Approved for Public Release Distribution Unlimited
Supply Chain Hardware Integrity for Electronics Defense
SHIELDProposerrsquos Day
Arlington VA14 March 2014
1
Kerry BernsteinBest Friend of TrustOptix Bill Bickford
Program ManagerMicrosystems Technology Office
Defense Advanced Research Projects Agency
Approved for Public Release Distribution Unlimited 2
All conversations during todayrsquos Proposerrsquos Day should remain at an unclassified level
bull The Government anticipates proposals submitted under this BAA will be unclassified bull Classified submissions shall be appropriately and conspicuously marked with the proposed classification
level and declassification date Submissions requiring DARPA to make a final classification determination shall be marked as follows
CLASSIFICATION DETERMINATION PENDING Protect as though classified (insert the recommended classification level (eg Top Secret Secret or Confidential)bull Classified submissions shall be in accordance with the following guidance
Confidential and Secret Collateral Information Use classification and marking guidance provided by previously issued security classification guides the DoD Information Security Manual (DoDM 520001 Volumes 1 - 4) and the National Industrial Security Program Operating Manual (DoD 522022-M) when marking and transmitting information previously classified by another Original Classification Authority Classified information at the Confidential and Secret level may be submitted via ONE of the two following methods
Hand-carried by an appropriately cleared and authorized courier to the DARPA CDR Prior to traveling the courier shall contact the DARPA CDR at 703-526-4052 to coordinate arrival and delivery
ORMailed via appropriate US Postal Service methods (eg (USPS) Registered Mail or USPS Express Mail) All classified information will be enclosed in opaque inner and outer covers and double wrapped The inner envelope shall be sealed and plainly marked with the assigned classification and addresses of both sender and addressee
The inner envelope shall be addressed to The outer envelope shall be sealed with no identification as to the classification of its contents and addressed toDefense Advanced Research Projects AgencyATTN Kerry BernsteinMTO Defense Advanced Research Projects AgencyReference DARPA-BAA-14-16 Security amp Intelligence Directorate Attn CDR675 North Randolph Street 675 North Randolph StreetArlington VA 22203-2114 Arlington VA 22203-2114
Classification Guidelines
Approved for Public Release Distribution Unlimited 3
bull 835 AM ndash 900 AM Welcome Mr Kerry Bernstein DARPAMTO
bull 900 AM ndash 930 AM SHIELD Threat Space Mr Brett Hamilton NSWC Crane
bull 930 AM ndash 1030 AM SHIELD Program Mr Kerry Bernstein DARPAMTO
bull 1030 AM ndash 1045 AM BREAK Please leave questions at the registration table at
this time
bull 1045 AM ndash 1115 AM Benchmarks in Metrics Mr Arnett Brown BAH
bull 1115 AM ndash 1200 AM Contracting with DARPA QampA Mr Michael Blackstone DARPACMO
bull 1200 PM ndash 100 PM Lunch Lunch will not be provided DARPA has a cafeacute onsite
bull 100 PM ndash 200 PM Open Forum QampA Each attendee will be provided with two index cards to submit questions before the break for lunch These questions will then be discussed and answered at this time
bull 200 PM ndash 230 PM SHIELDDARPA Overview Dr Arati Prabhakar
DARPADirector
bull 220 PM ndash 245 PM BREAK
bull 245 PM ndash 345 PM Proposer Presentations Mr Saverio Fazzari BAHbull bull 345 PM ndash 400 PM Final QampAClose Out `Mr Kerry Bernstein
DARPAMTO
Proposerrsquos Day Schedule
Approved for Public Release Distribution Unlimited 4
bull Groups that are interested in composing a comprehensive teaming proposal may access the DARPA SHIELD Teaming website bulletin board at httpssharepointextranetdarpamilsitesmtoSHIELDSitePagesHomeaspx
to explore collaborations with other possible proposing groups
bull To request an account please email the request to the BAA-14-16 mailbox at DARPA-BAA-14-16darpamil
Partnering Opportunities
Approved for Public Release Distribution Unlimited 5
bull Proposers who choose to use abstracts are strongly encouraged to submit an abstract in advance of a full proposal This procedure is intended to minimize unnecessary effort in proposal preparation and review
bull The cover sheet should be clearly marked ldquoABSTRACTrdquo and the total length should not exceed 12 pages excluding cover page and official transmittal letter All pages shall be printed on 8-12 by 11 inch paper with type not smaller than 12 point Smaller font may be used for figures tables and charts The page limitation for abstracts includes all figures tables and charts No formal transmittal letter is required All abstracts must be written in English
bull DARPA will respond to abstracts with a statement as to whether DARPA is interested in the idea DARPA will attempt to reply to abstracts in writing within thirty (30) calendar days of receipt
bull Abstract Due Date March 31 2014
bull Additional detailed information on submitting abstract can be found in the SHIELD solicitation DARPA-BAA-14-16
Abstracts Submissions
Approved for Public Release Distribution Unlimited 6
bull Proposal Due Date May 30 2014bull The full proposal must be received on or before May 30 2014 in order to be considered during the
initial round of selections
bull DARPA will acknowledge receipt of complete submissions via email and assign control numbers that should be used in all further correspondence regarding proposals
bull DARPA will post a consolidated Question and Answer response after April 1 2014 before final full proposals are due In order to receive a response to your question submit your question by April 25 2014 to DARPA-BAA-14-16 darpamil
bull To comply with the submission guidelines listed in the BAA please include the followingbull Volume I Technical and Management Proposal
bull Section I Administrative cover sheet to include and official transmittal letter (Note An official transmittal letter is not required when submitting an abstract)
bull Section II Summary of Proposal ndash this section shall not exceed 15 pagesbull Section III Detailed Proposal Informationbull Statement of Work (SOW) - In plain English clearly define the technical taskssubtasks to
be performed their durations and dependencies among them The page length for the SOW will be dependent on the amount of the effort
bull Section IV Additional Information - A brief bibliography of relevant technical papers and research notes (published and unpublished) which document the technical ideas upon which the proposal is based Copies of not more than three (3) relevant papers can be included in the submission
bull Volume II Cost Proposal ndash No Page Limit
bull Additional detailed information on submitting a full proposal can be found in the SHIELD solicitation DARPA-BAA-14-16
Proposal Information
Approved for Public Release Distribution Unlimited 7
bull For any questions regarding todayrsquos Proposerrsquos Day or to request a copy of Mr Bernsteinrsquos presentation please email DARPA-SN-14-22DARPAmil
bull Administrative technical or contractual questions should be sent via e-mail to DARPA-BAA-14-16 All requests must include the name email address and phone number of a point of contact
The technical POC for this effort is Kerry BernsteinThe BAA Coordinator for this effort can be reached at
DARPAMTOATTN DARPA-BAA-14-16675 North Randolph StreetArlington VA 22203-2114 DARPA-BAA-14-16DARPAmil
Contact Information
Approved for Public Release Distribution Unlimited 8
bull At this time DARPA can not provide early feedback on your ideas Please submit abstractsproposals conforming to the guidelines in the BAA
bull Please refer to the BAA for questions on submission format deadlines technical requirements cost analysis etc For specific questions not covered in the BAA please email the coordinator at DARPA-BAA-14-16DARPAmil
bull For all communication purposes regarding this solicitation please direct your attention to the BAA Coordinator using the email address above
bull US Government employees are bound by law to implicit non-disclosure agreements with external institutions You may share information in private conversations without concern over intellectual property loss
bull DARPA Proposerrsquos day is a public event any data released in this venue should be assumed to have been made public Please treat your proprietary data accordingly
Proposerrsquos Day Ethics
Approved for Public Release Distribution Unlimited
Welcome and Introductory Comments
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 10
Acknowledgments
Simply getting the DARPA SHIELD Program to this point required massive efforts and valuable inputs by the following US Government employees and contractors
Bob Colwell Saverio Fazzari Michael BlackstoneDave Shaver Virginia Arzadum Fred SchippBrett Hamilton Arnett Brown Beverly BarnhartJeff K Jerry Roddy Sean LChris Bozada Dan RadackMatt Kay Don Davidson Matt Sale Paul KozemchakBob K Shaun McKinleyJoe H Chrisma JacksonJim Felix Eric HerrJosh Beutler Dan MarrujoJim St Pierre Mitch KomaroffArun Seraphin Nick Diamond
SHIELD SETA TEAM
Approved for Public Release Distribution Unlimited 11
CNN Report 10 June 2012
Counterfeit parts compromise the US Supply Chain and present a growing threat to national security Current safeguards are ineffective they put American lives and DoD missions at risk
Approved for Public Release Distribution Unlimited 12
Supply Chain Control is a Critical Problem
Distributor indicted for supplying counterfeits to Grumman Electric Boat July 2013
SPECTRUM MagazineOctober 2013 pp 41-45
Dept of Defense InstructionNUMBER 414067 26 April 2013
Approved for Public Release Distribution Unlimited 13
US Electronic Waste is a Contributing Factor
Received in Developing Country
Removed fromboards and sorted
Refurbished and remarkedRepackaged
Resold
All images courtesy of SMT Corporation
Shipping fromto US
Electronic Waste Processing Effect on QualityReliability
Image courtesy of Basel Action Network
Image courtesy of SMT Corporation
Uncontrolled heating during part removal can cause die cracks or delamination leading to immediate or latent failures
Mishandling or sanding of parts can cause latent
Electrostatic Discharge (ESD)
failures
Approved for Public Release Distribution Unlimited
Approved for Public Release Distribution Unlimited 15
Electronics Supply Chain is Global
Source IDC Manufacturing Insights amp Booz Allen analysis
Semi DesignSemi Design Semi Manufacturing amp Packaging
Semi Manufacturing amp Packaging
Printed Circuit Board ProductionPrinted Circuit
Board ProductionPrinted Circuit
Board DistributionPrinted Circuit
Board Distribution
Global nature of supply chain makes chain-of-custody unworkable
Lifecycle shown for a single JSF component ndash Component changes hands 15 times before final install
Approved for Public Release Distribution Unlimited
ldquoCounterfeit components are a 1-in-1000000 riskrdquoIndependent Distributors say that from 05 to 35 of their incoming product is suspected counterfeit
ldquoOnly bad distributors sell counterfeit componentsrdquoMost counterfeit parts sold to contractors come from legitimate independent distributors lacking effective screening techniques
ldquoOnly expensive components are counterfeitedrdquoDoC reports that over 60 of counterfeit parts have a sale value of $10 or less
ldquoCounterfeit parts will be detected by electrical testsrdquoMore than half of all counterfeit components have the correct (or equivalent) die
16
Common Industry Supply Chain Misconceptions 1
1 B Hamilton NSWC Crane Testimony at SASC Briefing 9 September 2013
Image courtesy of httpwwwrkonlinestorecouk556-dual-timer-ic-16-pin-dip-pack-of-1-391-pasp
Approved for Public Release Distribution Unlimited 17
It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow downldquo
- from website of an off-shore contract reverse-engineering business
Quote found on the Web
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 2
All conversations during todayrsquos Proposerrsquos Day should remain at an unclassified level
bull The Government anticipates proposals submitted under this BAA will be unclassified bull Classified submissions shall be appropriately and conspicuously marked with the proposed classification
level and declassification date Submissions requiring DARPA to make a final classification determination shall be marked as follows
CLASSIFICATION DETERMINATION PENDING Protect as though classified (insert the recommended classification level (eg Top Secret Secret or Confidential)bull Classified submissions shall be in accordance with the following guidance
Confidential and Secret Collateral Information Use classification and marking guidance provided by previously issued security classification guides the DoD Information Security Manual (DoDM 520001 Volumes 1 - 4) and the National Industrial Security Program Operating Manual (DoD 522022-M) when marking and transmitting information previously classified by another Original Classification Authority Classified information at the Confidential and Secret level may be submitted via ONE of the two following methods
Hand-carried by an appropriately cleared and authorized courier to the DARPA CDR Prior to traveling the courier shall contact the DARPA CDR at 703-526-4052 to coordinate arrival and delivery
ORMailed via appropriate US Postal Service methods (eg (USPS) Registered Mail or USPS Express Mail) All classified information will be enclosed in opaque inner and outer covers and double wrapped The inner envelope shall be sealed and plainly marked with the assigned classification and addresses of both sender and addressee
The inner envelope shall be addressed to The outer envelope shall be sealed with no identification as to the classification of its contents and addressed toDefense Advanced Research Projects AgencyATTN Kerry BernsteinMTO Defense Advanced Research Projects AgencyReference DARPA-BAA-14-16 Security amp Intelligence Directorate Attn CDR675 North Randolph Street 675 North Randolph StreetArlington VA 22203-2114 Arlington VA 22203-2114
Classification Guidelines
Approved for Public Release Distribution Unlimited 3
bull 835 AM ndash 900 AM Welcome Mr Kerry Bernstein DARPAMTO
bull 900 AM ndash 930 AM SHIELD Threat Space Mr Brett Hamilton NSWC Crane
bull 930 AM ndash 1030 AM SHIELD Program Mr Kerry Bernstein DARPAMTO
bull 1030 AM ndash 1045 AM BREAK Please leave questions at the registration table at
this time
bull 1045 AM ndash 1115 AM Benchmarks in Metrics Mr Arnett Brown BAH
bull 1115 AM ndash 1200 AM Contracting with DARPA QampA Mr Michael Blackstone DARPACMO
bull 1200 PM ndash 100 PM Lunch Lunch will not be provided DARPA has a cafeacute onsite
bull 100 PM ndash 200 PM Open Forum QampA Each attendee will be provided with two index cards to submit questions before the break for lunch These questions will then be discussed and answered at this time
bull 200 PM ndash 230 PM SHIELDDARPA Overview Dr Arati Prabhakar
DARPADirector
bull 220 PM ndash 245 PM BREAK
bull 245 PM ndash 345 PM Proposer Presentations Mr Saverio Fazzari BAHbull bull 345 PM ndash 400 PM Final QampAClose Out `Mr Kerry Bernstein
DARPAMTO
Proposerrsquos Day Schedule
Approved for Public Release Distribution Unlimited 4
bull Groups that are interested in composing a comprehensive teaming proposal may access the DARPA SHIELD Teaming website bulletin board at httpssharepointextranetdarpamilsitesmtoSHIELDSitePagesHomeaspx
to explore collaborations with other possible proposing groups
bull To request an account please email the request to the BAA-14-16 mailbox at DARPA-BAA-14-16darpamil
Partnering Opportunities
Approved for Public Release Distribution Unlimited 5
bull Proposers who choose to use abstracts are strongly encouraged to submit an abstract in advance of a full proposal This procedure is intended to minimize unnecessary effort in proposal preparation and review
bull The cover sheet should be clearly marked ldquoABSTRACTrdquo and the total length should not exceed 12 pages excluding cover page and official transmittal letter All pages shall be printed on 8-12 by 11 inch paper with type not smaller than 12 point Smaller font may be used for figures tables and charts The page limitation for abstracts includes all figures tables and charts No formal transmittal letter is required All abstracts must be written in English
bull DARPA will respond to abstracts with a statement as to whether DARPA is interested in the idea DARPA will attempt to reply to abstracts in writing within thirty (30) calendar days of receipt
bull Abstract Due Date March 31 2014
bull Additional detailed information on submitting abstract can be found in the SHIELD solicitation DARPA-BAA-14-16
Abstracts Submissions
Approved for Public Release Distribution Unlimited 6
bull Proposal Due Date May 30 2014bull The full proposal must be received on or before May 30 2014 in order to be considered during the
initial round of selections
bull DARPA will acknowledge receipt of complete submissions via email and assign control numbers that should be used in all further correspondence regarding proposals
bull DARPA will post a consolidated Question and Answer response after April 1 2014 before final full proposals are due In order to receive a response to your question submit your question by April 25 2014 to DARPA-BAA-14-16 darpamil
bull To comply with the submission guidelines listed in the BAA please include the followingbull Volume I Technical and Management Proposal
bull Section I Administrative cover sheet to include and official transmittal letter (Note An official transmittal letter is not required when submitting an abstract)
bull Section II Summary of Proposal ndash this section shall not exceed 15 pagesbull Section III Detailed Proposal Informationbull Statement of Work (SOW) - In plain English clearly define the technical taskssubtasks to
be performed their durations and dependencies among them The page length for the SOW will be dependent on the amount of the effort
bull Section IV Additional Information - A brief bibliography of relevant technical papers and research notes (published and unpublished) which document the technical ideas upon which the proposal is based Copies of not more than three (3) relevant papers can be included in the submission
bull Volume II Cost Proposal ndash No Page Limit
bull Additional detailed information on submitting a full proposal can be found in the SHIELD solicitation DARPA-BAA-14-16
Proposal Information
Approved for Public Release Distribution Unlimited 7
bull For any questions regarding todayrsquos Proposerrsquos Day or to request a copy of Mr Bernsteinrsquos presentation please email DARPA-SN-14-22DARPAmil
bull Administrative technical or contractual questions should be sent via e-mail to DARPA-BAA-14-16 All requests must include the name email address and phone number of a point of contact
The technical POC for this effort is Kerry BernsteinThe BAA Coordinator for this effort can be reached at
DARPAMTOATTN DARPA-BAA-14-16675 North Randolph StreetArlington VA 22203-2114 DARPA-BAA-14-16DARPAmil
Contact Information
Approved for Public Release Distribution Unlimited 8
bull At this time DARPA can not provide early feedback on your ideas Please submit abstractsproposals conforming to the guidelines in the BAA
bull Please refer to the BAA for questions on submission format deadlines technical requirements cost analysis etc For specific questions not covered in the BAA please email the coordinator at DARPA-BAA-14-16DARPAmil
bull For all communication purposes regarding this solicitation please direct your attention to the BAA Coordinator using the email address above
bull US Government employees are bound by law to implicit non-disclosure agreements with external institutions You may share information in private conversations without concern over intellectual property loss
bull DARPA Proposerrsquos day is a public event any data released in this venue should be assumed to have been made public Please treat your proprietary data accordingly
Proposerrsquos Day Ethics
Approved for Public Release Distribution Unlimited
Welcome and Introductory Comments
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 10
Acknowledgments
Simply getting the DARPA SHIELD Program to this point required massive efforts and valuable inputs by the following US Government employees and contractors
Bob Colwell Saverio Fazzari Michael BlackstoneDave Shaver Virginia Arzadum Fred SchippBrett Hamilton Arnett Brown Beverly BarnhartJeff K Jerry Roddy Sean LChris Bozada Dan RadackMatt Kay Don Davidson Matt Sale Paul KozemchakBob K Shaun McKinleyJoe H Chrisma JacksonJim Felix Eric HerrJosh Beutler Dan MarrujoJim St Pierre Mitch KomaroffArun Seraphin Nick Diamond
SHIELD SETA TEAM
Approved for Public Release Distribution Unlimited 11
CNN Report 10 June 2012
Counterfeit parts compromise the US Supply Chain and present a growing threat to national security Current safeguards are ineffective they put American lives and DoD missions at risk
Approved for Public Release Distribution Unlimited 12
Supply Chain Control is a Critical Problem
Distributor indicted for supplying counterfeits to Grumman Electric Boat July 2013
SPECTRUM MagazineOctober 2013 pp 41-45
Dept of Defense InstructionNUMBER 414067 26 April 2013
Approved for Public Release Distribution Unlimited 13
US Electronic Waste is a Contributing Factor
Received in Developing Country
Removed fromboards and sorted
Refurbished and remarkedRepackaged
Resold
All images courtesy of SMT Corporation
Shipping fromto US
Electronic Waste Processing Effect on QualityReliability
Image courtesy of Basel Action Network
Image courtesy of SMT Corporation
Uncontrolled heating during part removal can cause die cracks or delamination leading to immediate or latent failures
Mishandling or sanding of parts can cause latent
Electrostatic Discharge (ESD)
failures
Approved for Public Release Distribution Unlimited
Approved for Public Release Distribution Unlimited 15
Electronics Supply Chain is Global
Source IDC Manufacturing Insights amp Booz Allen analysis
Semi DesignSemi Design Semi Manufacturing amp Packaging
Semi Manufacturing amp Packaging
Printed Circuit Board ProductionPrinted Circuit
Board ProductionPrinted Circuit
Board DistributionPrinted Circuit
Board Distribution
Global nature of supply chain makes chain-of-custody unworkable
Lifecycle shown for a single JSF component ndash Component changes hands 15 times before final install
Approved for Public Release Distribution Unlimited
ldquoCounterfeit components are a 1-in-1000000 riskrdquoIndependent Distributors say that from 05 to 35 of their incoming product is suspected counterfeit
ldquoOnly bad distributors sell counterfeit componentsrdquoMost counterfeit parts sold to contractors come from legitimate independent distributors lacking effective screening techniques
ldquoOnly expensive components are counterfeitedrdquoDoC reports that over 60 of counterfeit parts have a sale value of $10 or less
ldquoCounterfeit parts will be detected by electrical testsrdquoMore than half of all counterfeit components have the correct (or equivalent) die
16
Common Industry Supply Chain Misconceptions 1
1 B Hamilton NSWC Crane Testimony at SASC Briefing 9 September 2013
Image courtesy of httpwwwrkonlinestorecouk556-dual-timer-ic-16-pin-dip-pack-of-1-391-pasp
Approved for Public Release Distribution Unlimited 17
It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow downldquo
- from website of an off-shore contract reverse-engineering business
Quote found on the Web
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 3
bull 835 AM ndash 900 AM Welcome Mr Kerry Bernstein DARPAMTO
bull 900 AM ndash 930 AM SHIELD Threat Space Mr Brett Hamilton NSWC Crane
bull 930 AM ndash 1030 AM SHIELD Program Mr Kerry Bernstein DARPAMTO
bull 1030 AM ndash 1045 AM BREAK Please leave questions at the registration table at
this time
bull 1045 AM ndash 1115 AM Benchmarks in Metrics Mr Arnett Brown BAH
bull 1115 AM ndash 1200 AM Contracting with DARPA QampA Mr Michael Blackstone DARPACMO
bull 1200 PM ndash 100 PM Lunch Lunch will not be provided DARPA has a cafeacute onsite
bull 100 PM ndash 200 PM Open Forum QampA Each attendee will be provided with two index cards to submit questions before the break for lunch These questions will then be discussed and answered at this time
bull 200 PM ndash 230 PM SHIELDDARPA Overview Dr Arati Prabhakar
DARPADirector
bull 220 PM ndash 245 PM BREAK
bull 245 PM ndash 345 PM Proposer Presentations Mr Saverio Fazzari BAHbull bull 345 PM ndash 400 PM Final QampAClose Out `Mr Kerry Bernstein
DARPAMTO
Proposerrsquos Day Schedule
Approved for Public Release Distribution Unlimited 4
bull Groups that are interested in composing a comprehensive teaming proposal may access the DARPA SHIELD Teaming website bulletin board at httpssharepointextranetdarpamilsitesmtoSHIELDSitePagesHomeaspx
to explore collaborations with other possible proposing groups
bull To request an account please email the request to the BAA-14-16 mailbox at DARPA-BAA-14-16darpamil
Partnering Opportunities
Approved for Public Release Distribution Unlimited 5
bull Proposers who choose to use abstracts are strongly encouraged to submit an abstract in advance of a full proposal This procedure is intended to minimize unnecessary effort in proposal preparation and review
bull The cover sheet should be clearly marked ldquoABSTRACTrdquo and the total length should not exceed 12 pages excluding cover page and official transmittal letter All pages shall be printed on 8-12 by 11 inch paper with type not smaller than 12 point Smaller font may be used for figures tables and charts The page limitation for abstracts includes all figures tables and charts No formal transmittal letter is required All abstracts must be written in English
bull DARPA will respond to abstracts with a statement as to whether DARPA is interested in the idea DARPA will attempt to reply to abstracts in writing within thirty (30) calendar days of receipt
bull Abstract Due Date March 31 2014
bull Additional detailed information on submitting abstract can be found in the SHIELD solicitation DARPA-BAA-14-16
Abstracts Submissions
Approved for Public Release Distribution Unlimited 6
bull Proposal Due Date May 30 2014bull The full proposal must be received on or before May 30 2014 in order to be considered during the
initial round of selections
bull DARPA will acknowledge receipt of complete submissions via email and assign control numbers that should be used in all further correspondence regarding proposals
bull DARPA will post a consolidated Question and Answer response after April 1 2014 before final full proposals are due In order to receive a response to your question submit your question by April 25 2014 to DARPA-BAA-14-16 darpamil
bull To comply with the submission guidelines listed in the BAA please include the followingbull Volume I Technical and Management Proposal
bull Section I Administrative cover sheet to include and official transmittal letter (Note An official transmittal letter is not required when submitting an abstract)
bull Section II Summary of Proposal ndash this section shall not exceed 15 pagesbull Section III Detailed Proposal Informationbull Statement of Work (SOW) - In plain English clearly define the technical taskssubtasks to
be performed their durations and dependencies among them The page length for the SOW will be dependent on the amount of the effort
bull Section IV Additional Information - A brief bibliography of relevant technical papers and research notes (published and unpublished) which document the technical ideas upon which the proposal is based Copies of not more than three (3) relevant papers can be included in the submission
bull Volume II Cost Proposal ndash No Page Limit
bull Additional detailed information on submitting a full proposal can be found in the SHIELD solicitation DARPA-BAA-14-16
Proposal Information
Approved for Public Release Distribution Unlimited 7
bull For any questions regarding todayrsquos Proposerrsquos Day or to request a copy of Mr Bernsteinrsquos presentation please email DARPA-SN-14-22DARPAmil
bull Administrative technical or contractual questions should be sent via e-mail to DARPA-BAA-14-16 All requests must include the name email address and phone number of a point of contact
The technical POC for this effort is Kerry BernsteinThe BAA Coordinator for this effort can be reached at
DARPAMTOATTN DARPA-BAA-14-16675 North Randolph StreetArlington VA 22203-2114 DARPA-BAA-14-16DARPAmil
Contact Information
Approved for Public Release Distribution Unlimited 8
bull At this time DARPA can not provide early feedback on your ideas Please submit abstractsproposals conforming to the guidelines in the BAA
bull Please refer to the BAA for questions on submission format deadlines technical requirements cost analysis etc For specific questions not covered in the BAA please email the coordinator at DARPA-BAA-14-16DARPAmil
bull For all communication purposes regarding this solicitation please direct your attention to the BAA Coordinator using the email address above
bull US Government employees are bound by law to implicit non-disclosure agreements with external institutions You may share information in private conversations without concern over intellectual property loss
bull DARPA Proposerrsquos day is a public event any data released in this venue should be assumed to have been made public Please treat your proprietary data accordingly
Proposerrsquos Day Ethics
Approved for Public Release Distribution Unlimited
Welcome and Introductory Comments
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 10
Acknowledgments
Simply getting the DARPA SHIELD Program to this point required massive efforts and valuable inputs by the following US Government employees and contractors
Bob Colwell Saverio Fazzari Michael BlackstoneDave Shaver Virginia Arzadum Fred SchippBrett Hamilton Arnett Brown Beverly BarnhartJeff K Jerry Roddy Sean LChris Bozada Dan RadackMatt Kay Don Davidson Matt Sale Paul KozemchakBob K Shaun McKinleyJoe H Chrisma JacksonJim Felix Eric HerrJosh Beutler Dan MarrujoJim St Pierre Mitch KomaroffArun Seraphin Nick Diamond
SHIELD SETA TEAM
Approved for Public Release Distribution Unlimited 11
CNN Report 10 June 2012
Counterfeit parts compromise the US Supply Chain and present a growing threat to national security Current safeguards are ineffective they put American lives and DoD missions at risk
Approved for Public Release Distribution Unlimited 12
Supply Chain Control is a Critical Problem
Distributor indicted for supplying counterfeits to Grumman Electric Boat July 2013
SPECTRUM MagazineOctober 2013 pp 41-45
Dept of Defense InstructionNUMBER 414067 26 April 2013
Approved for Public Release Distribution Unlimited 13
US Electronic Waste is a Contributing Factor
Received in Developing Country
Removed fromboards and sorted
Refurbished and remarkedRepackaged
Resold
All images courtesy of SMT Corporation
Shipping fromto US
Electronic Waste Processing Effect on QualityReliability
Image courtesy of Basel Action Network
Image courtesy of SMT Corporation
Uncontrolled heating during part removal can cause die cracks or delamination leading to immediate or latent failures
Mishandling or sanding of parts can cause latent
Electrostatic Discharge (ESD)
failures
Approved for Public Release Distribution Unlimited
Approved for Public Release Distribution Unlimited 15
Electronics Supply Chain is Global
Source IDC Manufacturing Insights amp Booz Allen analysis
Semi DesignSemi Design Semi Manufacturing amp Packaging
Semi Manufacturing amp Packaging
Printed Circuit Board ProductionPrinted Circuit
Board ProductionPrinted Circuit
Board DistributionPrinted Circuit
Board Distribution
Global nature of supply chain makes chain-of-custody unworkable
Lifecycle shown for a single JSF component ndash Component changes hands 15 times before final install
Approved for Public Release Distribution Unlimited
ldquoCounterfeit components are a 1-in-1000000 riskrdquoIndependent Distributors say that from 05 to 35 of their incoming product is suspected counterfeit
ldquoOnly bad distributors sell counterfeit componentsrdquoMost counterfeit parts sold to contractors come from legitimate independent distributors lacking effective screening techniques
ldquoOnly expensive components are counterfeitedrdquoDoC reports that over 60 of counterfeit parts have a sale value of $10 or less
ldquoCounterfeit parts will be detected by electrical testsrdquoMore than half of all counterfeit components have the correct (or equivalent) die
16
Common Industry Supply Chain Misconceptions 1
1 B Hamilton NSWC Crane Testimony at SASC Briefing 9 September 2013
Image courtesy of httpwwwrkonlinestorecouk556-dual-timer-ic-16-pin-dip-pack-of-1-391-pasp
Approved for Public Release Distribution Unlimited 17
It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow downldquo
- from website of an off-shore contract reverse-engineering business
Quote found on the Web
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 4
bull Groups that are interested in composing a comprehensive teaming proposal may access the DARPA SHIELD Teaming website bulletin board at httpssharepointextranetdarpamilsitesmtoSHIELDSitePagesHomeaspx
to explore collaborations with other possible proposing groups
bull To request an account please email the request to the BAA-14-16 mailbox at DARPA-BAA-14-16darpamil
Partnering Opportunities
Approved for Public Release Distribution Unlimited 5
bull Proposers who choose to use abstracts are strongly encouraged to submit an abstract in advance of a full proposal This procedure is intended to minimize unnecessary effort in proposal preparation and review
bull The cover sheet should be clearly marked ldquoABSTRACTrdquo and the total length should not exceed 12 pages excluding cover page and official transmittal letter All pages shall be printed on 8-12 by 11 inch paper with type not smaller than 12 point Smaller font may be used for figures tables and charts The page limitation for abstracts includes all figures tables and charts No formal transmittal letter is required All abstracts must be written in English
bull DARPA will respond to abstracts with a statement as to whether DARPA is interested in the idea DARPA will attempt to reply to abstracts in writing within thirty (30) calendar days of receipt
bull Abstract Due Date March 31 2014
bull Additional detailed information on submitting abstract can be found in the SHIELD solicitation DARPA-BAA-14-16
Abstracts Submissions
Approved for Public Release Distribution Unlimited 6
bull Proposal Due Date May 30 2014bull The full proposal must be received on or before May 30 2014 in order to be considered during the
initial round of selections
bull DARPA will acknowledge receipt of complete submissions via email and assign control numbers that should be used in all further correspondence regarding proposals
bull DARPA will post a consolidated Question and Answer response after April 1 2014 before final full proposals are due In order to receive a response to your question submit your question by April 25 2014 to DARPA-BAA-14-16 darpamil
bull To comply with the submission guidelines listed in the BAA please include the followingbull Volume I Technical and Management Proposal
bull Section I Administrative cover sheet to include and official transmittal letter (Note An official transmittal letter is not required when submitting an abstract)
bull Section II Summary of Proposal ndash this section shall not exceed 15 pagesbull Section III Detailed Proposal Informationbull Statement of Work (SOW) - In plain English clearly define the technical taskssubtasks to
be performed their durations and dependencies among them The page length for the SOW will be dependent on the amount of the effort
bull Section IV Additional Information - A brief bibliography of relevant technical papers and research notes (published and unpublished) which document the technical ideas upon which the proposal is based Copies of not more than three (3) relevant papers can be included in the submission
bull Volume II Cost Proposal ndash No Page Limit
bull Additional detailed information on submitting a full proposal can be found in the SHIELD solicitation DARPA-BAA-14-16
Proposal Information
Approved for Public Release Distribution Unlimited 7
bull For any questions regarding todayrsquos Proposerrsquos Day or to request a copy of Mr Bernsteinrsquos presentation please email DARPA-SN-14-22DARPAmil
bull Administrative technical or contractual questions should be sent via e-mail to DARPA-BAA-14-16 All requests must include the name email address and phone number of a point of contact
The technical POC for this effort is Kerry BernsteinThe BAA Coordinator for this effort can be reached at
DARPAMTOATTN DARPA-BAA-14-16675 North Randolph StreetArlington VA 22203-2114 DARPA-BAA-14-16DARPAmil
Contact Information
Approved for Public Release Distribution Unlimited 8
bull At this time DARPA can not provide early feedback on your ideas Please submit abstractsproposals conforming to the guidelines in the BAA
bull Please refer to the BAA for questions on submission format deadlines technical requirements cost analysis etc For specific questions not covered in the BAA please email the coordinator at DARPA-BAA-14-16DARPAmil
bull For all communication purposes regarding this solicitation please direct your attention to the BAA Coordinator using the email address above
bull US Government employees are bound by law to implicit non-disclosure agreements with external institutions You may share information in private conversations without concern over intellectual property loss
bull DARPA Proposerrsquos day is a public event any data released in this venue should be assumed to have been made public Please treat your proprietary data accordingly
Proposerrsquos Day Ethics
Approved for Public Release Distribution Unlimited
Welcome and Introductory Comments
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 10
Acknowledgments
Simply getting the DARPA SHIELD Program to this point required massive efforts and valuable inputs by the following US Government employees and contractors
Bob Colwell Saverio Fazzari Michael BlackstoneDave Shaver Virginia Arzadum Fred SchippBrett Hamilton Arnett Brown Beverly BarnhartJeff K Jerry Roddy Sean LChris Bozada Dan RadackMatt Kay Don Davidson Matt Sale Paul KozemchakBob K Shaun McKinleyJoe H Chrisma JacksonJim Felix Eric HerrJosh Beutler Dan MarrujoJim St Pierre Mitch KomaroffArun Seraphin Nick Diamond
SHIELD SETA TEAM
Approved for Public Release Distribution Unlimited 11
CNN Report 10 June 2012
Counterfeit parts compromise the US Supply Chain and present a growing threat to national security Current safeguards are ineffective they put American lives and DoD missions at risk
Approved for Public Release Distribution Unlimited 12
Supply Chain Control is a Critical Problem
Distributor indicted for supplying counterfeits to Grumman Electric Boat July 2013
SPECTRUM MagazineOctober 2013 pp 41-45
Dept of Defense InstructionNUMBER 414067 26 April 2013
Approved for Public Release Distribution Unlimited 13
US Electronic Waste is a Contributing Factor
Received in Developing Country
Removed fromboards and sorted
Refurbished and remarkedRepackaged
Resold
All images courtesy of SMT Corporation
Shipping fromto US
Electronic Waste Processing Effect on QualityReliability
Image courtesy of Basel Action Network
Image courtesy of SMT Corporation
Uncontrolled heating during part removal can cause die cracks or delamination leading to immediate or latent failures
Mishandling or sanding of parts can cause latent
Electrostatic Discharge (ESD)
failures
Approved for Public Release Distribution Unlimited
Approved for Public Release Distribution Unlimited 15
Electronics Supply Chain is Global
Source IDC Manufacturing Insights amp Booz Allen analysis
Semi DesignSemi Design Semi Manufacturing amp Packaging
Semi Manufacturing amp Packaging
Printed Circuit Board ProductionPrinted Circuit
Board ProductionPrinted Circuit
Board DistributionPrinted Circuit
Board Distribution
Global nature of supply chain makes chain-of-custody unworkable
Lifecycle shown for a single JSF component ndash Component changes hands 15 times before final install
Approved for Public Release Distribution Unlimited
ldquoCounterfeit components are a 1-in-1000000 riskrdquoIndependent Distributors say that from 05 to 35 of their incoming product is suspected counterfeit
ldquoOnly bad distributors sell counterfeit componentsrdquoMost counterfeit parts sold to contractors come from legitimate independent distributors lacking effective screening techniques
ldquoOnly expensive components are counterfeitedrdquoDoC reports that over 60 of counterfeit parts have a sale value of $10 or less
ldquoCounterfeit parts will be detected by electrical testsrdquoMore than half of all counterfeit components have the correct (or equivalent) die
16
Common Industry Supply Chain Misconceptions 1
1 B Hamilton NSWC Crane Testimony at SASC Briefing 9 September 2013
Image courtesy of httpwwwrkonlinestorecouk556-dual-timer-ic-16-pin-dip-pack-of-1-391-pasp
Approved for Public Release Distribution Unlimited 17
It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow downldquo
- from website of an off-shore contract reverse-engineering business
Quote found on the Web
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 5
bull Proposers who choose to use abstracts are strongly encouraged to submit an abstract in advance of a full proposal This procedure is intended to minimize unnecessary effort in proposal preparation and review
bull The cover sheet should be clearly marked ldquoABSTRACTrdquo and the total length should not exceed 12 pages excluding cover page and official transmittal letter All pages shall be printed on 8-12 by 11 inch paper with type not smaller than 12 point Smaller font may be used for figures tables and charts The page limitation for abstracts includes all figures tables and charts No formal transmittal letter is required All abstracts must be written in English
bull DARPA will respond to abstracts with a statement as to whether DARPA is interested in the idea DARPA will attempt to reply to abstracts in writing within thirty (30) calendar days of receipt
bull Abstract Due Date March 31 2014
bull Additional detailed information on submitting abstract can be found in the SHIELD solicitation DARPA-BAA-14-16
Abstracts Submissions
Approved for Public Release Distribution Unlimited 6
bull Proposal Due Date May 30 2014bull The full proposal must be received on or before May 30 2014 in order to be considered during the
initial round of selections
bull DARPA will acknowledge receipt of complete submissions via email and assign control numbers that should be used in all further correspondence regarding proposals
bull DARPA will post a consolidated Question and Answer response after April 1 2014 before final full proposals are due In order to receive a response to your question submit your question by April 25 2014 to DARPA-BAA-14-16 darpamil
bull To comply with the submission guidelines listed in the BAA please include the followingbull Volume I Technical and Management Proposal
bull Section I Administrative cover sheet to include and official transmittal letter (Note An official transmittal letter is not required when submitting an abstract)
bull Section II Summary of Proposal ndash this section shall not exceed 15 pagesbull Section III Detailed Proposal Informationbull Statement of Work (SOW) - In plain English clearly define the technical taskssubtasks to
be performed their durations and dependencies among them The page length for the SOW will be dependent on the amount of the effort
bull Section IV Additional Information - A brief bibliography of relevant technical papers and research notes (published and unpublished) which document the technical ideas upon which the proposal is based Copies of not more than three (3) relevant papers can be included in the submission
bull Volume II Cost Proposal ndash No Page Limit
bull Additional detailed information on submitting a full proposal can be found in the SHIELD solicitation DARPA-BAA-14-16
Proposal Information
Approved for Public Release Distribution Unlimited 7
bull For any questions regarding todayrsquos Proposerrsquos Day or to request a copy of Mr Bernsteinrsquos presentation please email DARPA-SN-14-22DARPAmil
bull Administrative technical or contractual questions should be sent via e-mail to DARPA-BAA-14-16 All requests must include the name email address and phone number of a point of contact
The technical POC for this effort is Kerry BernsteinThe BAA Coordinator for this effort can be reached at
DARPAMTOATTN DARPA-BAA-14-16675 North Randolph StreetArlington VA 22203-2114 DARPA-BAA-14-16DARPAmil
Contact Information
Approved for Public Release Distribution Unlimited 8
bull At this time DARPA can not provide early feedback on your ideas Please submit abstractsproposals conforming to the guidelines in the BAA
bull Please refer to the BAA for questions on submission format deadlines technical requirements cost analysis etc For specific questions not covered in the BAA please email the coordinator at DARPA-BAA-14-16DARPAmil
bull For all communication purposes regarding this solicitation please direct your attention to the BAA Coordinator using the email address above
bull US Government employees are bound by law to implicit non-disclosure agreements with external institutions You may share information in private conversations without concern over intellectual property loss
bull DARPA Proposerrsquos day is a public event any data released in this venue should be assumed to have been made public Please treat your proprietary data accordingly
Proposerrsquos Day Ethics
Approved for Public Release Distribution Unlimited
Welcome and Introductory Comments
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 10
Acknowledgments
Simply getting the DARPA SHIELD Program to this point required massive efforts and valuable inputs by the following US Government employees and contractors
Bob Colwell Saverio Fazzari Michael BlackstoneDave Shaver Virginia Arzadum Fred SchippBrett Hamilton Arnett Brown Beverly BarnhartJeff K Jerry Roddy Sean LChris Bozada Dan RadackMatt Kay Don Davidson Matt Sale Paul KozemchakBob K Shaun McKinleyJoe H Chrisma JacksonJim Felix Eric HerrJosh Beutler Dan MarrujoJim St Pierre Mitch KomaroffArun Seraphin Nick Diamond
SHIELD SETA TEAM
Approved for Public Release Distribution Unlimited 11
CNN Report 10 June 2012
Counterfeit parts compromise the US Supply Chain and present a growing threat to national security Current safeguards are ineffective they put American lives and DoD missions at risk
Approved for Public Release Distribution Unlimited 12
Supply Chain Control is a Critical Problem
Distributor indicted for supplying counterfeits to Grumman Electric Boat July 2013
SPECTRUM MagazineOctober 2013 pp 41-45
Dept of Defense InstructionNUMBER 414067 26 April 2013
Approved for Public Release Distribution Unlimited 13
US Electronic Waste is a Contributing Factor
Received in Developing Country
Removed fromboards and sorted
Refurbished and remarkedRepackaged
Resold
All images courtesy of SMT Corporation
Shipping fromto US
Electronic Waste Processing Effect on QualityReliability
Image courtesy of Basel Action Network
Image courtesy of SMT Corporation
Uncontrolled heating during part removal can cause die cracks or delamination leading to immediate or latent failures
Mishandling or sanding of parts can cause latent
Electrostatic Discharge (ESD)
failures
Approved for Public Release Distribution Unlimited
Approved for Public Release Distribution Unlimited 15
Electronics Supply Chain is Global
Source IDC Manufacturing Insights amp Booz Allen analysis
Semi DesignSemi Design Semi Manufacturing amp Packaging
Semi Manufacturing amp Packaging
Printed Circuit Board ProductionPrinted Circuit
Board ProductionPrinted Circuit
Board DistributionPrinted Circuit
Board Distribution
Global nature of supply chain makes chain-of-custody unworkable
Lifecycle shown for a single JSF component ndash Component changes hands 15 times before final install
Approved for Public Release Distribution Unlimited
ldquoCounterfeit components are a 1-in-1000000 riskrdquoIndependent Distributors say that from 05 to 35 of their incoming product is suspected counterfeit
ldquoOnly bad distributors sell counterfeit componentsrdquoMost counterfeit parts sold to contractors come from legitimate independent distributors lacking effective screening techniques
ldquoOnly expensive components are counterfeitedrdquoDoC reports that over 60 of counterfeit parts have a sale value of $10 or less
ldquoCounterfeit parts will be detected by electrical testsrdquoMore than half of all counterfeit components have the correct (or equivalent) die
16
Common Industry Supply Chain Misconceptions 1
1 B Hamilton NSWC Crane Testimony at SASC Briefing 9 September 2013
Image courtesy of httpwwwrkonlinestorecouk556-dual-timer-ic-16-pin-dip-pack-of-1-391-pasp
Approved for Public Release Distribution Unlimited 17
It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow downldquo
- from website of an off-shore contract reverse-engineering business
Quote found on the Web
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 6
bull Proposal Due Date May 30 2014bull The full proposal must be received on or before May 30 2014 in order to be considered during the
initial round of selections
bull DARPA will acknowledge receipt of complete submissions via email and assign control numbers that should be used in all further correspondence regarding proposals
bull DARPA will post a consolidated Question and Answer response after April 1 2014 before final full proposals are due In order to receive a response to your question submit your question by April 25 2014 to DARPA-BAA-14-16 darpamil
bull To comply with the submission guidelines listed in the BAA please include the followingbull Volume I Technical and Management Proposal
bull Section I Administrative cover sheet to include and official transmittal letter (Note An official transmittal letter is not required when submitting an abstract)
bull Section II Summary of Proposal ndash this section shall not exceed 15 pagesbull Section III Detailed Proposal Informationbull Statement of Work (SOW) - In plain English clearly define the technical taskssubtasks to
be performed their durations and dependencies among them The page length for the SOW will be dependent on the amount of the effort
bull Section IV Additional Information - A brief bibliography of relevant technical papers and research notes (published and unpublished) which document the technical ideas upon which the proposal is based Copies of not more than three (3) relevant papers can be included in the submission
bull Volume II Cost Proposal ndash No Page Limit
bull Additional detailed information on submitting a full proposal can be found in the SHIELD solicitation DARPA-BAA-14-16
Proposal Information
Approved for Public Release Distribution Unlimited 7
bull For any questions regarding todayrsquos Proposerrsquos Day or to request a copy of Mr Bernsteinrsquos presentation please email DARPA-SN-14-22DARPAmil
bull Administrative technical or contractual questions should be sent via e-mail to DARPA-BAA-14-16 All requests must include the name email address and phone number of a point of contact
The technical POC for this effort is Kerry BernsteinThe BAA Coordinator for this effort can be reached at
DARPAMTOATTN DARPA-BAA-14-16675 North Randolph StreetArlington VA 22203-2114 DARPA-BAA-14-16DARPAmil
Contact Information
Approved for Public Release Distribution Unlimited 8
bull At this time DARPA can not provide early feedback on your ideas Please submit abstractsproposals conforming to the guidelines in the BAA
bull Please refer to the BAA for questions on submission format deadlines technical requirements cost analysis etc For specific questions not covered in the BAA please email the coordinator at DARPA-BAA-14-16DARPAmil
bull For all communication purposes regarding this solicitation please direct your attention to the BAA Coordinator using the email address above
bull US Government employees are bound by law to implicit non-disclosure agreements with external institutions You may share information in private conversations without concern over intellectual property loss
bull DARPA Proposerrsquos day is a public event any data released in this venue should be assumed to have been made public Please treat your proprietary data accordingly
Proposerrsquos Day Ethics
Approved for Public Release Distribution Unlimited
Welcome and Introductory Comments
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 10
Acknowledgments
Simply getting the DARPA SHIELD Program to this point required massive efforts and valuable inputs by the following US Government employees and contractors
Bob Colwell Saverio Fazzari Michael BlackstoneDave Shaver Virginia Arzadum Fred SchippBrett Hamilton Arnett Brown Beverly BarnhartJeff K Jerry Roddy Sean LChris Bozada Dan RadackMatt Kay Don Davidson Matt Sale Paul KozemchakBob K Shaun McKinleyJoe H Chrisma JacksonJim Felix Eric HerrJosh Beutler Dan MarrujoJim St Pierre Mitch KomaroffArun Seraphin Nick Diamond
SHIELD SETA TEAM
Approved for Public Release Distribution Unlimited 11
CNN Report 10 June 2012
Counterfeit parts compromise the US Supply Chain and present a growing threat to national security Current safeguards are ineffective they put American lives and DoD missions at risk
Approved for Public Release Distribution Unlimited 12
Supply Chain Control is a Critical Problem
Distributor indicted for supplying counterfeits to Grumman Electric Boat July 2013
SPECTRUM MagazineOctober 2013 pp 41-45
Dept of Defense InstructionNUMBER 414067 26 April 2013
Approved for Public Release Distribution Unlimited 13
US Electronic Waste is a Contributing Factor
Received in Developing Country
Removed fromboards and sorted
Refurbished and remarkedRepackaged
Resold
All images courtesy of SMT Corporation
Shipping fromto US
Electronic Waste Processing Effect on QualityReliability
Image courtesy of Basel Action Network
Image courtesy of SMT Corporation
Uncontrolled heating during part removal can cause die cracks or delamination leading to immediate or latent failures
Mishandling or sanding of parts can cause latent
Electrostatic Discharge (ESD)
failures
Approved for Public Release Distribution Unlimited
Approved for Public Release Distribution Unlimited 15
Electronics Supply Chain is Global
Source IDC Manufacturing Insights amp Booz Allen analysis
Semi DesignSemi Design Semi Manufacturing amp Packaging
Semi Manufacturing amp Packaging
Printed Circuit Board ProductionPrinted Circuit
Board ProductionPrinted Circuit
Board DistributionPrinted Circuit
Board Distribution
Global nature of supply chain makes chain-of-custody unworkable
Lifecycle shown for a single JSF component ndash Component changes hands 15 times before final install
Approved for Public Release Distribution Unlimited
ldquoCounterfeit components are a 1-in-1000000 riskrdquoIndependent Distributors say that from 05 to 35 of their incoming product is suspected counterfeit
ldquoOnly bad distributors sell counterfeit componentsrdquoMost counterfeit parts sold to contractors come from legitimate independent distributors lacking effective screening techniques
ldquoOnly expensive components are counterfeitedrdquoDoC reports that over 60 of counterfeit parts have a sale value of $10 or less
ldquoCounterfeit parts will be detected by electrical testsrdquoMore than half of all counterfeit components have the correct (or equivalent) die
16
Common Industry Supply Chain Misconceptions 1
1 B Hamilton NSWC Crane Testimony at SASC Briefing 9 September 2013
Image courtesy of httpwwwrkonlinestorecouk556-dual-timer-ic-16-pin-dip-pack-of-1-391-pasp
Approved for Public Release Distribution Unlimited 17
It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow downldquo
- from website of an off-shore contract reverse-engineering business
Quote found on the Web
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 7
bull For any questions regarding todayrsquos Proposerrsquos Day or to request a copy of Mr Bernsteinrsquos presentation please email DARPA-SN-14-22DARPAmil
bull Administrative technical or contractual questions should be sent via e-mail to DARPA-BAA-14-16 All requests must include the name email address and phone number of a point of contact
The technical POC for this effort is Kerry BernsteinThe BAA Coordinator for this effort can be reached at
DARPAMTOATTN DARPA-BAA-14-16675 North Randolph StreetArlington VA 22203-2114 DARPA-BAA-14-16DARPAmil
Contact Information
Approved for Public Release Distribution Unlimited 8
bull At this time DARPA can not provide early feedback on your ideas Please submit abstractsproposals conforming to the guidelines in the BAA
bull Please refer to the BAA for questions on submission format deadlines technical requirements cost analysis etc For specific questions not covered in the BAA please email the coordinator at DARPA-BAA-14-16DARPAmil
bull For all communication purposes regarding this solicitation please direct your attention to the BAA Coordinator using the email address above
bull US Government employees are bound by law to implicit non-disclosure agreements with external institutions You may share information in private conversations without concern over intellectual property loss
bull DARPA Proposerrsquos day is a public event any data released in this venue should be assumed to have been made public Please treat your proprietary data accordingly
Proposerrsquos Day Ethics
Approved for Public Release Distribution Unlimited
Welcome and Introductory Comments
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 10
Acknowledgments
Simply getting the DARPA SHIELD Program to this point required massive efforts and valuable inputs by the following US Government employees and contractors
Bob Colwell Saverio Fazzari Michael BlackstoneDave Shaver Virginia Arzadum Fred SchippBrett Hamilton Arnett Brown Beverly BarnhartJeff K Jerry Roddy Sean LChris Bozada Dan RadackMatt Kay Don Davidson Matt Sale Paul KozemchakBob K Shaun McKinleyJoe H Chrisma JacksonJim Felix Eric HerrJosh Beutler Dan MarrujoJim St Pierre Mitch KomaroffArun Seraphin Nick Diamond
SHIELD SETA TEAM
Approved for Public Release Distribution Unlimited 11
CNN Report 10 June 2012
Counterfeit parts compromise the US Supply Chain and present a growing threat to national security Current safeguards are ineffective they put American lives and DoD missions at risk
Approved for Public Release Distribution Unlimited 12
Supply Chain Control is a Critical Problem
Distributor indicted for supplying counterfeits to Grumman Electric Boat July 2013
SPECTRUM MagazineOctober 2013 pp 41-45
Dept of Defense InstructionNUMBER 414067 26 April 2013
Approved for Public Release Distribution Unlimited 13
US Electronic Waste is a Contributing Factor
Received in Developing Country
Removed fromboards and sorted
Refurbished and remarkedRepackaged
Resold
All images courtesy of SMT Corporation
Shipping fromto US
Electronic Waste Processing Effect on QualityReliability
Image courtesy of Basel Action Network
Image courtesy of SMT Corporation
Uncontrolled heating during part removal can cause die cracks or delamination leading to immediate or latent failures
Mishandling or sanding of parts can cause latent
Electrostatic Discharge (ESD)
failures
Approved for Public Release Distribution Unlimited
Approved for Public Release Distribution Unlimited 15
Electronics Supply Chain is Global
Source IDC Manufacturing Insights amp Booz Allen analysis
Semi DesignSemi Design Semi Manufacturing amp Packaging
Semi Manufacturing amp Packaging
Printed Circuit Board ProductionPrinted Circuit
Board ProductionPrinted Circuit
Board DistributionPrinted Circuit
Board Distribution
Global nature of supply chain makes chain-of-custody unworkable
Lifecycle shown for a single JSF component ndash Component changes hands 15 times before final install
Approved for Public Release Distribution Unlimited
ldquoCounterfeit components are a 1-in-1000000 riskrdquoIndependent Distributors say that from 05 to 35 of their incoming product is suspected counterfeit
ldquoOnly bad distributors sell counterfeit componentsrdquoMost counterfeit parts sold to contractors come from legitimate independent distributors lacking effective screening techniques
ldquoOnly expensive components are counterfeitedrdquoDoC reports that over 60 of counterfeit parts have a sale value of $10 or less
ldquoCounterfeit parts will be detected by electrical testsrdquoMore than half of all counterfeit components have the correct (or equivalent) die
16
Common Industry Supply Chain Misconceptions 1
1 B Hamilton NSWC Crane Testimony at SASC Briefing 9 September 2013
Image courtesy of httpwwwrkonlinestorecouk556-dual-timer-ic-16-pin-dip-pack-of-1-391-pasp
Approved for Public Release Distribution Unlimited 17
It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow downldquo
- from website of an off-shore contract reverse-engineering business
Quote found on the Web
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 8
bull At this time DARPA can not provide early feedback on your ideas Please submit abstractsproposals conforming to the guidelines in the BAA
bull Please refer to the BAA for questions on submission format deadlines technical requirements cost analysis etc For specific questions not covered in the BAA please email the coordinator at DARPA-BAA-14-16DARPAmil
bull For all communication purposes regarding this solicitation please direct your attention to the BAA Coordinator using the email address above
bull US Government employees are bound by law to implicit non-disclosure agreements with external institutions You may share information in private conversations without concern over intellectual property loss
bull DARPA Proposerrsquos day is a public event any data released in this venue should be assumed to have been made public Please treat your proprietary data accordingly
Proposerrsquos Day Ethics
Approved for Public Release Distribution Unlimited
Welcome and Introductory Comments
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 10
Acknowledgments
Simply getting the DARPA SHIELD Program to this point required massive efforts and valuable inputs by the following US Government employees and contractors
Bob Colwell Saverio Fazzari Michael BlackstoneDave Shaver Virginia Arzadum Fred SchippBrett Hamilton Arnett Brown Beverly BarnhartJeff K Jerry Roddy Sean LChris Bozada Dan RadackMatt Kay Don Davidson Matt Sale Paul KozemchakBob K Shaun McKinleyJoe H Chrisma JacksonJim Felix Eric HerrJosh Beutler Dan MarrujoJim St Pierre Mitch KomaroffArun Seraphin Nick Diamond
SHIELD SETA TEAM
Approved for Public Release Distribution Unlimited 11
CNN Report 10 June 2012
Counterfeit parts compromise the US Supply Chain and present a growing threat to national security Current safeguards are ineffective they put American lives and DoD missions at risk
Approved for Public Release Distribution Unlimited 12
Supply Chain Control is a Critical Problem
Distributor indicted for supplying counterfeits to Grumman Electric Boat July 2013
SPECTRUM MagazineOctober 2013 pp 41-45
Dept of Defense InstructionNUMBER 414067 26 April 2013
Approved for Public Release Distribution Unlimited 13
US Electronic Waste is a Contributing Factor
Received in Developing Country
Removed fromboards and sorted
Refurbished and remarkedRepackaged
Resold
All images courtesy of SMT Corporation
Shipping fromto US
Electronic Waste Processing Effect on QualityReliability
Image courtesy of Basel Action Network
Image courtesy of SMT Corporation
Uncontrolled heating during part removal can cause die cracks or delamination leading to immediate or latent failures
Mishandling or sanding of parts can cause latent
Electrostatic Discharge (ESD)
failures
Approved for Public Release Distribution Unlimited
Approved for Public Release Distribution Unlimited 15
Electronics Supply Chain is Global
Source IDC Manufacturing Insights amp Booz Allen analysis
Semi DesignSemi Design Semi Manufacturing amp Packaging
Semi Manufacturing amp Packaging
Printed Circuit Board ProductionPrinted Circuit
Board ProductionPrinted Circuit
Board DistributionPrinted Circuit
Board Distribution
Global nature of supply chain makes chain-of-custody unworkable
Lifecycle shown for a single JSF component ndash Component changes hands 15 times before final install
Approved for Public Release Distribution Unlimited
ldquoCounterfeit components are a 1-in-1000000 riskrdquoIndependent Distributors say that from 05 to 35 of their incoming product is suspected counterfeit
ldquoOnly bad distributors sell counterfeit componentsrdquoMost counterfeit parts sold to contractors come from legitimate independent distributors lacking effective screening techniques
ldquoOnly expensive components are counterfeitedrdquoDoC reports that over 60 of counterfeit parts have a sale value of $10 or less
ldquoCounterfeit parts will be detected by electrical testsrdquoMore than half of all counterfeit components have the correct (or equivalent) die
16
Common Industry Supply Chain Misconceptions 1
1 B Hamilton NSWC Crane Testimony at SASC Briefing 9 September 2013
Image courtesy of httpwwwrkonlinestorecouk556-dual-timer-ic-16-pin-dip-pack-of-1-391-pasp
Approved for Public Release Distribution Unlimited 17
It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow downldquo
- from website of an off-shore contract reverse-engineering business
Quote found on the Web
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
Welcome and Introductory Comments
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 10
Acknowledgments
Simply getting the DARPA SHIELD Program to this point required massive efforts and valuable inputs by the following US Government employees and contractors
Bob Colwell Saverio Fazzari Michael BlackstoneDave Shaver Virginia Arzadum Fred SchippBrett Hamilton Arnett Brown Beverly BarnhartJeff K Jerry Roddy Sean LChris Bozada Dan RadackMatt Kay Don Davidson Matt Sale Paul KozemchakBob K Shaun McKinleyJoe H Chrisma JacksonJim Felix Eric HerrJosh Beutler Dan MarrujoJim St Pierre Mitch KomaroffArun Seraphin Nick Diamond
SHIELD SETA TEAM
Approved for Public Release Distribution Unlimited 11
CNN Report 10 June 2012
Counterfeit parts compromise the US Supply Chain and present a growing threat to national security Current safeguards are ineffective they put American lives and DoD missions at risk
Approved for Public Release Distribution Unlimited 12
Supply Chain Control is a Critical Problem
Distributor indicted for supplying counterfeits to Grumman Electric Boat July 2013
SPECTRUM MagazineOctober 2013 pp 41-45
Dept of Defense InstructionNUMBER 414067 26 April 2013
Approved for Public Release Distribution Unlimited 13
US Electronic Waste is a Contributing Factor
Received in Developing Country
Removed fromboards and sorted
Refurbished and remarkedRepackaged
Resold
All images courtesy of SMT Corporation
Shipping fromto US
Electronic Waste Processing Effect on QualityReliability
Image courtesy of Basel Action Network
Image courtesy of SMT Corporation
Uncontrolled heating during part removal can cause die cracks or delamination leading to immediate or latent failures
Mishandling or sanding of parts can cause latent
Electrostatic Discharge (ESD)
failures
Approved for Public Release Distribution Unlimited
Approved for Public Release Distribution Unlimited 15
Electronics Supply Chain is Global
Source IDC Manufacturing Insights amp Booz Allen analysis
Semi DesignSemi Design Semi Manufacturing amp Packaging
Semi Manufacturing amp Packaging
Printed Circuit Board ProductionPrinted Circuit
Board ProductionPrinted Circuit
Board DistributionPrinted Circuit
Board Distribution
Global nature of supply chain makes chain-of-custody unworkable
Lifecycle shown for a single JSF component ndash Component changes hands 15 times before final install
Approved for Public Release Distribution Unlimited
ldquoCounterfeit components are a 1-in-1000000 riskrdquoIndependent Distributors say that from 05 to 35 of their incoming product is suspected counterfeit
ldquoOnly bad distributors sell counterfeit componentsrdquoMost counterfeit parts sold to contractors come from legitimate independent distributors lacking effective screening techniques
ldquoOnly expensive components are counterfeitedrdquoDoC reports that over 60 of counterfeit parts have a sale value of $10 or less
ldquoCounterfeit parts will be detected by electrical testsrdquoMore than half of all counterfeit components have the correct (or equivalent) die
16
Common Industry Supply Chain Misconceptions 1
1 B Hamilton NSWC Crane Testimony at SASC Briefing 9 September 2013
Image courtesy of httpwwwrkonlinestorecouk556-dual-timer-ic-16-pin-dip-pack-of-1-391-pasp
Approved for Public Release Distribution Unlimited 17
It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow downldquo
- from website of an off-shore contract reverse-engineering business
Quote found on the Web
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 10
Acknowledgments
Simply getting the DARPA SHIELD Program to this point required massive efforts and valuable inputs by the following US Government employees and contractors
Bob Colwell Saverio Fazzari Michael BlackstoneDave Shaver Virginia Arzadum Fred SchippBrett Hamilton Arnett Brown Beverly BarnhartJeff K Jerry Roddy Sean LChris Bozada Dan RadackMatt Kay Don Davidson Matt Sale Paul KozemchakBob K Shaun McKinleyJoe H Chrisma JacksonJim Felix Eric HerrJosh Beutler Dan MarrujoJim St Pierre Mitch KomaroffArun Seraphin Nick Diamond
SHIELD SETA TEAM
Approved for Public Release Distribution Unlimited 11
CNN Report 10 June 2012
Counterfeit parts compromise the US Supply Chain and present a growing threat to national security Current safeguards are ineffective they put American lives and DoD missions at risk
Approved for Public Release Distribution Unlimited 12
Supply Chain Control is a Critical Problem
Distributor indicted for supplying counterfeits to Grumman Electric Boat July 2013
SPECTRUM MagazineOctober 2013 pp 41-45
Dept of Defense InstructionNUMBER 414067 26 April 2013
Approved for Public Release Distribution Unlimited 13
US Electronic Waste is a Contributing Factor
Received in Developing Country
Removed fromboards and sorted
Refurbished and remarkedRepackaged
Resold
All images courtesy of SMT Corporation
Shipping fromto US
Electronic Waste Processing Effect on QualityReliability
Image courtesy of Basel Action Network
Image courtesy of SMT Corporation
Uncontrolled heating during part removal can cause die cracks or delamination leading to immediate or latent failures
Mishandling or sanding of parts can cause latent
Electrostatic Discharge (ESD)
failures
Approved for Public Release Distribution Unlimited
Approved for Public Release Distribution Unlimited 15
Electronics Supply Chain is Global
Source IDC Manufacturing Insights amp Booz Allen analysis
Semi DesignSemi Design Semi Manufacturing amp Packaging
Semi Manufacturing amp Packaging
Printed Circuit Board ProductionPrinted Circuit
Board ProductionPrinted Circuit
Board DistributionPrinted Circuit
Board Distribution
Global nature of supply chain makes chain-of-custody unworkable
Lifecycle shown for a single JSF component ndash Component changes hands 15 times before final install
Approved for Public Release Distribution Unlimited
ldquoCounterfeit components are a 1-in-1000000 riskrdquoIndependent Distributors say that from 05 to 35 of their incoming product is suspected counterfeit
ldquoOnly bad distributors sell counterfeit componentsrdquoMost counterfeit parts sold to contractors come from legitimate independent distributors lacking effective screening techniques
ldquoOnly expensive components are counterfeitedrdquoDoC reports that over 60 of counterfeit parts have a sale value of $10 or less
ldquoCounterfeit parts will be detected by electrical testsrdquoMore than half of all counterfeit components have the correct (or equivalent) die
16
Common Industry Supply Chain Misconceptions 1
1 B Hamilton NSWC Crane Testimony at SASC Briefing 9 September 2013
Image courtesy of httpwwwrkonlinestorecouk556-dual-timer-ic-16-pin-dip-pack-of-1-391-pasp
Approved for Public Release Distribution Unlimited 17
It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow downldquo
- from website of an off-shore contract reverse-engineering business
Quote found on the Web
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 11
CNN Report 10 June 2012
Counterfeit parts compromise the US Supply Chain and present a growing threat to national security Current safeguards are ineffective they put American lives and DoD missions at risk
Approved for Public Release Distribution Unlimited 12
Supply Chain Control is a Critical Problem
Distributor indicted for supplying counterfeits to Grumman Electric Boat July 2013
SPECTRUM MagazineOctober 2013 pp 41-45
Dept of Defense InstructionNUMBER 414067 26 April 2013
Approved for Public Release Distribution Unlimited 13
US Electronic Waste is a Contributing Factor
Received in Developing Country
Removed fromboards and sorted
Refurbished and remarkedRepackaged
Resold
All images courtesy of SMT Corporation
Shipping fromto US
Electronic Waste Processing Effect on QualityReliability
Image courtesy of Basel Action Network
Image courtesy of SMT Corporation
Uncontrolled heating during part removal can cause die cracks or delamination leading to immediate or latent failures
Mishandling or sanding of parts can cause latent
Electrostatic Discharge (ESD)
failures
Approved for Public Release Distribution Unlimited
Approved for Public Release Distribution Unlimited 15
Electronics Supply Chain is Global
Source IDC Manufacturing Insights amp Booz Allen analysis
Semi DesignSemi Design Semi Manufacturing amp Packaging
Semi Manufacturing amp Packaging
Printed Circuit Board ProductionPrinted Circuit
Board ProductionPrinted Circuit
Board DistributionPrinted Circuit
Board Distribution
Global nature of supply chain makes chain-of-custody unworkable
Lifecycle shown for a single JSF component ndash Component changes hands 15 times before final install
Approved for Public Release Distribution Unlimited
ldquoCounterfeit components are a 1-in-1000000 riskrdquoIndependent Distributors say that from 05 to 35 of their incoming product is suspected counterfeit
ldquoOnly bad distributors sell counterfeit componentsrdquoMost counterfeit parts sold to contractors come from legitimate independent distributors lacking effective screening techniques
ldquoOnly expensive components are counterfeitedrdquoDoC reports that over 60 of counterfeit parts have a sale value of $10 or less
ldquoCounterfeit parts will be detected by electrical testsrdquoMore than half of all counterfeit components have the correct (or equivalent) die
16
Common Industry Supply Chain Misconceptions 1
1 B Hamilton NSWC Crane Testimony at SASC Briefing 9 September 2013
Image courtesy of httpwwwrkonlinestorecouk556-dual-timer-ic-16-pin-dip-pack-of-1-391-pasp
Approved for Public Release Distribution Unlimited 17
It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow downldquo
- from website of an off-shore contract reverse-engineering business
Quote found on the Web
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 12
Supply Chain Control is a Critical Problem
Distributor indicted for supplying counterfeits to Grumman Electric Boat July 2013
SPECTRUM MagazineOctober 2013 pp 41-45
Dept of Defense InstructionNUMBER 414067 26 April 2013
Approved for Public Release Distribution Unlimited 13
US Electronic Waste is a Contributing Factor
Received in Developing Country
Removed fromboards and sorted
Refurbished and remarkedRepackaged
Resold
All images courtesy of SMT Corporation
Shipping fromto US
Electronic Waste Processing Effect on QualityReliability
Image courtesy of Basel Action Network
Image courtesy of SMT Corporation
Uncontrolled heating during part removal can cause die cracks or delamination leading to immediate or latent failures
Mishandling or sanding of parts can cause latent
Electrostatic Discharge (ESD)
failures
Approved for Public Release Distribution Unlimited
Approved for Public Release Distribution Unlimited 15
Electronics Supply Chain is Global
Source IDC Manufacturing Insights amp Booz Allen analysis
Semi DesignSemi Design Semi Manufacturing amp Packaging
Semi Manufacturing amp Packaging
Printed Circuit Board ProductionPrinted Circuit
Board ProductionPrinted Circuit
Board DistributionPrinted Circuit
Board Distribution
Global nature of supply chain makes chain-of-custody unworkable
Lifecycle shown for a single JSF component ndash Component changes hands 15 times before final install
Approved for Public Release Distribution Unlimited
ldquoCounterfeit components are a 1-in-1000000 riskrdquoIndependent Distributors say that from 05 to 35 of their incoming product is suspected counterfeit
ldquoOnly bad distributors sell counterfeit componentsrdquoMost counterfeit parts sold to contractors come from legitimate independent distributors lacking effective screening techniques
ldquoOnly expensive components are counterfeitedrdquoDoC reports that over 60 of counterfeit parts have a sale value of $10 or less
ldquoCounterfeit parts will be detected by electrical testsrdquoMore than half of all counterfeit components have the correct (or equivalent) die
16
Common Industry Supply Chain Misconceptions 1
1 B Hamilton NSWC Crane Testimony at SASC Briefing 9 September 2013
Image courtesy of httpwwwrkonlinestorecouk556-dual-timer-ic-16-pin-dip-pack-of-1-391-pasp
Approved for Public Release Distribution Unlimited 17
It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow downldquo
- from website of an off-shore contract reverse-engineering business
Quote found on the Web
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 13
US Electronic Waste is a Contributing Factor
Received in Developing Country
Removed fromboards and sorted
Refurbished and remarkedRepackaged
Resold
All images courtesy of SMT Corporation
Shipping fromto US
Electronic Waste Processing Effect on QualityReliability
Image courtesy of Basel Action Network
Image courtesy of SMT Corporation
Uncontrolled heating during part removal can cause die cracks or delamination leading to immediate or latent failures
Mishandling or sanding of parts can cause latent
Electrostatic Discharge (ESD)
failures
Approved for Public Release Distribution Unlimited
Approved for Public Release Distribution Unlimited 15
Electronics Supply Chain is Global
Source IDC Manufacturing Insights amp Booz Allen analysis
Semi DesignSemi Design Semi Manufacturing amp Packaging
Semi Manufacturing amp Packaging
Printed Circuit Board ProductionPrinted Circuit
Board ProductionPrinted Circuit
Board DistributionPrinted Circuit
Board Distribution
Global nature of supply chain makes chain-of-custody unworkable
Lifecycle shown for a single JSF component ndash Component changes hands 15 times before final install
Approved for Public Release Distribution Unlimited
ldquoCounterfeit components are a 1-in-1000000 riskrdquoIndependent Distributors say that from 05 to 35 of their incoming product is suspected counterfeit
ldquoOnly bad distributors sell counterfeit componentsrdquoMost counterfeit parts sold to contractors come from legitimate independent distributors lacking effective screening techniques
ldquoOnly expensive components are counterfeitedrdquoDoC reports that over 60 of counterfeit parts have a sale value of $10 or less
ldquoCounterfeit parts will be detected by electrical testsrdquoMore than half of all counterfeit components have the correct (or equivalent) die
16
Common Industry Supply Chain Misconceptions 1
1 B Hamilton NSWC Crane Testimony at SASC Briefing 9 September 2013
Image courtesy of httpwwwrkonlinestorecouk556-dual-timer-ic-16-pin-dip-pack-of-1-391-pasp
Approved for Public Release Distribution Unlimited 17
It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow downldquo
- from website of an off-shore contract reverse-engineering business
Quote found on the Web
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Electronic Waste Processing Effect on QualityReliability
Image courtesy of Basel Action Network
Image courtesy of SMT Corporation
Uncontrolled heating during part removal can cause die cracks or delamination leading to immediate or latent failures
Mishandling or sanding of parts can cause latent
Electrostatic Discharge (ESD)
failures
Approved for Public Release Distribution Unlimited
Approved for Public Release Distribution Unlimited 15
Electronics Supply Chain is Global
Source IDC Manufacturing Insights amp Booz Allen analysis
Semi DesignSemi Design Semi Manufacturing amp Packaging
Semi Manufacturing amp Packaging
Printed Circuit Board ProductionPrinted Circuit
Board ProductionPrinted Circuit
Board DistributionPrinted Circuit
Board Distribution
Global nature of supply chain makes chain-of-custody unworkable
Lifecycle shown for a single JSF component ndash Component changes hands 15 times before final install
Approved for Public Release Distribution Unlimited
ldquoCounterfeit components are a 1-in-1000000 riskrdquoIndependent Distributors say that from 05 to 35 of their incoming product is suspected counterfeit
ldquoOnly bad distributors sell counterfeit componentsrdquoMost counterfeit parts sold to contractors come from legitimate independent distributors lacking effective screening techniques
ldquoOnly expensive components are counterfeitedrdquoDoC reports that over 60 of counterfeit parts have a sale value of $10 or less
ldquoCounterfeit parts will be detected by electrical testsrdquoMore than half of all counterfeit components have the correct (or equivalent) die
16
Common Industry Supply Chain Misconceptions 1
1 B Hamilton NSWC Crane Testimony at SASC Briefing 9 September 2013
Image courtesy of httpwwwrkonlinestorecouk556-dual-timer-ic-16-pin-dip-pack-of-1-391-pasp
Approved for Public Release Distribution Unlimited 17
It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow downldquo
- from website of an off-shore contract reverse-engineering business
Quote found on the Web
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 15
Electronics Supply Chain is Global
Source IDC Manufacturing Insights amp Booz Allen analysis
Semi DesignSemi Design Semi Manufacturing amp Packaging
Semi Manufacturing amp Packaging
Printed Circuit Board ProductionPrinted Circuit
Board ProductionPrinted Circuit
Board DistributionPrinted Circuit
Board Distribution
Global nature of supply chain makes chain-of-custody unworkable
Lifecycle shown for a single JSF component ndash Component changes hands 15 times before final install
Approved for Public Release Distribution Unlimited
ldquoCounterfeit components are a 1-in-1000000 riskrdquoIndependent Distributors say that from 05 to 35 of their incoming product is suspected counterfeit
ldquoOnly bad distributors sell counterfeit componentsrdquoMost counterfeit parts sold to contractors come from legitimate independent distributors lacking effective screening techniques
ldquoOnly expensive components are counterfeitedrdquoDoC reports that over 60 of counterfeit parts have a sale value of $10 or less
ldquoCounterfeit parts will be detected by electrical testsrdquoMore than half of all counterfeit components have the correct (or equivalent) die
16
Common Industry Supply Chain Misconceptions 1
1 B Hamilton NSWC Crane Testimony at SASC Briefing 9 September 2013
Image courtesy of httpwwwrkonlinestorecouk556-dual-timer-ic-16-pin-dip-pack-of-1-391-pasp
Approved for Public Release Distribution Unlimited 17
It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow downldquo
- from website of an off-shore contract reverse-engineering business
Quote found on the Web
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
ldquoCounterfeit components are a 1-in-1000000 riskrdquoIndependent Distributors say that from 05 to 35 of their incoming product is suspected counterfeit
ldquoOnly bad distributors sell counterfeit componentsrdquoMost counterfeit parts sold to contractors come from legitimate independent distributors lacking effective screening techniques
ldquoOnly expensive components are counterfeitedrdquoDoC reports that over 60 of counterfeit parts have a sale value of $10 or less
ldquoCounterfeit parts will be detected by electrical testsrdquoMore than half of all counterfeit components have the correct (or equivalent) die
16
Common Industry Supply Chain Misconceptions 1
1 B Hamilton NSWC Crane Testimony at SASC Briefing 9 September 2013
Image courtesy of httpwwwrkonlinestorecouk556-dual-timer-ic-16-pin-dip-pack-of-1-391-pasp
Approved for Public Release Distribution Unlimited 17
It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow downldquo
- from website of an off-shore contract reverse-engineering business
Quote found on the Web
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 17
It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow downldquo
- from website of an off-shore contract reverse-engineering business
Quote found on the Web
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
SHIELD Threat Space
Brett HamiltonNSWC Crane
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
SHIELD Technical Program Description
Kerry Bernstein
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 20
SHIELD Introductory Comments
1 THANK YOU for your interest in participating in DARPA SHIELDIts business but its also our nation
2 The following exemplary design point and CONOP is a preferred embodiment BAA strives not to overspecify Got something better LETS HEAR ABOUT IT
3 Besides performers with great ideas we want performers who ldquoget itrdquo and who have a passion for doing something important for national security Together wersquoll deliver game-changing capability
4 SHIELD is about the Science and the hardware and the technologyCONOP servers networks are limited to whatrsquos needed for the demo
5 SHIELD is not about developing new encryption schemes SHIELD is about NIST IEEE and Industry Standards or new standards
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 21
SHIELD Introductory Comments (contrsquod)
6 Teaming is strongly encouraged DARPA will accept individual Tech Area 1 amp 3 submissions but complete collaborative proposed solutions are preferred and strongly recommended
7 The Supply Chainrsquos threat space is immense Any solution includingDARPA SHIELD will be fraught with problems We expect that But we need to begin somewhere
8 Remaining unaddressed SHIELD vulnerabilities will includebull Insider threatbull Server attacksbull Dielet side channel exfil modes inserted during foreign
fabricationbull Vulnerability to new reverse engineering modes
circumvention
9 SHIELD is intended to make counterfeiting more difficult expensive and time consuming
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 22
Programmatics
DARPA SHIELD is aboutbull Sciencebull Hardware Technologybull Securitybull Reliability and Trustworthinessbull Functionalitybull Manufacturability and Yield
Except for the minimum necessary to demonstrate SHIELD CONOP
DARPA SHIELD is NOT aboutbull Logisticsbull Preferred Business Practicesbull Acquisition Policybull Doctrinebull Supplierdistributor business infrastructurebull New encryption schemesbull New checking toolsbull Softwarebull Back-office structure and networking
httpwwwg33kwatchcomwp-contentuploads201112geek-zonegif
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 23
Glossary
Dielet Extremely small computer chip developed during SHIELDHardware Root-of-Trust
An incorruptible immutable hardware identity reference
KeyA 256-bit cipher code stored on dielet and on a secure server used to secure the dielet authentication operation
Test SiteLimited hardware proof of concept chip without full product functionality
SensorPhysical hardware structure on SHIELD dielet that passively detects intrusions compromising security
ProbeA device attached to a communication appliance that powers the SHIELD dielet
IP Intellectual PropertyCONOP Concept of OperationsDFMDFY Design for Manufacturability Design for YieldPFA Probability of False AlarmPD Probability of DetectionOEM Original Equipment ManufacturerGFE Government-Furnished EquipmentIC Integrated CircuitCDR Critical Design ReviewDSS Digital Signature StandardCMVP Cryptographic Module Verification Program
FITSFailure rate of a component measured in Failures-in-Time over the program
KPOHLifetime of a component measured in thousands of power-on-hours
BOMBill of Material a list of components comprising a given assembly
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
CounterfeitldquoInstances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companiesrdquo
- GAO Report to Congress March 2010
Supply ChainldquoA set of organizations directly linked by one or more upstream and downstream flows of products services finances or information from a source to a customerrdquo
- Cooper MC Lambert DM amp Pagh J (1997) Supply Chain
ManagementMore Than a New Name for Logistics The
International Journal of Logistics Management Vol 8 Issue
1 pp 1ndash14
Chain of CustodyldquoThe chronological sequence of parties spanning from the originator of the component to the final intended user who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possessionrdquo
24
Definition of Terms
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 25
TRUST ndash Tools for detecting Logic Insertions bull Thorough authentication of design for
requires high tech destructive rev eng toolsbull Very difficult to validate logic integrity
of individual parts in SC non-destructively bull What we couldnrsquot find is as important as what we could find
IRIS ndash Capabilities for discovering Reliability Compromisebull Only a subset of all possible reliability
compromises can be detectedbull Not realistic to assess generic component
lifetime using small sample size componentswill be rendered useless afterwards
SHIELD Learning from Prior HW Assurance Programs
DigitalOrAMS
TRUST
IRIS
DARPA pgms showed certain ways of storing private key will be difficult to RE and would destroy part if RE is attempted
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 26
Design Verification Mask Build Chip Build Pkg Test Pers Distr Use
TRUST IRIS Programs Validated Design Preceding Distribution- SHIELD Will Take it From There
3rd Party IPInsider DesignEDA Exploit
IP TheftCopySecurity Intercept
LEGEND Design Attack - Hardware Attack - Logistics Attack
Yield Fail DiversionOverproductionProcess Compromise
Pkg Compromise
Yield Fail DiversionIP TheftCopy
False FPGABitstream
Malicious Insertions
Process Compromise
False ValidationReport
DFM Exploits
DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution
False Expects
SHIELDTRUSTIRIS
False Test Compares
HW Theft
At OEM In Distribution
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 27
DoD is Especially Vulnerable to Counterfeits
bull Unlicensed overproductionbull Test rejects sub-std partsbull Repackaged OEM chips
1 NAVSEA Crane internal report
DoD applications present severe demands on componentswhich make them especially vulnerable to compromisebull DoD electronic components require high reliability serviceability1
bull Compromised component failures risk DoD missions soldierrsquos livesbull Long design cycles (10+ years) and product lifetimes (30+ years)
causes components in the bill-of-material to become obsolete1 bull $10-$50 parts become $8000 parts once they are obsolete1 ndash
providing motivation for recycling and less-reputable suppliersbull Whole off-shore industries supply bogus obsolete parts and clone
current parts (with or without malicious changes)
Most common current component supply problemsbull Recycled componentsbull Remarked parts (Mfr date grade)bull Clones copies
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 28
Attributes of Superior Supply Chain Authentication Tech
1 Extremely low cost with minimal impact to the component manufacturer distributor or end-user as well as to the host component itself
2 Effective at mitigating most supply chain security threats
3 Be simple very fast and executable by untrained operators
4 Trustworthy reliable and prohibitively difficult to spoof
5 Executable at any place time along supply chain providing instant results on-site
6 Performed using a inexpensive interrogation equipment
7 Standardized and widely adopted by government and industry
8 Manufacturable in high volume using standard foundry processes and
9 A value-add to the end-product recognized and requested by the consumer
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 29
SHIELD The DARPA Supply Chain Solution
SHIELD makes counterfeiting too expensive and too hard to do
MicroscopicSHIELD dielet
HW Root-of-TrustFragile Key Storage
Full Encryption Engine
UnpoweredPassive Sensors
Inductive Powering and Communication
DARPA SHIELD will develop the ability to provide- 100 assurance against certain known threat modes - quickly on demand at any step of the supply chain and- essentially for free
SHIELD Target Spec- 100microm x 100microm
(001 mm2 Area)- 100K Devices- 100 MHz Clock Rate- 50 microW Total Power- T le 120C- lt1cent per dielet
Image courtesy of httpwwwhitachicomNewcnews030902html
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 30
SHIELD Exemplary CONOP
Encrypted Challenge
3 Encrypted Sensors
Dielet Smartphone Server
2 Challenge Download
Serial ID No
TCPIP Address
1 Serial ID Upload -Database with Dielet Serial ID Fab Name Fab Date Part No
Random Challenge Generator
4 Authentication Out
Decryption Engine wCrypto key decrypt compare to original challenge
Encryption Engine
w Crypto Key
(VPN)
Temp ExtremesXray ExposureLight Exposure
-Sensors Status -Test Date-Auditor Identity -Key Requests
3 Appliance Data
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
Potential Production Test Approaches
Flying Prober
Inspiration from existing Tube Pick-and-Place Wire Bond Robotic tech
1 Stock checking of Component 2 Assembly checking in Supply Chain
Pick and Place WirebondTube handling of components
31
Volume Production technology can be applied to SHIELD approachTooling and control can easily be adapted to authentication
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 32
Critical Hardware Assurance On-Dielet Features
1 A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer
2 A complete compact on-board key encryption engine capable of encrypting an external challenge using its on-board cryptographic key the cryptographic key never leaves the SHIELD dielet The message will be decrypted using the cryptographic key stored in a secure server database
3 A physically-fragile but electrically-robust dielet which can be embedded in the host components electronic packaging The dielet self-destructs upon any attempts to physically open remove or transfer it from its host component with standard reverse-engineering de-processing techniques
4 Unpowered passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering
5 Inductive or RF communication and powering to allow contactless operation and
6 Built-in dielet resiliency against power-based component exploits or attacks
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 33
Additional Required Design Properties
1 Hardware attacks often leverage re-writable data storage Any rewritable storage on dielet must be carefully assessed for its security
2 SHIELD dielet proposal must be completely stand-alone and should not interact with the host chip in any way Reliability impacts include
a package alterations needed to carry the dielet b unintended inductive or RF coupling impacts on the host device
3 To maintain operational security the inductive RF probe and dielet must be in the immediate vicinity of each other to be able to link
4 Personalized crypto keys on dielet and server should never be sent
5 Entire proposed CONOP including the SHIELD dielet needs to be extremely inexpensive to acquire implement and execute
6 To minimize size power and cost of the SHIELD dielet CONOP complexity should be pushed up to the secure server wherever possible
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
Current Untrusted Logistical Supply Chain
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAYDoD Application
PC Board Assembly
SubsystemAssembly
Vulnerability Zone
For all but simplest exploits DoD has littlesystem component assurance of authenticity
Assume parts have OEM integrity before leaving first Trusted Zone
Ship
pin
g
Ship
pin
g
Ship
pin
gSystemMfg
Sto
ck
34
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
SHIELDrsquoed Supply Chain Exemplar
Trusted Zone
Trusted Zone
Ship
pin
gOriginal Equipmt Mfr
ApprovedReseller
MerchandiseReturns
IndependentDistributor
EBAY
Ship
pin
g
Ship
pin
g
DoD Application
Ship
pin
g
Ship
pin
g
Ship
pin
g
Ship
pin
gSubsystemAssembly
PC Board Assembly
System
Mfr
SHIELD Authentication outside Trusted Zone
Component compromises are now visible at any point along the supply chain Assume parts have OEM integrity before leaving first Trusted Zone
Sto
ck
35
REFRESHER
35
1
5
432
6
7
8
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 36
SHIELD Program Structure
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
Deliverables by Tech Area and Phase
37
Phase 1 Phase 2 Phase 3
TA1
TechDev
On-chip HW tech devlpmt Key Store Sensors CommPwr Mfg Processes- Models- Test Sites- SHIELD layouts
TA2
DesignampIntegr
Dielet Logic DesignStandards Conformation
SHIELD Dielet DesignSHIELD Dielet FabricationSHIELD Dielet Characterization
TA3
Deploy-ment
Packaging DevelopmentReliability Analysis Dummy Dielet FabricationNetwork Architecture Design Inductive Appliance Design
Tooling and Techniques for handling insertionNetwork Structure Build-outInductive Device Fabrication
Demonstration Proof-of- Concept Supply Chain Exercise across sitesRed TeamingEvaluations
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 38
Technical Area 1Phase 1 Technology Months 1-18TA1Phase 1 develops fundamental devices materials structures realizing specific on-board capabilities Prospective solutions should provide the SHIELD target specifications Test Sites will serve as prototypes for specific solutions practiced in Phase 2
bull Fully-described hardware-based solutionsbull Hardware models (ie COMSOL SPICE finite element
modeling etc) bull Design build characterization of hardware proof-of-concept
test sites bull Verification of technology compatibility to conventional IC
manufacturing process bull Layouts of specific technology reductions-to-practice for
Phase 2bull Description of specific test conditions and test pattern filesbull Development of a fully defined interface specification for the
technology for product integration
Technical Area 1 Phase 1 Technology
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 39
A Secure Cryptographic Key Storage Technology
Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product
1 Exceedingly difficult to reverse-engineer
2 Effectively incorruptible
3 Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile while still extremely reliable under normal use conditions
4 Economically personalized with unique serial ID and cryptographic key information in volume production
5 Compatible with and ideally available in the chip process technology selected by performers for the dieletrsquos fabrication
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 40
Encryption Details
1 DARPA SHIELD is committed to using only open standard encryption
Universal trust in the SHIELD concept is critical to its wide acceptance
2 Performers may implement their choice of encryption Provide as secure a solution as device countareapowerperf allows
3 SHIELD must accommodate drop-in alternative encryption engines Program derives technology for new hardware platform
4 Performers will not be creating new encryption algorithms Use only NIST IEEE standards and CMVP approved code
5 Performers may use third party IP for encryption engineBe sure to document source and accreditation
6 Dielet should be able to store up to 256 bits of secret key Key store should be Suite B compliant
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 41
B Passive Sensors
Sensors monitor the integrity of the authentication dielet itself and watch for component compromise Sensors must
1 Passively sense while unpowered be read only when powered
2 Be readable only and permanently altered by the exposure non-resettable in any way
3 Be inexpensively integrated into a conventional CMOS process without impacting the host process
4 Be small enough to fit in the SHIELD dielet form-factor and specification
5 Have an appropriately-tuned sensing threshold to prevent false positives caused by safe existing exposures encountered throughout the current supply chain
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 42
Chemical Nitric Acid Sulfuric Acid Sensing for chemical de-packaging attemptsMechanical Pressure or acoustic sensing for polish de-packaging attemptsLaser Laser wavelength detection for laser de-layering attemptsLight Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imagingHeat Temperature sensors to detect de-soldering component PCB removal
Technical Area 1 Phase 1 (Contrsquod)
Passive Sensor Examples
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 43
C CommunicationPower Transmission TechnologyInductiveRF coupling will enable small form-factor devices to power and communicate with the dielet 1 Dielet should be powered receive a challenge message and
receive the encrypted reply within approximately 2 seconds 2 Performers will determine the bandwidth necessary to support
this latency while passing up to 256 bit key words a 64 bit serial ID random encryption challenges and much shorter sensor output words
3 Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil RF antenna and the appliance
4 Dielet must couple to the appliance only when the appliancersquos probe is in its immediate vicinity The probe otherwise should not emanate significantly beyond the dielet nor link to other external devices
5 Communication with the SHIELD dielet should not be via conventional RFID technology but rather only by inductive or RF coupling to another device within a few millimeters of the host componentrsquos package
Technical Area 1 Phase 1
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 44
DManufacturingProcess TechnologyMultiple CMOS process and manufacturing changes neededto produce SHIELD dielets with new capabilities and at target
of less than a penny per dielet Challenges include1 Wafer thinning technologies for SHIELD wafers that are
potentially 10microm or less in thickness for 100microm x 100microm dies
2 Integrating sensor key store technologies into common process
3 High volume crypto key and ID personalization of each dielet
4 Contactless test technologies for dielets test coverage protocol application-specific test patterns
5 Economic production solution for dicingpicking microscopic dielets that are ~100μm x 100μm
6 Reliability lifetime of SHIELD dielet matching host component Assume host components require 100 KPOH lifetimes
Technical Area 1 Phase 1 (Contrsquod)
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 45
SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication The extremely small chip will integrate bull The Technology
A self-contained encryption engine secure key storage passive intrusion sensors inductiveRF communication and power and
bull The LogicAll necessary logic and intellectual property necessary for the dielet to function as a true authenticator realize the interface to the secure server
Technical Area 2 Design and Integration
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 46
Technical Area 2Phase 1 DesignMonths 1-18Performers will by the end of TA2Phase 1 complete the high level design of the SHIELD dielet1 Define a SHIELD Design Environment Methodology
a Define EDA design environment using industry conventionsb Accommodate SHIELD-specific Logic design synthesis
modeling simulation layout power estimation test pattern generation needs
c Define conventions for performer interfaces
2 Develop a SHIELD logic designdescription expressed in an appropriate high-level design language Design should bea Design should accommodate SHIELD CONOP sequenceb Design must have logical control of passive sensors
3 Select and identify effective encryption designa Proposals leverage certified 3rd party crypto IP or pre-existing
designsb Only open standards may be used
Technical Area 2 Phase 1
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 47
4 Design to Boundary Conditions a Sufficient performance to complete interrogation in ~2 secs
including network latencies ~1 sec without latenciesb Designs may be asynchronous or synchronous free choice of
clock ratec Modeled power consumption and confidence that design will
remain under inductivelyRF-powered limitations Anticipate power-conditioning
5 Anticipate concurrent technologies being developeda Sockets for key store sensorsb add new technology as IP blocks include voltage level shifting
timing changes signal buffering
6 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temperature b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 48
7 Fabrication Implementation Plan a Identify technology and node to be used preferred vendorb Define checkpoints and approximate dates for design and buildc Explain how new technologies will be accommodated by
fabricatord A clear path to manufacturing is needed
8 Anticipate concurrent technologies being developeda Provide sockets for concurrently-developed key store sensors
9 Create and model SHIELD physical designa verify robust design functionality across process voltage and
temp b Accommodate +- 3σ composite process distribution window c BCWCTwist Timing Corner functionality verifiedd Functionality from 0-35deg C Survive -55 degC to 125 degC e Functionality inside +- 3σ conditioned voltage window
10 Provide a Critical Design Review
Technical Area 2 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 49
Technical Area 2Phase 2 Integration amp Fab Months 19-36Performers will by the end of TA2Phase 2 incorporate TA1rsquos specific technology instantiations into their Phase 1 dielet chip design After final design checks process audits designs will be fabricated1 Complete SHIELD dielet design
a Incorporate final TA1 outputsb Complete checking generate specific test patternsc Define conventions for performer interfaces
2 Fabricate SHIELD dieletsa Release design to MFG monitor fabrication intercept for
process exits and re-entries for adjunct technology introductions
b track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction
c dielet may be fabbed at US or foreign fabrication facilities transition partners may later impose restrictions
d Test characterize and assess reliability of manufactured dielets Provide qualification strategy for demonstrating design fulfills spec
Technical Area 2 Phase 2
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 50
Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept Work completed in TA3 includesbull Developing the ability to place SHIELD dielets in component
packaging bull Creating appliances and probes to remotely test
componentsbull Pulling together a simplified SHIELD network server
environment bull Demonstrating an exemplary CONOP employing the SHIELD
device in an actual DoD product acquisition program Performers may team on TA3-only proposals
Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 51
Technical Area 3Phase 1 Pkg Tech Networks Months 01-18Fundamental dielet package insertion attachment or lamination techniques are developed in TA3Phase 1 Network communications and server backbone design is initiated This environment will serve only as a demonstration of the SHIELD proof of concept1 Develop package placement target parametrics
a Determine required specs tolerances for dielet placement in the host
b Develop coupling required for sufficient inductive RF power comms
c Find size of antennae maximum submersion below package surface
d Develop positioning conventions to accommodate various package types
2 Create SHIELD dummy dielet surrogate (1 performer)a Create with TA2 performers consultation to resemble final
form-factorb Place electrical structures to assess specific issues of concern
Technical Area 3 Phase 1
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 52
3 Assure reliability of host component containing SHIELD dielet Performer will assess reliability serviceability impacts to host chip caused by dielet presence and operation Concerns includea Package strain caused by insertion or presenceb Hermetic seal fails caused by insertion or presencec High electromagnetic field impacts to host component during
interrogate
4 Assure reliability of SHIELD dielet in host component Performers will assure the integrity reliability of the placed SHIELD dielet in the host package considering potential damage caused bya Chemical mechanical temperature or electrical materials
interactions with the host packaging materials or process occurring during normal processing packaging dielet insertion or due to aging in normal use
b Failures which should intentionally occur if the product is compromised must also be demonstrated to occur reliably
c Mechanical strain compressive or tensile effects induced on the SHIELD dielet by the package or host component
d Dielet exposure to radiation high X-ray or RF fields when not in use
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 53
5 Create a SHIELD InductiveRF Authentication Appliance and ProbePerformer will design an inexpensive inductiveRF appliance for use in exercsing the SHIELD concept The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone with the addition of an inductiveRF probe connected to the device Responsibilities includea Design of handheld appliance concept including documention b Design of an inductiveRF probe anticipating potential
electromagnetic interference which may obscure coupled signal
c Development of necessary microcode firmware software needed
The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 54
6 Design NetworkServer Architecture for the Demonstration ExerciseSHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2Deliverables includea communications between the dielet and the server through
the inductiveRF appliance and network using TLS standards b All required server transaction and decryption software c A simple graphical user interface that allows users to observe
actual SHIELD transaction demonstrations as they are executed and
d A key management plan describing how all cryptographic keys in their proposed architectures are derived protected at rest and protected in transit
Network and system architecture should support a geographically distributed proof of concept using multiple external vendorsNote that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept but is not the prime focus of the program
Technical Area 3 Phase 1 (contrsquod)
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
Technical Area 3Phase 2 Implementation Months 19-36Development of specific techniques tooling for placement of dielet into the host package is created Mechanical alignment aids for inductiveRF appliance to SHIELD dielet within the package will also be developed Actual networks and servers will be configured At the close of TA3Phase 2 performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program1 Develop the SHIELD Insertion technology
Instrumentation tooling and logistics for going from wafer final test into an actual component placement are developed Steps includea Developing handling technique for taking SHIELD from diced
wafers into a dispensing tool that feeds dielets to a package injector
b Creating tooling which dispenses diced and separated dielets into the injector and inserts them into the packages
c Associating the placed SHIELD dielet serial ID and crypto key with the host component PN datelocation of manufacture reliability grade and cryptographic key
55
Technical Area 3 Phase 2
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
2 Develop the SHIELD Network Structure Networks and protocols developed in TA3Phase 1 and in the design are implemented during TA3Phase 2 At the end of TA3 Phase 2 performers will provide the following deliverablesa Detailed network schematics indicating protocols and
standardsb A specific Bill-of-Material indicating commercially available
devices that the transactions will be executed uponc Estimates of transaction times and network latenciesd Simulation of actual transactions demonstrating successful
execution of true and false authentication requests with and without flagged compromises appearing on the SHIELD sensors and
e Build-out of the actual prototypical hardware network for use in SHIELD TA3Phase 3
56
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
3 Develop the SHIELD inductiveRF applianceTechnical Area 3Phase 1 performers who designed the inductiveRF appliance and its code will in Phase 2 fabricate the appliancersquos inductiveRF probes and repurpose the appliance itself to the SHIELD function with required firmware or software additions or changes installed Specific deliverables associated with this task includea InductiveRF probe fabricationb Repurposed Appliance microcode firmware software
installationc Stand-alone testing of communication between the SHIELD
dielet and appliance
57
Technical Area 3 Phase 2 (contrsquod)
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 58
Technical Area 3Phase 3 Demo Months 37-48 DARPA SHIELD concludes with a demonstration one year in duration of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition programrsquos BOM Actual components will be shipped between work sites developing the specific assembly the component is a part of and performers will exercise SHIELD at those sites Performer tasks will include1 Demonstrate robust SHIELD placement into real product
a Performers will mate SHIELD dielets to product at pkg encapsulation
b Performer will identify correct SHIELD failure modes in practice performing defect characterization to identify needed changes to installation process Failure data will be collected and compiled by performers as components are encapsulated and tested includingbull Fails due to faulty package insertions bull Fails due to non-functional SHIELD chipsbull Screening of components for failure rate uplift at module
final test which had previous passed wafer final test above the fallout baseline before SHIELD introduction
Technical Area 3 Phase 3
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 59
2 Exercise the CONOPPerformers will exercise the entire SHIELD CONOP a Performers will choose the packaged host they exercise their
SHIELD technology upon from options offered by DARPA b Performers will placing SHIELD solution in those packages in a
production-like environment which DARPA will provide access toc Resulting actual components equipped with SHIELD will be
passed through real supply chain channel settings from supplier acquisition through normally-used shipping channels to subsequent board and system subassembly vendors
d Government Red Team members will compromise the supply chain
e Performers will execute the SHIELD operation at various work sites in the componentrsquos supply chain throughout the US looking for compromises
f Government team members will monitor performer detection results
Technical Area 3 Phase 3 (contrsquod)
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 60
Performers will be measured to a set of quantitative benchmarks Metrics on SHIELD performer solution effectiveness will include 1 ldquoProbability of Detectionrdquo of compromises (PD) broken out
by a Component Package (ie small passivediscrete quad plastic
flat pack)b Failure mode (ie missing inappropriate or failing SHIELD
dielet)c Location type (ie at distributor at subassembly vendor in
shipping) d Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
2 Probability of False Alarm (PFA) broken out bya Component Package (ie small passivediscrete quad plastic
flat pack)b Setting of host component (ie supplied in a component tube
mounted on a printed circuit board installed in a system)
3 Average completed authentication delay per SHIELD component
SHIELD Quantitative Benchmarks
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 61
SHIELD Summary of Suggested Specifications
Area A asymp100um x 100um (001 mm2)
Device thickness Thinned substrate likely 10 um or less
Interrogation Latency asymp 1 second dielet delay asymp2 second full transaction delay including network latencies
Network Communication Protocol
TLS Standard
Minimum Delay between interrogations
gt 1 Second
Positioning of inductiveRF probe
T asymp 1 mm below top surface of component package
Encryption Standard Up to 256 bit Serial ID Length 64 bitPower Consumption Approximately 50microWVoltage tolerance (default)
VDD at discretion of proposer +- 10 (default)
Host Temperatures -55deg C - 125deg CInterrogation Temperatures
0-35 deg C
ReliabilitySufficient to match 100KPOH host component operation SHIELD total operational time is under 1 hour
Cost C lt 10cent per dielet
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 62
Program Calendar
14 March 2014 Proposerrsquos Day Arlington VA
31 March 2014 Abstracts Due into DARPA by EOB
30 April 2014 Encourage Discourage Full Submission Letters to Proposers
30 May 2014 Full Abstracts Due into DARPA by EOB
3Q 2014 Source Selection Notification Contracts
4Q 2014 SHIELD Phase 1 begins
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
SHIELD Government Support
Saverio FazzariSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
Government SHIELD Funding
bull DoD recognizes the urgency of addressing supply chain security
bull DARPA MTO is making a significant investment in SHIELD consistent with threat supply chain loss-of-control poses to lives and missions
bull SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed but are substantial in plan and committed
bull Submitters should submit proposals that get the job done rather than be tailoring them to a specified funding level Amounts will be calibrated to resources during contract negotiation
64
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
Government Team Responsibilities in SHIELD
Tech Area 11 Red-teaming the secure key storage2 Evaluating the sensorrsquos capability versus state-of-the-art features
Tech Area 23 Red-teaming dielet designs for reverse-engineering4 Red-teaming dielet performance and reliability5 Identify a trusted manufacturing source for dielet 6 Fabrication of dielet delivery to performers
Tech Area 37 Identify host components for test and test environment8 Develop prototype software for security database9 Develop appliances and fixtures for checking devices10Red-team integrated solution11Run test environment for final demonstration12Support transition opportunities
GeneralActing as virtual lab with NSA Navy Air Force involvement to provide evaluation capability for the program It will provide early access to transition opportunities
65
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
Government Obligations
66
Tech Area Government-Furnished Equipment and Intellectual Property
TA1
TechDev
None
TA2
DesignampIntegr
None
TA3
Deploy-ment
Components for SHIELD insertionVendor Locations for SHIELD exercise sites
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
Manufacturing Options
Solutions must demonstrate a path allowing it to be built in a standard semiconductor process and at the target cost
bull Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal
bull Non-production university labs may be usedMany organization offer services for a small number of parts to be built
bull Shuttle runsbull Multi Project Wafer (MPW) runs
Foreign fabrications are allowed in SHIELD Useful Sources for Information include
bull httpswwwtapofficeorgbull httpwwwdmeaosdmiltrustedichtmlbull httpwwwmosisedubull httpcmpimagfrbull httpwwweuropractice-iccom
67
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited
SHIELD Metrics
Arnett BrownSHIELD SETA
SHIELD Industry Day
14 March 2014
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 69
bull Purpose of this discussionbull Detail the attributes of SHIELD design elements that will be measuredbull Outline the methods by which those attributes will be measured
bull Why metricsbull Tracking and reporting program results and accomplishmentsbull Used for objective evaluation of performers
bull Wherever possible quantitative metrics will be used with industry accepted figures of merit
bull Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric
bull Metrics will not always have a ldquopassrdquo or ldquofailrdquo level especially when innovative technologies are involved
bull Depending on what is proposed certain metrics may not apply perfectly
bull Do not allow a metric (alone) to discourage proposing a good idea
Metrics Overview
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 70
Metrics Technical Area 1SHIELD On-board Technology
Phase Design Element Characteristics Metric
1 Secure secret key storage - reverse engineering protection
Harden dielet against attempts to reverse engineer
Cost1 to reverse engineer using typical methods2
1 Secure secret key storage - hardware corruption protection
Harden dielet against attempts to defeat security
Cost to defeat using typical methods3
1 Secure secret key storage - self destruct on tamper attempt
Discriminate between apparent tamper and normal operation
Percent success in triggering against typical intrusions percent success in not triggering against non-intrusions
1 Secure secret key storage - serial ID personalization
Determine economic method for serializing dielet in volume production
Cost per dielet to implement
1 Cost = time (hours) number of personnel required cost of tools ($)2 Procedures that are known to have been used to reverse engineer integrated circuits3 Procedures that are known to have been used to attempt to defeat security features
through hardware corruption
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 71
Phase Design Element Characteristic Metric
1 Passive sensors ndash examples include chemical mechanical light X-rays heat etc
Performer-defined As appropriate
Technical Area 1SHIELD On-board Technology
bull Specific metrics will be determined based on the nature and function of the sensors proposed
bull General metrics to consider include sensing threshold cost
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 72
Phase
Design element Characteristics Metric
1 Dielet power Inductive power coupling mechanism
Q factor
1 Dielet communications RF communications mechanism Baud rate
1 Manufacturing process modifications ndash form factor
Modifications to meet form factor requirements1
Cost2
1 Manufacturing process modifications ndash integration
Modifications for sensor and key storage integration
Cost
1 Manufacturing process modifications ndash testing
Modifications to enable dielet testing
Cost
1 Manufacturing process modifications ndash special needs
Production solutions for dielet dicing picking handling
Cost
1 Manufacturing process modifications - reliability
Physical design for reliability3 Cost
Metrics Technical Area 1SHIELD On-board Technology
1 SHIELD wafer thickness may be 10 microns or less Dielet size 100microm x 100microm2 Cost is referenced against the target CMOS process with no modifications 3 Assume 100 KPOH lifetime for host component no more than 3 Failures In Time (FIT) Assume SHIELD
dielet usage less than 1 KPOH over its lifetime
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 73
Metrics Technical Area 2SHIELD Dielet Design and Integration
Phase Design element Characteristics Metric
1 Dielet design ndash encryption engine Logic design for encryption engine
Performance to specifications1
1 Dielet design ndash key management Logic design for key management protocol
Performance to specifications
1 Dielet design ndash power supply interface
Interface logic for power supply
Performance to specifications
1 Dielet design ndash communications Interface logic for communications
Performance to specifications
1 Dielet design ndash sensor interface Interface logic for sensors Performance to specifications
1 Design specifications will be established during Phase 1 development to verify performance performers are responsible for providing results of simulations andor hardware testbenches as appropriate
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 74
Phase
Design Element Characteristic Metric
2 Dielet integration ndash sensors encryption engine power communications and support logic
Mask layout design including logical and physical verification functional test pattern generation
Functional testing adherence to dielet power budget compliance with manufacturer ground rules percent test pattern coverage reliability analysis
2 Dielet fabrication Release to manufacturing process tracking as required
PassFail1
2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality
PassFail
2 Dielet characterization Characterize across process voltage and temperature range
PassFail
Metrics Technical Area 2SHIELD Dielet Design and Integration
1 PassFail deliverable is required to meet design specifications and pass anyall tests
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 75
Metrics Technical Area 3 SHIELD Deployment
Phase
Design element Characteristics Metric
1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package
Insertion depth tolerance of host package1 tools and skills required to insert dielet
1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host
Projected lifetime analysis of host chip package strain analysis electromagnetic analysis2 Environmental testing (temperature shock and vibration)3
1 Dielet-host integration ndash dummy dielet
Fabrication of a dielet mock-up for experimentation
Passfail
1 Network architecture design Realization of server-side hardware and software for dielet-server communication
Passfail
1 Inductive appliance design Realization of hardware and software for inductive appliance
Passfail1 The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip2 Identify impact of inductive and RF probing in the host chip3 The performance of the host chip without a SHIELD solution will be used as a basis for comparison
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 76
bull Technical Area 3 Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package interrogated by inductive appliance)
bull PD PFA authentication delaybull Probability of Detection of compromises (PD) broken out by
bull Type of host component (eg small passivediscrete quad plastic flat pack)bull Failure mode (eg missing inappropriate or failing SHIELD dielet)bull Failure location (eg at distributor at subassembly vendor during shipping) bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Probability of False Alarm (PFA) broken out bybull Type of host component (eg small passivediscrete quad plastic flat pack)bull Setting of host component (eg supplied in a component tube mounted on a
printed circuit board installed in a system)
bull Average completed authentication delay per SHIELD component
Metrics Technical Area 3 SHIELD Deployment
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 77
Phase
Design Element Characteristics Metric
2 Tools and procedures for dielet handling and insertion
Develop tools for physical insertion into host device
Dielet insertion failure rate1
2 Network architecture development and build-out
Implementation and testing
Passfail (functionality) transmission error rate2
2 Inductive appliance development and fabrication
Implementation and testing
Passfail
3 Proof-of-concept demonstration Testing of complete SHIELD solution
Probability of detection (PD) Probability of false alarm (PFA) Average completed authentication delay per SHIELD component
3 Government ldquoRed Teamrdquo evaluation Penetration testing
Metrics Technical Area 3 SHIELD Deployment
1 Likelihood of the dielet to be damaged during the insertion process ( of failures per 100 insertions)2 Transmission errors between dielet and server due to operational anomalies such as improper
positioning of inductive appliance insufficient application time low battery condition etc
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 78
bull Technical Area 2 Phase 2 is essentially a CMOS IC physical design and manufacturing effort
bull Performers will be expected to perform design validation and verification tasks consistent with a CMOS IC physical design process including
bull compliance with design ground rules of the manufacturerbull logical to behavioral design verificationbull logical to physical design verificationbull functional test pattern generation with a goal of 100 test coveragebull EM and power analysisbull additional checks as required to validate any ldquospecial caserdquo
technologies
bull Performers will be responsible for functional testing and characterization of the finished dielet
bull Characterization results will be compared against expected (simulated) results as a metric for the physical design effort and against Phase 1 specifications as a metric for the logical design effort
Metrics Technical Area 2SHIELD Dielet Design and Integration
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA
Approved for Public Release Distribution Unlimited 79
Image courtesy of DARPA