A new technology unveiled Wednesday aims to prevent hardware privacy by protecting microchips with the virtual equivalent of an embedded “lock” that can be opened only by the patent owner.
Called “EPIC” — short for Ending Piracy of Integrated Circuits — the technique relies on established cryptography methods and introduces subtle changes into the chip design process without affecting the chips’ performance or power consumption.
The innovation was devised by computer engineers at the University of Michigan and Rice University; it will be presented next week at the Design Automation and Test in Europe conference in Germany.
A Few Extra Switches
“Pirated chips are sometimes being sold for pennies, but they are exactly the same as normal chips,” explained Igor Markov, associate professor in the department of electrical engineering and computer science at the University of Michigan and a co-author of the paper.
“They were designed in the United States and usually manufactured overseas, where intellectual property law is more lax,” Markov added. “Someone copies the blueprints or manufactures the chips without authorization.”
Integrated circuits protected with EPIC, on the other hand, would be manufactured with a few extra switches that behave essentially like a combination lock. They would also have the ability to produce a random, unchangeable ID number at least 64 bits long. Before a chip could be used, it would have to be activated, requiring the manufacturer to plug it in and let it contact the patent owner over an ordinary phone line or Internet connection.
“All chips are produced from the same blueprint, but differentiate themselves when they are turned on for the first time and generate their ID,” explained Michigan computer engineering doctoral student Jarrod Roy, who is the lead author on the paper. “Nothing is known about this number before activation.”
When the chip transmits its ID securely to the patent owner, the owner would then record the number, figure out the combination to unlock that particular chip, and respond securely with the key.
By using a unique activation key, EPIC eliminates the possibility that would-be pirates could observe it and reuse it without cracking it, the researchers said. And because the key is generated on the fly, there would be no point copying it the way software activation keys can be, they added.
‘A Huge Problem’
Hardware piracy is a growing problem, Jim McGregor, research director and principal analyst with In-Stat, told TechNewsWorld.
“It’s a huge problem — much bigger than most people realize, especially in developing regions,” McGregor said. “Software is what usually comes to mind when people think of piracy, but anytime a new device comes out, you can bet there’s at least four or five companies ripping it apart, trying to figure out how it works. That’s especially true in commodities, such as memory devices.”
Whether the EPIC technique is the answer, however, is less clear.
“I don’t buy it,” McGregor added. “Any time you have to go to a third source to get the key, you’re going to get into problems.”
The technology may prevent the unauthorized use of the chips, but McGregor isn’t convinced it will prevent the stealing of designs.
“The bigger issue is the stealing of the intellectual property, and that’s something that needs to be tackled at the government and industry level, not through technology,” he said. “I’ll hold out reservations on this one.”
EPIC is not uncrackable, Markov admits.
“If someone was really bent on forging and had a $100 million to spend, they could reverse engineer the entire chip by taking it apart,” he said. “But the point of piracy is to avoid such costs. The goal of a practical system like ours is not to make something impossible, but to ensure that buying a license and producing the chip legally is cheaper than forgery.”
Indeed, “there is no such thing as absolute security,” Roger Kay, president of Endpoint Technologies, told TechNewsWorld. “There are only different levels, varying in the difficulty of hacking them.”
Criminals are opportunity-oriented, so if the technology increases the difficulty of hacking it to where it’s really inconvenient, they probably wouldn’t bother, Kay added.
“If you’re a crook, you’re just looking for essentially an easy way to make money,” he concluded. “Something like this could work as a deterrent.”