmentation technology to detect an adversary's anti-tank guided missile day/night sights and loitering munitions that can strike air-defense and artillery emplacements. The Army has been moving rapidly to address many of its critical capability gaps. To meet the challenge posed by hostile aircraft and drones, the Army intends to deploy the first battery of the Maneuver Short Range Air Defense launcher on a Stryker armored vehicle by 2020, five years ahead of schedule. Additional sensors and weapons, including a tactical laser, could be integrated into the new turret by the early 2020s. Tank-automotive and Armaments Command did a rapid assessment of active protection systems. The current plan is to equip at least four brigades of Abrams tanks with the Israeli Trophy system while testing continues on a number of solutions for other armored fighting vehicles. The Army also has used other rapid procurement organizations within the Pentagon. One of these is the Defense Innovation Unit Experimental, created in 2016 to push rapid innovation based on leveraging commercial companies. Recently, DIUx led a prototype contract involving upgrades for Bradley Fighting Vehicles. The first production items from it will soon be delivered to the 1st Cavalry Division at Fort Hood, Texas. There are other examples of advances in cyberwarfare, soldier systems, networking and long-range precision fires. The central point is that Gen. Milley's vision of the Army's future is turning out to be right. https://www.defensenews.com/land/2018/06/13/gen-milley-is-right-the-us-army-is-on-the-mend/

  • BMC in talks to sell Turkish shares to local steelmaker

    May 12, 2021 | International, Land

    BMC in talks to sell Turkish shares to local steelmaker

    BMC, a joint Turkish-Qatari venture that manufactures armored vehicles and tanks, is in the late stage of negotiations to sell a majority stake of Turkish shares to a Turkish steel producer, sources told Defense News.

  • Counter-drone startup Epirus raises $70M, plans to hire 100 people

    December 18, 2020 | International, Aerospace

    Counter-drone startup Epirus raises $70M, plans to hire 100 people

    By: Joe Gould WASHINGTON ― Epirus, a venture-backed startup offering a counter-drone capability, announced Thursday it raised $70 million to speed its technology to market. The round was led by San Francisco, California-based Bedrock Capital, and brings the 2-year-old company's total capital raised to roughly $80 million. The news comes six months after Epirus inked a strategic supplier agreement with Northrop Grumman to provide exclusive access to Epirus' software-defined electromagnetic pulse system Leonidas. Since then, the firm has doubled in size and plans to add 100 jobs in 2021. “We're aggressively hiring and expanding our footprint on the East and West coasts,” Epirus CEO Leigh Madden told Defense News. He added that the firm is shifting its headquarters from the Hawthorne, California, office to its newer offices in Tysons Corner, Virginia. Alongside Bedrock and several other investment firms, L3Harris Technologies is investing in Epirus. Epirus developed a SmartPower power-management technology that underpins its counter-unmanned aircraft system, and the company plans to partner with L3Harris to create greater power efficiencies within some of its existing systems. The technology, which allows the system to deliver a high-power output with a relatively low-power input, has a range of applications across other radio frequency systems, Madden said. (The company's systems involve a combination of high-power microwave technology and, for enhanced targeting, artificial intelligence.) The new funding, “enables us to rapidly build out our counter-UAS system,” Madden said. “We'll be bringing the Leonidas system to market as well as advancing the capabilities of our SmartPower technology ― and working with government customers and partners to expand the application of that technology.” Beyond Bedrock and L3Harris, the new Series B funding came from Piedmont Capital Investments, 8VC, Fathom VC and Greenspring Associates. In 2019, Epirus closed $17 million in Series A funding, which was led by 8VC. (Series A is meant to help a company progress to the development stage, and Series B is meant to help a company market or expand its existing market footprint.) Geoff Lewis of Bedrock Capital said in a statement that investors are “confident Epirus has the capacity to integrate its technology into top tier counter-UAS systems and lead the way in developing new and compelling directed energy applications.” “Epirus counters the weak assumption baked into standard VC models that the economic and cultural gaps of defense-focused investments are too wide to overcome,” Lewis said. https://www.defensenews.com/2020/12/17/counter-drone-startup-epirus-raises-70m-plans-to-hire-100-people/

All news