Back to news

March 29, 2019 | International, C4ISR, Security, Other Defence

DARPA Seeks to Make Scalable On-Chip Security Pervasive

For the past decade, cybersecurity threats have moved from high in the software stack to progressively lower levels of the computational hierarchy, working their way towards the underlying hardware. The rise of the Internet of Things (IoT) has driven the creation of a rapidly growing number of accessible devices and a multitude of complex chip designs needed to enable them. With this rapid growth comes increased opportunity for economic and nation-state adversaries alike to shift their attention to chips that enable complex capabilities across commercial and defense applications. The consequences of a hardware cyberattack are significant as a compromise could potentially impact not millions, but billions of devices.

Despite growing recognition of the issue, there are no common tools, methods, or solutions for chip-level security currently in wide use. This is largely driven by the economic hurdles and technical trade-offs often associated with secure chip design. Incorporating security into chips is a manual, expensive, and cumbersome task that requires significant time and a level of expertise that is not readily available in most chip and system companies. The inclusion of security also often requires certain trade-offs with the typical design objectives, such as size, performance, and power dissipation. Further, modern chip design methods are unforgiving – once a chip is designed, adding security after the fact or making changes to address newly discovered threats is nearly impossible.

“Today, it can take six to nine months to design a modern chip, and twice as long if you want to make that same design secure,” said Serge Leef, a program manager in DARPA's Microsystems Technology Office (MTO). “While large merchant semiconductor companies are investing in in-house personnel to manually incorporate security into their high-volume silicon, mid-size chip companies, system houses, and start-ups with small design teams who create lower volume chips lack the resources and economic drivers to support the necessary investment in scalable security mechanisms, leaving a majority of today's chips largely unprotected.”

To ease the burden of developing secure chips, DARPA developed the Automatic Implementation of Secure Silicon (AISS) program. AISS aims to automate the process of incorporating scalable defense mechanisms into chip designs, while allowing designers to explore economics versus security trade-offs and maximize design productivity. The objective of the program is to develop a design tool and IP ecosystem – which includes tool vendors, chip developers, IP licensers, and the open source community – that will allow security to be inexpensively incorporated into chip designs with minimal effort and expertise, ultimately making scalable on-chip security pervasive.

Leef continued, “The security, design, and economic objectives of a chip can vary based on its intended application. As an example, a chip design with extreme security requirements may have to accept certain tradeoffs. Achieving the required security level may cause the chip to become larger, consume more power, or deliver slower performance. Depending on the application, some or all of these tradeoffs may be acceptable, but with today's manual processes it's hard to determine where tradeoffs can be made.”

AISS seeks to create a novel, automated chip design flow that will allow the security mechanisms to scale consistently with the goals of the design. The design flow will provide a means of rapidly evaluating architectural alternatives that best address the required design and security metrics, as well as varying cost models to optimize the economics versus security tradeoff. The target AISS system – or system on chip (SoC) – will be automatically generated, integrated, and optimized to meet the objectives of the application and security intent. These systems will consist of two partitions – an application specific processor partition and a security partition implementing the on-chip security features. This approach is novel in that most systems today do not include a security partition due to its design complexity and cost of integration. By bringing greater automation to the chip design process, the burden of security inclusion can be profoundly decreased.

While the threat landscape is ever evolving and expansive, AISS seeks to address four specific attack surfaces that are most relevant to digital ASICs and SoCs. These include side channel attacks, reverse engineering attacks, supply chain attacks, and malicious hardware attacks. “Strategies for resisting threats vary widely in cost, complexity, and invasiveness. As such, AISS will help designers assess which defense mechanisms are most appropriate based on the potential attack surface and the likelihood of a compromise,” said Leef.

In addition to incorporating scalable defense mechanisms, AISS seeks to ensure that the IP blocks that make up the chip remain secure throughout the design process and are not compromised as they move through the ecosystem. As such, the program will also aim to move forward provenance and integrity validation techniques for preexisting design components by advancing current methods or inventing novel technical approaches. These techniques may include IP watermarking and threat detection to help validate the chip's integrity and IP provenance throughout its lifetime.

AISS is part of the second phase of DARPA's Electronics Resurgence Initiative (ERI) – a five-year, upwards of $1.5 billion investment in the future of domestic, U.S. government, and defense electronics systems. Under ERI Phase II, DARPA is exploring the development of trusted electronics components, including the advancement of electronics that can enforce security and privacy protections. AISS will help address this mission through its efforts to enable scalable on-chip security.

DARPA will hold a Proposers Day on April 10, 2019 at the DARPA Conference Center, located at 675 North Randolph Street, Arlington, Virginia 22203, to provide more information about AISS and answer questions from potential proposers. For details about the event, including registration requirements, please visit: https://www.fbo.gov/index?s=opportunity&mode=form&id=6770487d820ee13f33af67b0980a7d73&tab=core&_cview=0

Additional information will be available in the forthcoming Broad Agency Announcement, which will be posted to www.fbo.gov.

https://www.darpa.mil/news-events/2019-03-25

On the same subject

  • Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database

    September 4, 2024 | International, C4ISR

    Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database

    Clearview AI fined €30.5M by Dutch authorities for illegal facial data collection and GDPR violations.

  • USAF Logistics Chief Raises Urgent Warning On Surge Capacity | Aviation Week Network

    April 29, 2021 | International, Aerospace

    USAF Logistics Chief Raises Urgent Warning On Surge Capacity | Aviation Week Network

    A recent internal study shows more than nine out of 10 repairs performed by the defense industry on U.S. Air Force aircraft are by a sole-source vendor, the service’s top logistics official said on April 28.

  • The US military’s chaff and flare industry is on fragile ground

    November 14, 2018 | International, Aerospace

    The US military’s chaff and flare industry is on fragile ground

    By: Valerie Insinna WASHINGTON — The two companies responsible for producing chaff and flares for U.S. military aircraft could be poised for a major shakeup, and the Pentagon and congressional critics have begun sounding the alarm about this small, vulnerable segment of the defense-industrial base. In an October report to the White House on the health of the defense-industrial base, the Pentagon relayed concerns about the small number of domestic chaff and flare producers, and stated that weakened demand — especially for flares — could leave companies little incentive to make internal investments. Only one producer of chaff exists in the United States: Esterline Defense Technologies, also known as Armtec. Esterline, which also makes flares, is joined by one other domestic flare manufacturer: Kilgore Flares Co., a part of Chemring Countermeasures USA, which itself is a subsidiary of a firm based in the United Kingdom. This already precarious industrial situation may be further rattled by TransDigm Group Inc.'s proposed acquisition of Esterline, two lawmakers said. In an Oct. 29 letter to Defense Secretary Jim Mattis, Reps. Jackie Speier, D-Calif., and Walter Jones, R-NC, called on the Defense Department to block the deal until its inspector general completed an investigation into TransDigm's business practices. The letter was first reported by The Capitol Forum. “TransDigm has repeatedly purchased companies that are the sole providers of Department of Defense items and engaged in price gouging,” Speier and Jones wrote. “The abuses have been sufficiently common and severe enough to warrant a DoD inspector general investigation. Unsurprisingly, Esterline is the sole DoD chaff provider and one of two flare providers. The alarm bells should be ringing.” The industrial base issues, however, extend far beyond TransDigm's proposed acquisition. A small but critical market Chaff and flare are countermeasures used by military planes and helicopters to help evade a missile attack by an enemy aircraft. For the non-stealthy fourth-generation assets that make up the bulk of the services' inventory, these systems are pivotal to that aircraft's defense. Chaff — which comprises “millions of tiny aluminum or zinc-coated fibers” — is stored onboard an aircraft in tubes and ejected behind the plane to confuse radar-guided missiles, the Pentagon's defense-industrial base report stated. Meanwhile, flares distract heat-seeking, infrared-guided missiles “by ejecting magnesium pellets from tubes to ignite in the wake behind an aircraft,” the report states. Those pellets are so hot — more than 2,000 degrees Fahrenheit — that the temperature exceeds that of the aircraft's engine or exhaust, tricking an infrared-guided missile about the path of the aircraft. According to the industrial base report, “defense unique requirements and decreasing DoD demand drove out other suppliers, leaving a single qualified source for chaff.” Peter Navarro, the White House's director of the Office of Trade and Manufacturing Policy, called attention to the fragile chaff supply base during a Nov. 9 speech at the Center of Strategic and International Studies, calling it a “single point of failure.” Meanwhile, the outlook for flare companies seems even more grim, with the report noting a number of explosions that had plagued both Esterline and Kilgore over the past several years, often leading to factorywide shutdowns that delayed deliveries of product to the Defense Department. “Both companies have experienced quality and delivery problems since the accidents,” the report stated. “As program offices look to improve quality and cost, they are beginning to look offshore at more modern facilities, where there are fewer quality and safety concerns.” One of the biggest problems facing chaff and flare manufacturers is the fluctuating demand signal from the Defense Department — their only customer for the product — based on the military's operational needs, the Association of Old Crows, a professional organization centered on electronic warfare and other countermeasures, said in a statement to Defense News. “Spending on countermeasures flares in the U.S. and among several NATO allies surged during Operation Enduring Freedom and Operation Iraqi Freedom and then dropped sharply as these conflicts reduced their operations tempo or wound down,” the organization stated. “The industrial base is small, yet it must be able to meet big fluctuations in customer demand. This creates a tremendous challenge that could be managed more successfully with better coordination among U.S. military customers or even between NATO partners." A history of safety issues and scandal Though chaff and flare companies usually fly under the radar of the defense trade press, when they do appear in the media, it's usually related to life-threatening accidents at manufacturing facilities or the like. In May 2016, Esterline was forced to temporarily halt operations at its plant in East Camden, Arkansas, after an explosion injured two employees. Local newspaper El Dorado News Times reported that one of the victims suffered “a blast to the face,” which left burns on the hands, chest and face, and took shrapnel to the elbow, according to a Facebook post by the victim's relative. Kilgore Flares also sustained several high-profile accidents in recent years, most notably a 2014 explosion that killed one employee at its factory in Toone, Tennessee. The same plant was the site of a 2016 explosion where no one was injured, according to WBBJ 7 Eyewitness News. According to the Occupational Safety and Health Administration investigation of the 2014 incident, the worker had been removing residual flare materials that ignited, prompting the explosion. “The investigation identified noncompliance in process safety information, process hazard analysis and ... operating procedures. The employee suffered severe burns on multiple areas of his body and was transported to a hospital, where he received medical treatment and burn therapy, but died from his injuries,” the administration had said. Kilgore also came under the scrutiny of the U.S. Justice Department in 2016 for selling the Army flares made with magnesium that a supplier — ESM Group Inc. — illegally imported from China. The company was fined $8 million for violating a requirement that all magnesium used to make flares be sourced from American or Canadian suppliers, reported the Memphis-based CBS affiliate WREG. Kilgore and Esterline did not respond to multiple requests for comment. Pat Kumashiro, former head of the maintenance division for the Air Force's Logistics, Engineering and Force Protection Directorate and currently director of the Air Force market at LMI, said China is paying attention to weaknesses in the American defense-industrial base. “They are pretty savvy as it relates to understanding global supply chains, and when they have opportunities to buy mineral rights — and you see them doing a lot of work and being very aggressive in Africa — they are doing it for a reason,” he said. If an adversary such as Russia or China identifies that there are a limited number of sources for chaff and flare, they can find ways to impact U.S. suppliers — which in turn degrades the mission capability of fourth-generation planes, Kumashiro said. “Operational pilots are not going to go into harm's way without an operational chaff [and] flare system,” he said. The evolving landscape for chaff and flare Big changes appear to be coming down the pipeline for both Esterline and Kilgore Flares. For the former, the question is whether the Defense Department allows TransDigm to acquire Esterline. "Our general goal in this area is to promote competition among contractors but also ensure that DoD is paying fair prices for the best, most usable products that it can get,” a staff member of Rep. Speier told Defense News. But Speier and his colleague Jones believe TransDigm could artificially inflate prices by claiming there is a commercial market for those products, which would limit the ability of Defense Department procurement officers to have full access to pricing data, the staffer said. Should the Defense Department decide to allow the TransDigm deal to go forward, Speier may push to add language to next year's defense authorization bill that would pose additional limitations on what products are deemed “commercial,” or it could call on the Pentagon to study the level of competition throughout the industrial base, the staffer said. For Kilgore Flares, the changes appear to be more conventionally positive. This May, Chemring Group said it would spend $40 million to expand Kilgore's production facility in Toone and grow the plant's employment numbers from about 280 to 375 people. From 2018-2022, the company plans to improve existing facilities, construct new buildings and buy modern equipment, including a new flare extruder and assembly facility, the company said in a news release. In total, those expenditures will triple the plant's production capacity. Kilgore's investment may indicate that chaff and flare manufacturers see some relief on the horizon. Industry officials who spoke to Defense News about this sector said they were hopeful the Defense Department's industrial base report could indicate a heightened level of Pentagon interest. The department already has certain levers it can pull to address problems in its supply base. One such effort, called the Industrial Base Analysis and Sustainment program, involves targeted investments to sustain certain manufacturers who produce a critical capability. Another resource is the Defense Production Act Title III program, which offers grants, purchase commitments, loans or loan guarantees to portions of the industrial base that are weakening. The Defense Department called for an expansion of those programs in recommendations to the White House submitted as part of the industrial base report. A classified annex also includes detailed fixes for certain critical industries. So far, however, it's unclear what assistance could be coming down the pipeline for the chaff and flare industry. https://www.defensenews.com/industry/2018/11/13/the-militarys-chaff-and-flare-industry-is-on-fragile-ground

All news