In 1965, Gordon Moore predicted that the computation speed of computer chips would double roughly every two years. That prediction proved prescient, but one thing that has potentially accelerated even faster is hackers’ ability, ranging from bored teenagers to wily adversarial nations, to thwart even the most ingenious computer security systems. Can we get ahead of the bad guys in this race? The Defense Advanced Research Projects Agency (DARPA) is working on a project that may largely put the hackers out of business, particularly for America’s defense industry operations, by building the “unhackable” computer chip.
In a recent press release, DARPA announced the launch of the Structured Array Hardware for Automatically Realized Applications (SAHARA) program. While that may sound like a mouthful, the realization of the goals of SAHARA could revolutionize the way microchips are designed, produced, and delivered for real-world applications, particularly in the defense industry. DARPA will partner with Intel and laboratories from three prestigious universities to take secure technology to the next level.
BACKGROUND: What is an “Unhackable” Computer Chip?
Current defense microelectronics technology relies on the use of field-programmable gate array microchips (FPGAs). These chips offer flexibility since they can be used in many different systems and are programmed by the user for the specific system being developed. The downside of using FPGAs is that they can be costly to design and manufacture and require quite a bit of power to operate.
SAHARA will be working to transition Department of Defense technology systems from FPGAs to new, cutting-edge Structured Application-Specific Integrated Circuits, representing an operational and economic mid-point between FPGAs and ASICs. Structured ASICs offer significant advantages in performance and require much less power relative to FPGAs. They are easier to design and cost less to manufacture than ASICs. The secure, Structured ASICs SAHARA aims to develop are anticipated to vastly enhance security while shortening development time by as much as 60%. The technology is also projected to reduce engineering costs by a factor of ten while reducing power consumption by up to 50%.
Unfortunately, converting FPGAs to structured ASICs is currently a time-consuming, expensive manual process. SAHARA is partnering with Intel to automate the conversion, working to create something akin to a pushbutton process, reducing development time and cost while significantly cutting power consumption in the resulting device.
The Debrief contacted Serge Leef, DARPA program manager on the SAHARA project, asking what this could mean for future advancements in this field of technology. He pointed out that current Structured ASICs present security challenges because, unlike FPGAs that are programmed after they are manufactured, Structured ASICs contain design information. SAHARA plans to address this issue while realizing the other advantages of this technology listed above.
“A disadvantage with Structured ASICs is that they can reveal the design information to a manufacturer, opening the door for possible cloning, counterfeiting, and reverse engineering,” Leef said. “A key goal of SAHARA is to add security mechanisms into the design that enable manufacturing in zero-trust environments. In other words, we are trying to make it so these Structured ASICs can be manufactured anywhere in the world because it has no design information that can be compromised.”
ANALYSIS: ABOUT THAT “UNHACKABLE TECHNOLOGY” CLAIM…
The attractive nature of the sort of technology that improves performance and reduces development time and operating costs is apparent. But the other potentially more game-changing goal is to create systems that will be exceedingly difficult for our adversaries to hack. Stories of technological espionage and intellectual property theft have been with us for generations. While there is plenty of blame to go around, China has frequently been accused of these abuses, going so far as to insert agents into major tech companies and universities, ferreting out secrets, and sending them back home.
Would these individualized Structured ASIC chips actually provide immunity against such incursions, and if so, how? The Debrief once again put the question to DARPA Program Manager Serge Leef. He told us that the Defense Department has traditionally had strict requirements that chips be manufactured in secure environments. The focus has been shifting to manufacture trusted chips in untrusted (or zero-trust) environments. SAHARA will provide greater flexibility around where chips for defense applications can be produced, expanding the DoD’s access to some of the most advanced manufacturing capabilities in the process.
“With SAHARA, we’re exploring security countermeasures capable of thwarting reverse engineering and counterfeiting attacks,” Leef told The Debrief. “The research teams working on the program aim to develop novel chip protections and employ verification, validation, and red teaming to stress test the resulting measures. Once proven, it is anticipated that the countermeasures will be integrated into Intel’s Structured ASIC design flow. Additionally, SAHARA will establish a Structured ASIC manufacturing capability at Intel’s U.S. fabrication facilities, which will improve the security and reliability of the U.S. supply chain for these chips.”
“With these protections, the goal is to enable Structured ASICs to be manufactured in zero-trust environments – or anywhere in the world because no sensitive design information can be compromised. This would expand the DoD’s access to leading-edge manufacturing capabilities while ensuring their designs are protected.”
OUTLOOK: Will Unhackable Computer Chips See the End of Hacking Forever?
Computer hacking is nothing new. Hackers have been with us since before the first person received an America Online CD in the mail (younger readers may have to ask their parents what that means). Stories of hackers wreaking havoc are too numerous to list, ranging from Brits trying to steal secrets about UFOs from the American Department of Defense to the Pentagon’s own website being hacked by Anonymous. From ransomware to revenge porn, it seems that no one who goes online is immune.
So, will the advancements being sought by the SAHARA project finally put an end to all of this once they are fully developed and more commonly available? Can we all cancel our subscriptions to our malware protection providers? Serge Leef doesn’t seem to feel that this will be a panacea that will last forever, but the bad guys are going to have a lot of work ahead of them to thwart it. For one thing, SAHARA is focused on addressing security issues at the hardware level – it isn’t addressing exploits or vulnerabilities found in software. That said, protecting the microelectronics supply chain and the U.S.’ ability to safely manufacture chips is key to keeping virtually every electronic system humming.
“The defenses that SAHARA will put in place respond to all presently known and anticipated attack vectors in Structured ASICs. While it is hard to imagine how these mechanisms can be defeated technically, the cost to the attacker will increase to the point where economically motivated attackers are likely to be dissuaded, requiring extreme investments in computing that may only be plausible at the nation-state level,” Leef told The Debrief.
The Department of Defense is leveraging the opportunities offered by partnerships with industry leaders in cutting-edge technological fields and some of the universities that are developing new methods of addressing existing and traditional challenges. While a new generation of Structured ASIC chips provides clear advantages in the defense industry, it’s not difficult to imagine the same technology addressing issues plaguing other government systems such as unemployment benefits registration systems and many others that have been subjected to incursions by those seeking to commit fraud. In the private sector, the banking and credit industries, along with so many others, could potentially benefit in a similar fashion.
Of course, nothing comes without a downside. As a person “of a certain age” who frequently struggles with major changes in technology, I’m left with one question. Does this mean I’m going to have to learn how to use yet another type of cellphone?
Follow and connect with author Jazz Shaw on Twitter:@JazzShaw