Advertisement

Blog

DNA Tagging: Secret Weapon Against Industrial Espionage

Counterfeiting is a serious problem, and by all accounts it's getting worse, especially in the military and aerospace sector.

Keeping one-step ahead of the bad guys in the detection of fake parts requires sophisticated equipment that few companies can afford. Yet, based on language in the National Defense Authorization Act of 2012 (NDAA 2012) that President Obama signed into law on the last day of 2011, companies that serve the military market have no choice but to pay the price — one way or another.

The Act specifically states that contractors “are responsible for detecting and avoiding the use or inclusion of counterfeit electronic parts or suspect counterfeit electronic parts.” If they don't they foot the bill for the rework. They are also required to source from “trusted suppliers,” which the act defines as original component manufacturers or authorized distributors. If the parts aren't available from either of these two sources, then contractors can source from “additional trusted suppliers.” Exactly what that means is yet to be determined — perhaps in a court of law.

Because of the magnitude of the problem, companies are coming up with creative solutions to reduce the threat of counterfeiting. Stony Brook, NY-based Applied DNA Sciences is looking to solve the problem once and for all. In a two-month proof-of-concept project funded by the Defense Logistics Agency in 2011, the company supplied ink containing its proprietary plant-based DNA to a chip maker that used it to mark the packages of its finished semiconductors. When the chips entered the supply chain, distributors were able to identify 100 percent of the marked chips to confirm their authenticity.

The success of that exercise led to an 18-month pilot program that will test the technology on a commercial high-volume scale. Separately, Applied DNA Sciences is providing Connecticut-based independent electronics distributor SMT Corp. with DNA ink to mark the components that pass its counterfeit testing program. SMT is a leader in the testing and detection of counterfeit parts.

Just this week, the company followed up with the announcement of a joint venture to take its patented technology to the next level — or to be more precise, to the nano level. As part of a government-funded program, the company is partnering with the College of Nanoscale Science and Engineering (CNSE) at the University of Albany to tag chips at stages in the fabrication process. Calling it “nanosecurity,” Applied DNA and CNSE issued a press release last week Tuesday touting the new “nano-chip anti-counterfeiting program.” CNSE expects the process will be validated within a few months.

What's frightening about this announcement is that this is the first time I've heard of the threat of counterfeiters infiltrating a fab and managing to lay down a counterfeit layer of transistors or metallization. Or counterfeiters that have managed to insert a counterfeit chip during the construction of a 3-D system on an SOC or MEMS component. It’s just unheard of.

The threat that the NDAA 2012 bill addressed is stone-age in comparison. It's the result of poverty-stricken women and children scavenging e-waste from landfills in China, stripping old components off PCBs, sanding off the labels, replacing them with new labels, and selling them as “new” parts to unethical brokers. It's downright primitive compared to the threat that CNSE and Applied DNA are addressing.

What's behind the need for nanosecurity is not a fear of counterfeiting but fear of state-sponsored industrial espionage at next-generation multi-billion dollar fabs outside of the control of the United States. The US intelligence and military community wants assurance that it can “obtain the highest performance integrated circuits (IC’s) and systems-on-chips (SoC’s) while ensuring that components have been securely fabricated according to design,” according to a report on the Trusted Integrated Chips (TIC) Program, published in October by the Safe and Secure Operations Office of the Intelligence Advanced Research Projects Activity (IARPA).

The TIC's objective is to obtain near 100 percent assurance that when fabricating state-of-the-art ASICs — as well as SOCs, MEMS, and other sophisticated 3D semiconductor structures — that US intellectual property is protected, US chip designs are secure, and not compromised by the insertion of “malicious circuitry.”

IARPA is looking forward to the day when the electronics industry will be able to combine digital SoCs with non-digital System-in-Packages (SiPs) to create tiny high-value systems such as sensors, actuators, and biochips.

Put more bluntly, IARPA wants a fool-proof way to make sure its ultra-high-tech, multimillion-dollar, black-program components don't get altered during fabrication outside the US. That is, it wants to prevent somebody on the inside from inserting what it calls “malicious circuitry.”

One way TIC proposes to do this is to physically separate the two stages of chip fabrication. Let offshore fabs lay down the transistors, but bring the wafers back to a secure US location for the metallization process. There are variations on this theme whereby chips are partially fabricated in multiple locations but final integration or packaging is conducted in a secure US facility. DNA-tagging would be used at each stage in the transfer process to ensure that part of the chip is authentic. This is not how chips are fabricated today, and the separation of the processes creates major challenges, especially as the technology advances.

IARPA is funding a five-year, three-phase program to validate the “split-manufacturing” approach for wafer processing. Phase 1 focuses on logistics and compatibility at the 130nm level. Phase 2 will targets 65nm and Phase 3 22nm. CNSA is awaiting word from IARPA regarding funding for its partnership with Applied DNA Sciences.

Of course, the threat of malicious insertion is not exclusively a defense concern. It has implications in the commercial world as well. For instance, consider telecommunications chips or industrial equipment that have rogue circuitry maliciously embedded in them. You could envision a scenario where a competitor or perhaps a foreign government could eavesdrop, access data, and control or even shut a system down at will.

Scary stuff.

16 comments on “DNA Tagging: Secret Weapon Against Industrial Espionage

  1. Ariella
    January 24, 2012

    Very interesting idea. I'd imagine that complicating the process in this way would add to the manufacturing cost, though. 

  2. Houngbo_Hospice
    January 24, 2012

    Good point @Ariella,

    I think that is the price to pay to fight against counterfeiting parts in the military equipments and contractors are likely to pay that additional cost as they “are responsible for detecting and avoiding the use or inclusion of counterfeit electronic parts or suspect counterfeit electronic parts.” If they don't they foot the bill for the rework.

  3. prabhakar_deosthali
    January 25, 2012

    This kind tagging is essential for getting authentic parts for military applications. I think similar tagging is required for parts used in Life-critical medical devices and safety critical electronics in modern cars.

  4. Cryptoman
    January 25, 2012

    A while ago, I read Kevin Mitnick's book entitled “The Art of Deception”, which was a great eye opener for someone like me who has worked professionally in the area of digital security. I remember one phrase from that book that I think anyone interested in security should keep in mind: “The weakest link in any security system, sophisticated or otherwise, is the human factor”.

    In any security system we have today and will have tomorrow, there will be human operators somewhere in its design, operation and maintenance etc. Therefore, that is where security vulnerabilities are likely to seed.

    Even separating the two stages of chip making still does not get around the above fundamental weakness. Therefore, it's only a matter of time until people develop new methods to beat that too. The new methods will certainly buy time and I am not sure how long but, given the history, they are not going to be the Holy Grail of chip protection.

     

     

     

  5. Bruce Rayner
    January 25, 2012

    No question that humans are the weakest link. If it's inevitable that someone somewhere will want to insert 'malicious circuitry' onto a wafer that then infects chips that go into medical or automotive or military systems, then the only answer is to be pro-active to stay one step ahead of the bad guys. As I understanding it, this is what the IARPA is trying to do with its 'split manufacturing' program. 

  6. Bruce Rayner
    January 25, 2012

    I agree prabhakar – the military is funding the proof-of-concept for DNA tagging. But it will see the greatest potential in commercial markets, specifically life-critical applicatons in areas such as medical equipment.

  7. Bruce Rayner
    January 25, 2012

    I think you're right about the higher costs @arialla and @hospice-houngbo. But if the IARPA is underwriting the cost because of the national security threat for military chips, then the commercial sector will benefit. Still, I imagine that a 'split manufacturing' approach to building chips will introduce higher costs because it adds extra steps and more complexity to an already complex process.

  8. Himanshugupta
    January 25, 2012

    If US is too much worried about the security then why only the electronic components. Also US should manufacture the component (start to finish) inside rather than splitting the process in two phases.

  9. Taimoor Zubar
    January 25, 2012

    Planting chips in semiconductor devices does seem to be an effective solution. Any idea about the cost of these chips? Is it cost-effective for all kinds of manufacturers to use this technology to prevent counterfeiting?

  10. Barbara Jorgensen
    January 25, 2012

    In the US, at least, the military has been trying to use more off the shelf products to reduce its costs and increase compatibility. Any counterfeiting solution, even if its was developed for the DOD, has to be used by commercial manufacturers as well. Having two separate supply chians–the old model–will just add redundancy and cost. I'd expect to see a battle on this front (pun intended).

  11. Ariella
    January 25, 2012

    @TaimoorZ I was wondering about the same thing. How much would they have to go up in price in terms of percentage?

  12. Houngbo_Hospice
    January 25, 2012

    “Is it cost-effective for all kinds of manufacturers to use this technology to prevent counterfeiting?”

    @TaimoorZ:

    The solution may not be cost-effective, but the whole point is to find way to fight against counterfeiting. I think researches are being conducted to find a better solution, and DNA tagging is just the (current) state-of-art solution, but not necessary the cost-effective one.

  13. Damilare
    January 25, 2012

    @Himanshugupta  That would be the obvious solution but not neccesarily a feasible one. In a 'global village' cotext it is simply impossible for any country to be totally self sufficient and with fabs scattered all over the world and deliberately because of cheaper labour in some areas. The US has to still rely on products coming in from this locations, so splitting the process will seem the only way they can stay on top of the situation.

  14. tioluwa
    January 26, 2012

    I agree 100% with you Cryptoman, this “chip in a chip” approach like Bruce stated clearly is obviously not a solution to the counterfeiting problem, it is way too advanced, complicated and expensive for that.

     

    As advanced as the supply chain is, are they saying it is impossible to track where these chips come from? Everyone know where anyway, but is it that impossible to track how they get into the chain? Someone somewhere knows what to do but is not doing it.

    I see this approach more as a preventive measure against something bigger mentioned.

    The solution to counterfeiting, is simple in the NDAA 2012 act.

  15. Taimoor Zubar
    January 28, 2012

    I think cost factor is also important for the solution to be commercially viable – no matter how effective it is.

  16. TedW
    January 30, 2012

    I agree with most of the comments but if they can overcome the inherent stability weakness of DNA to heat and UV light (which will be tricky), the biggest problems will be the cost of sending 'suspect' components for forensic analysis and the time it will take to get a definitive result from the DNA Lab.  What do you do in the meantime, stop production, twiddle our thumbs, take a risk?

    Also, because of the stability issues with DNA, there is the additional risk that a Distributor could be wrongly accused of selling counterfeits, due to the 'absence' of the forensic signature.

    But they could be innocent and as the DNA could have faded away naturally (due to heat/humidity/exposure to UV light) but how would a Distributor prove that they're innocent?  

    The damage would be done, I'm afraid and that's why I'm wary about recommending this DNA based system and I'll be interested to see how the field trial goes. 

    Now, if they could produce a totally robust form of DNA style system that could be analyzed in the field, well, I have a few customers that might be very interested.

    Anyone…?

    Ted

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.