Can microchips be trusted?

Technology. We’re immersed in it every day. Your cell phone, computer, television, and automobile are all pieces of technology—hardware designed with software for practical purposes. We’ve all been warned about the implications of malicious software: viruses, data breaches, and identity theft. But what about the hardware? Are you sure the hardware in your device is trustworthy?

We assume the microchips in our devices were made under strict guidelines and will perform as intended. Unfortunately, that is not always the case.

As the global leader in manufacturing, China produces the majority of microchips used in electronics. However, the production of microchips is not currently regulated in China. Without adhering to strict guidelines, factories can manufacture counterfeit microchips, resulting in underperformance and shorter life spans. Counterfeiting microchips can take many forms: improper recycling, unauthorized production and cloning, introducing hardware Trojans, and illegally brand-stamping are all ways counterfeit microchips are making their way into technology we use.

In 2010, the United States Navy unknowingly purchased 59,000 counterfeit Chinese computer microchips to be used aboard warships, fighter planes, and anti-missile systems. Robert Ernst, head of research for the Naval Air Systems Command’s Aging Aircraft Program, estimates as many as 15% of all the spare and replacement microchips that the Pentagon buys are counterfeit. A 2012 Defense Science Board survey estimates that one in three deployed military systems have counterfeit chips in them.

While these statistics are worrying, the future is hopeful. Researchers in Carnegie Mellon’s Department of Electrical and Computer Engineering (ECE) are training people and creating the technology needed to combat hardware security threats. Principal Systems Scientist Ken Mai is developing new, low-cost, hardware-level methods of securing electronic systems against illegal counterfeiting.

Purchase hardware from trusted sources and recycle properly. Common sense goes a long way toward protection.

Ken Mai, Principal Systems Scientist, Electrical and Computer Engineering, Carnegie Mellon University

Imagine if each microchip were produced with a unique fingerprint, or a secure chip odometer, that would allow it to be tracked from production to installation. The secure chip odometer would gauge authentication of provenance to enable differentiation between genuine and counterfeit parts. Much like a vehicle identification number, the secure chip odometer would allow users to track if a microchip is new or used, when it was manufactured, how long it has been in operation, and whether it has been tampered with.

To support his research in combatting microchip counterfeiting, Mai received one of nine awards given by the National Science Foundation (NSF) and the Semiconductor Research Corporation (SRC) under the Secure, Trustworthy, Assured, and Resilient Semiconductors and Systems Program (STARSS).

Mai and the rest of the ECE department have a unique angle for approaching the topic of hardware security. “We saw an opportunity to approach hardware security from a hardware design perspective, versus a security perspective,” says Mai. “Most of the people working in the space are security people trying to do hardware. We are hardware people applying our skill set to provide security.”

Mai believes we could be using the secure chip odometer in a few years. And in the meantime? “Be smart about the hardware you use,” says Mai. “Purchase hardware from trusted sources and recycle properly. Common sense goes a long way toward protection.”