#### Supply Chain Hardware Integrity for Electronics Defense (SHIELD)

Serge Leef Program Manager, Microsystems Technology Office Defense Advanced Research Projects Agency

Software and Supply Chain Assurance Winter Forum 2018

18 December 2018





## Threats to Integrated Circuit Integrity



#### DARPA mitigation technologies





## DoD Acquisition Is a Man-made Challenge





The Global Nature of Today's Supply Chains makes chain-of-custody unworkable



Lifecycle for a single Joint Strike Fighter component, which changes hands 15 times before final installation



## US Electronic Waste is a Contributing Factor





Uncontrolled heating during part removal can cause die cracks or delamination, leading to immediate or latent failures.





Image courtesy of Basel Action Network

Mishandling or sanding of parts can cause latent Electrostatic Discharge (ESD) failures.

Image courtesy of SMT Corporation



## **Counterfeits vs Clones**

A counterfeit part is manufactured by the OEM and presented as new, but the performance and reliability of the part is questionable:

- Used components recycled/remarked
- **OEM** test failures
- Unlicensed fab overproduction



A cloned part is not manufactured by the OEM but may be designed to mimic the performance of the authentic part:

- Copies manufactured in foreign plant
- New design of reverse-engineered components using stolen IP, potentially with altered function











Suspect

Good

All images courtesy of NSWC Crane



## Counterfeits, Clones, Trojans



## Things are Not Always as They Appear!



Blacktopped – After Dynasolve Soak

Different Lead Frames in Same Lot



Physical and Optical Inspection is Time Consuming, Labor Intensive, Thus Expensive!



Trimmed (wedge) vs. Untrimmed (flat) Leads



One Part has Trimmed Leads (Shorter than Legitimate Part) So



Scratched Window from Sanding and Corroded Metal

Source: Images NSWC Crane



## Poor Quality Integrated Circuits

#### Low quality manufacturing process



**Example of Poor Quality** 



**Good Part** 





Source: Images NSWC Crane



#### **Stealthy Dopant-Level Hardware Trojans<sup>1</sup>**

Abstract. ".....In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), **our family of Trojans is resistant to most detection techniques**, including fine-grain optical inspection and checking against "golden chips"......."

<sup>1</sup>Source: Georg T. Becker<sup>1</sup>, Francesco Regazzoni<sup>2</sup>, Christof Paar<sup>1,3</sup>, and Wayne P. Burleson<sup>1</sup>
<sup>1</sup>University of Massachusetts Amherst, USA
<sup>2</sup>TU Delft, The Netherlands and ALaRI - University of Lugano, Switzerland
<sup>3</sup>Horst Görtz Institut for IT-Security, Ruhr-Universitt Bochum, Germany



Fig. 2. Layout of the Trojan DFFR\_X1 gate. The gate is only modified in the highlighted area by changing the dopant mask. The resulting Trojan gate has an output of  $Q = V_{DD}$  and QN = GND.



### SHIELD Overview



## **DARPA** A Hardware Root of Trust for Integrated Circuits

Apply RFID chip concept...



Common Access Card

- PIN (known only to card holder)
- **ID** Certificates

...to integrated circuit integrity



SHIELD Dielet

- Onboard encryption engine with secret key
- Serial ID •



## **DARPA** SHIELD – The DARPA Supply Chain Solution



Dielet floorplan (Northrop Grumman) 14nm CMOS

Prototype dielet layout (SRI) 28nm CMOS

#### Asymmetric Security

- Non-resettable, "always on" intrusion sensors on dielet •
- On-board encryption symmetric key that cannot be "coaxed" from dielet •
- ID and Key are unique to the individual host IC (not just the part number) •
- Interrogation history (date, time, location) stored on secure server •
- Built-in fragility structures kill dielet if removal from host is attempted

#### SHIELD makes counterfeiting too expensive and too hard to do.



## **DARPA** SHIELD Key Components







## 1. Interrogate dielet on host IC





# 2. Unique ID returned by host IC; reader sends ID to server

FAIL if no response from host IC





# 3. Server sends unencrypted challenge to reader; reader forwards challenge to host IC

FAIL on discrepancy between server record and user visual ID (example: user is testing microcontroller, but server reports ID belongs to an FPGA)





## 4. Host IC sends encrypted response and sensor status; reader forwards to server

PASS if challenge/response match FAIL if challenge/response do not match





A complete SHIELD authentication transaction, including internet latency, takes only 1-2 seconds.



## **DARPA** SRI International SHIELD Demo with Reader





## SHIELD Program Structure and Performers



- Program start: January 2015
- Performers:
  - Northrop Grumman (full SHIELD design)
  - SRI International (full SHIELD design)
  - Draper (sensors, fragility)
  - University of California, Berkeley (dielet power/communication, fragility)
  - University of Illinois/Carnegie Mellon University (dielet power/communication)
- Four year program in three phases
  - Phase 1: Technology Development (1.5 years)
  - Phase 2: Hardware Design (1.5 years)
  - Phase 3: Demonstrate the CONOP (1 year)



### Northrop Grumman

A Root-of-Trust Prohibitively Difficult to Exploit With Key Protection, Attack Resistant AES, and Smallest OTP Advancing a Proven AT Tech Base Assessed to Defeat Advanced Threats

NORTHROP GRUMMAN





## **SHIELD Dielet Block Diagram**



## **DARPA** Draper Fragility Summary

Goal: design and develop a high-yield, low cost architecture for the fabrication, testing, and packaging of ultra-thin (<10 $\mu$ m) dielets with engineered fragility





Top View (1,500x)



Released dielets anchored to a silicon frame



Carrier wafer with etched cavities under individual dielets

#### Key Features

- CMOS compatible architecture with high-yield backend processing
- Higher die count (lower cost) compared to dicing processes
- Strategically placed microstructures to aid in fragmentation



Perspective View (10,000x)

G. Perlin, et al.



## 65nm CMOS SHIELD "Technology Vehicle"



