• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Subject Verb Predicate Noun - Sentencing Diagrams
 

Subject Verb Predicate Noun - Sentencing Diagrams

on

  • 770 views

 

Statistics

Views

Total Views
770
Views on SlideShare
770
Embed Views
0

Actions

Likes
0
Downloads
6
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Subject Verb Predicate Noun - Sentencing Diagrams Subject Verb Predicate Noun - Sentencing Diagrams Presentation Transcript

    • Approved for Public Release, Distribution Unlimited Supply Chain Hardware Integrity for Electronics Defense SHIELD Proposer’s Day Arlington, VA 14 March, 2014 1 Kerry Bernstein Program Manager Microsystems Technology Office Defense Advanced Research Projects Agency
    • Approved for Public Release, Distribution Unlimited 2 All conversations during today’s Proposer’s Day should remain at an unclassified level. • The Government anticipates proposals submitted under this BAA will be unclassified. • Classified submissions shall be appropriately and conspicuously marked with the proposed classification level and declassification date. Submissions requiring DARPA to make a final classification determination shall be marked as follows: CLASSIFICATION DETERMINATION PENDING. Protect as though classified (insert the recommended classification level: (e.g., Top Secret, Secret or Confidential) • Classified submissions shall be in accordance with the following guidance: Confidential and Secret Collateral Information: Use classification and marking guidance provided by previously issued security classification guides, the DoD Information Security Manual (DoDM 5200.01, Volumes 1 - 4), and the National Industrial Security Program Operating Manual (DoD 5220.22-M) when marking and transmitting information previously classified by another Original Classification Authority. Classified information at the Confidential and Secret level may be submitted via ONE of the two following methods: Hand-carried by an appropriately cleared and authorized courier to the DARPA CDR. Prior to traveling, the courier shall contact the DARPA CDR at 703-526-4052 to coordinate arrival and delivery. OR Mailed via appropriate U.S. Postal Service methods (e.g., (USPS) Registered Mail or USPS Express Mail). All classified information will be enclosed in opaque inner and outer covers and double wrapped. The inner envelope shall be sealed and plainly marked with the assigned classification and addresses of both sender and addressee. The inner envelope shall be addressed to: The outer envelope shall be sealed with no identification as to the classification of its contents and addressed to: Defense Advanced Research Projects Agency ATTN: Kerry Bernstein/MTO Defense Advanced Research Projects Agency Reference: DARPA-BAA-14-16 Security & Intelligence Directorate, Attn: CDR 675 North Randolph Street 675 North Randolph Street Arlington, VA 22203-2114 Arlington, VA 22203-2114 Classification Guidelines
    • Approved for Public Release, Distribution Unlimited 3 • 8:35 AM – 9:00 AM Welcome Mr. Kerry Bernstein, DARPA/MTO • 9:00 AM – 9:30 AM SHIELD Threat Space Mr. Brett Hamilton, NSWC Crane • 9:30 AM – 10:30 AM SHIELD Program Mr. Kerry Bernstein, DARPA/MTO • 10:30 AM – 10:45 AM BREAK Please leave questions at the registration table at this time. • 10:45 AM – 11:15 AM Benchmarks in Metrics Mr. Arnett Brown, BAH • 11:15 AM – 12:00 AM Contracting with DARPA, Q&A Mr. Michael Blackstone, DARPA/CMO • 12:00 PM – 1:00 PM Lunch Lunch will not be provided. DARPA has a café onsite. • 1:00 PM – 2:00 PM Open Forum Q&A Each attendee will be provided with two index cards to submit questions before the break for lunch. These questions will then be discussed and answered at this time. • 2:00 PM – 2:30 PM SHIELD/DARPA Overview Dr. Arati Prabhakar, DARPA/Director • 2:20 PM – 2:45 PM BREAK • 2:45 PM – 3:45 PM Proposer Presentations Mr. Saverio Fazzari, BAH • • 3:45 PM – 4:00 PM Final Q&A/Close Out `Mr. Kerry Bernstein DARPA/MTO Proposer’s Day Schedule
    • Approved for Public Release, Distribution Unlimited 4 • Groups that are interested in composing a comprehensive teaming proposal may access the DARPA SHIELD Teaming website bulletin board at: https://sharepoint.extranet.darpa.mil/sites/mto/SHIELD/SitePages/Home.aspx to explore collaborations with other possible proposing groups. • To request an account, please email the request to the BAA-14-16 mailbox at DARPA-BAA-14-16@darpa.mil Partnering Opportunities
    • Approved for Public Release, Distribution Unlimited 5 • Proposers who choose to use abstracts are strongly encouraged to submit an abstract in advance of a full proposal. This procedure is intended to minimize unnecessary effort in proposal preparation and review. • The cover sheet should be clearly marked “ABSTRACT” and the total length should not exceed 12 pages, excluding cover page and official transmittal letter. All pages shall be printed on 8-1/2 by 11 inch paper with type not smaller than 12 point. Smaller font may be used for figures, tables and charts. The page limitation for abstracts includes all figures, tables, and charts. No formal transmittal letter is required. All abstracts must be written in English. • DARPA will respond to abstracts with a statement as to whether DARPA is interested in the idea. DARPA will attempt to reply to abstracts in writing within thirty (30) calendar days of receipt. • Abstract Due Date: March 31, 2014 • Additional detailed information on submitting abstract can be found in the SHIELD solicitation, DARPA-BAA-14-16. Abstracts Submissions
    • Approved for Public Release, Distribution Unlimited 6 • Proposal Due Date: May 30, 2014 • The full proposal must be received on or before, May 30, 2014, in order to be considered during the initial round of selections. • DARPA will acknowledge receipt of complete submissions via email and assign control numbers that should be used in all further correspondence regarding proposals. • DARPA will post a consolidated Question and Answer response after April 1, 2014, before final full proposals are due. In order to receive a response to your question, submit your question by April 25, 2014 to DARPA-BAA-14-16 @darpa.mil • To comply with the submission guidelines listed in the BAA, please include the following: • Volume I, Technical and Management Proposal • Section I. Administrative: cover sheet to include and official transmittal letter. (Note: An official transmittal letter is not required when submitting an abstract.) • Section II. Summary of Proposal – this section shall not exceed 15 pages • Section III. Detailed Proposal Information • Statement of Work (SOW) - In plain English, clearly define the technical tasks/subtasks to be performed, their durations, and dependencies among them. The page length for the SOW will be dependent on the amount of the effort. • Section IV. Additional Information - A brief bibliography of relevant technical papers and research notes (published and unpublished) which document the technical ideas upon which the proposal is based. Copies of not more than three (3) relevant papers can be included in the submission. • Volume II, Cost Proposal – {No Page Limit} • Additional detailed information on submitting a full proposal can be found in the SHIELD solicitation, DARPA-BAA- 14-16. Proposal Information
    • Approved for Public Release, Distribution Unlimited 7 • For any questions regarding today’s Proposer’s Day or to request a copy of Mr. Bernstein’s presentation, please email DARPA-SN-14-22@DARPA.mil • Administrative, technical, or contractual questions should be sent via e-mail to DARPA-BAA-14-16. All requests must include the name, email address, and phone number of a point of contact. The technical POC for this effort is Kerry Bernstein The BAA Coordinator for this effort can be reached at DARPA/MTO ATTN: DARPA-BAA-14-16 675 North Randolph Street Arlington, VA 22203-2114 DARPA-BAA-14-16@DARPA.mil Contact Information
    • Approved for Public Release, Distribution Unlimited 8 • At this time, DARPA can not provide early feedback on your ideas. Please submit abstracts/proposals conforming to the guidelines in the BAA. • Please refer to the BAA for questions on submission format, deadlines, technical requirements, cost analysis, etc. For specific questions not covered in the BAA, please email the coordinator at DARPA-BAA-14-16@DARPA.mil • For all communication purposes regarding this solicitation, please direct your attention to the BAA Coordinator, using the email address above. • US Government employees are bound by law to implicit non-disclosure agreements with external institutions. You may share information in private conversations without concern over intellectual property loss. • DARPA Proposer’s day is a public event; any data released in this venue should be assumed to have been made public. Please treat your proprietary data accordingly. Proposer’s Day Ethics
    • Approved for Public Release, Distribution Unlimited Welcome and Introductory Comments Kerry Bernstein SHIELD Industry Day 14 March 2014
    • Approved for Public Release, Distribution Unlimited 10 Acknowledgments Simply getting the DARPA SHIELD Program to this point required massive efforts and valuable inputs by the following US Government employees and contractors. Bob Colwell Saverio Fazzari* Michael Blackstone Dave Shaver Virginia Arzadum* Fred Schipp Brett Hamilton Arnett Brown* Beverly Barnhart Jeff K. Jerry Roddy* Sean L. Chris Bozada Dan Radack Matt Kay Don Davidson Matt Sale Paul Kozemchak Bob K. Shaun McKinley Joe H. Chrisma Jackson Jim Felix Eric Herr Josh Beutler Dan Marrujo Jim St. Pierre Mitch Komaroff Arun Seraphin Nick Diamond * SHIELD SETA TEAM
    • Approved for Public Release, Distribution Unlimited 11 CNN Report 10 June, 2012 Counterfeit parts compromise the US Supply Chain and present a growing threat to national security. Current safeguards are ineffective; they put American lives and DoD missions at risk.
    • Approved for Public Release, Distribution Unlimited 12 Supply Chain Control is a Critical Problem Distributor indicted for supplying counterfeits to Grumman Electric Boat, July 2013 SPECTRUM Magazine October, 2013, pp. 41-45 Dept. of Defense Instruction NUMBER 4140.67, 26 April 2013
    • Approved for Public Release, Distribution Unlimited 13 US Electronic Waste is a Contributing Factor Received in Developing Country Removed from boards and sorted Refurbished and remarked Repackaged Resold All images courtesy of SMT Corporation Shipping from/to U.S.
    • Electronic Waste Processing Effect on Quality/Reliability Image courtesy of Basel Action Network Image courtesy of SMT Corporation Uncontrolled heating during part removal can cause die cracks or delamination, leading to immediate or latent failures. Mishandling or sanding of parts can cause latent Electrostatic Discharge (ESD) failures. Approved for Public Release, Distribution Unlimited
    • Approved for Public Release, Distribution Unlimited 15 Electronics Supply Chain is Global Source: IDC Manufacturing Insights & Booz Allen analysis Semi Design Semi Manufacturing & Packaging Printed Circuit Board Production Printed Circuit Board Distribution Global nature of supply chain makes chain-of-custody unworkable Lifecycle shown for a single JSF component – Component changes hands 15 times before final install
    • “Counterfeit components are a 1-in-1,000,000 risk.” Independent Distributors say that from 0.5% to 35% of their incoming product is suspected counterfeit. “Only bad distributors sell counterfeit components.” Most counterfeit parts sold to contractors come from legitimate independent distributors lacking effective screening techniques “Only expensive components are counterfeited.” DoC reports that over 60% of counterfeit parts have a sale value of $10 or less. “Counterfeit parts will be detected by electrical tests.” More than half of all counterfeit components have the correct (or equivalent) die. Approved for Public Release, Distribution Unlimited 16 Common Industry Supply Chain Misconceptions 1 1 B. Hamilton, NSWC Crane, Testimony at SASC Briefing, 9 September, 2013 Image courtesy of: http://www.rkonlinestore.co.uk/556-dual-timer-ic- 16-pin-dip-pack-of-1-391-p.asp
    • Approved for Public Release, Distribution Unlimited 17 "It will be because of companies like ours that the gap in technological advantages between made in [Name of Country] and made abroad will narrow down“ - from website of an off-shore contract reverse-engineering business Quote found on the Web
    • Approved for Public Release, Distribution Unlimited SHIELD Threat Space Brett Hamilton NSWC Crane SHIELD Industry Day 14 March 2014
    • Approved for Public Release, Distribution Unlimited SHIELD Technical Program Description Kerry Bernstein SHIELD Industry Day 14 March 2014
    • Approved for Public Release, Distribution Unlimited 20 SHIELD Introductory Comments 1. THANK YOU for your interest in participating in DARPA SHIELD. Its business, but its also our nation. 2. The following exemplary design point and CONOP is a preferred embodiment; BAA strives not to overspecify. Got something better? LETS HEAR ABOUT IT ! 3. Besides performers with great ideas, we want performers who “get it”, and who have a passion for doing something important for national security. Together we’ll deliver game-changing capability. 4. SHIELD is about the Science and the hardware and the technology: CONOP, servers, networks are limited to what’s needed for the demo. 5. SHIELD is not about developing new encryption schemes. SHIELD is about NIST, IEEE, and Industry Standards, or new standards
    • Approved for Public Release, Distribution Unlimited 21 SHIELD Introductory Comments (cont’d) 6. Teaming is strongly encouraged; DARPA will accept individual Tech Area 1 & 3 submissions, but complete, collaborative proposed solutions are preferred and strongly recommended. 7. The Supply Chain’s threat space is immense. Any solution, including DARPA SHIELD, will be fraught with problems. We expect that. But we need to begin somewhere. 8. Remaining, unaddressed SHIELD vulnerabilities will include: • Insider threat • Server attacks • Dielet side channel exfil modes inserted during foreign fabrication • Vulnerability to new reverse engineering modes, circumvention. 9. SHIELD is intended to make counterfeiting more difficult, expensive, and time consuming.
    • Approved for Public Release, Distribution Unlimited 22 Programmatics DARPA SHIELD is about: • Science • Hardware Technology • Security • Reliability and Trustworthiness • Functionality • Manufacturability and Yield * Except for the minimum necessary to demonstrate SHIELD CONOP DARPA SHIELD is NOT about: • Logistics • Preferred Business Practices • Acquisition Policy • Doctrine • Supplier/distributor business infrastructure • New encryption schemes • New checking tools • Software* • Back-office structure and networking* http://www.g33kwatch.com/wp-content/uploads/2011/12/geek-zone.gif
    • Approved for Public Release, Distribution Unlimited 23 Glossary Dielet Extremely small computer chip developed during SHIELD Hardware Root-of-Trust An incorruptible, immutable hardware identity reference Key A 256-bit cipher code, stored on dielet and on a secure server, used to secure the dielet authentication operation Test Site Limited hardware proof of concept chip without full product functionality Sensor Physical hardware structure on SHIELD dielet that passively detects intrusions compromising security Probe A device attached to a communication appliance that powers the SHIELD dielet IP Intellectual Property CONOP Concept of Operations DFM/DFY Design for Manufacturability/ Design for Yield PFA Probability of False Alarm PD Probability of Detection OEM Original Equipment Manufacturer GFE Government-Furnished Equipment IC Integrated Circuit CDR Critical Design Review DSS Digital Signature Standard CMVP Cryptographic Module Verification Program FITS Failure rate of a component, measured in Failures-in-Time over the program KPOH Lifetime of a component, measured in thousands of power-on-hours BOM Bill of Material, a list of components comprising a given assembly
    • Counterfeit: “Instances in which the identity or pedigree of a product is knowingly misrepresented by individuals or companies” - GAO Report to Congress, March 2010 Supply Chain: “A set of organizations directly linked by one or more upstream and downstream flows of products, services, finances, or information from a source to a customer.” - Cooper, M.C., Lambert, D.M., & Pagh, J. (1997) Supply Chain Management:More Than a New Name for Logistics. The International Journal of Logistics Management Vol 8, Issue 1, pp 1–14 Chain of Custody: “The chronological sequence of parties, spanning from the originator of the component to the final intended user, who directly transfer responsibility for assuring that the identity or integrity of a component is not compromised while it is in their possession.” Approved for Public Release, Distribution Unlimited 24 Definition of Terms
    • Approved for Public Release, Distribution Unlimited 25 TRUST – Tools for detecting Logic Insertions • Thorough authentication of design for requires high tech destructive rev. eng. tools • Very difficult to validate logic integrity of individual parts in SC non-destructively. • What we couldn’t find is as important as what we could find IRIS – Capabilities for discovering Reliability Compromise • Only a subset of all possible reliability compromises can be detected • Not realistic to assess generic component lifetime using small sample size; components will be rendered useless afterwards. SHIELD Learning from Prior HW Assurance Programs TRUST IRIS DARPA pgms showed certain ways of storing private key will be difficult to RE, and would destroy part if RE is attempted.
    • Approved for Public Release, Distribution Unlimited 26 Design Verification Mask Build Chip Build Pkg Test Pers Distr Use TRUST, IRIS Programs Validated Design Preceding Distribution: - SHIELD Will Take it From There 3rd Party IP Insider Design EDA Exploit IP Theft/Copy Security Intercept LEGEND: Design Attack - Hardware Attack - Logistics Attack Yield Fail Diversion Overproduction Process Compromise Pkg Compromise Yield Fail Diversion IP Theft/Copy False FPGA Bitstream Malicious Insertions Process Compromise False Validation Report DFM Exploits DARPA TRUST and IRIS Programs developed techniques for validating the design and process integrity before distribution. False Expects SHIELDTRUST IRIS False Test Compares HW Theft At OEM In Distribution
    • Approved for Public Release, Distribution Unlimited 27 DoD is Especially Vulnerable to Counterfeits • Unlicensed overproduction • Test rejects / sub-std parts • Repackaged OEM chips 1 NAVSEA Crane internal report DoD applications present severe demands on components which make them especially vulnerable to compromise. • DoD electronic components require high reliability, serviceability.1 • Compromised component failures risk DoD missions, soldier’s lives. • Long design cycles (10+ years) and product lifetimes (30+ years) causes components in the bill-of-material to become obsolete.1 • $10-$50 parts become $8000 parts once they are obsolete1 – providing motivation for recycling, and less-reputable suppliers. • Whole off-shore industries supply bogus obsolete parts and clone current parts (with or without malicious changes). Most common current component supply problems • Recycled components • Remarked parts (Mfr date, grade) • Clones / copies
    • Approved for Public Release, Distribution Unlimited 28 Attributes of Superior Supply Chain Authentication Tech 1. Extremely low cost, with minimal impact to the component manufacturer, distributor, or end-user, as well as to the host component itself; 2. Effective at mitigating most supply chain security threats; 3. Be simple, very fast, and executable by untrained operators; 4. Trustworthy, reliable, and prohibitively difficult to spoof; 5. Executable at any place, time along supply chain, providing instant results on- site; 6. Performed using a inexpensive interrogation equipment; 7. Standardized and widely adopted by government and industry; 8. Manufacturable in high volume using standard foundry processes; and 9. A value-add to the end-product; recognized and requested by the consumer.
    • Approved for Public Release, Distribution Unlimited 29 SHIELD: The DARPA Supply Chain Solution SHIELD makes counterfeiting too expensive and too hard to do. Microscopic SHIELD dielet HW Root-of-Trust Fragile Key Storage Full Encryption Engine Unpowered Passive Sensors Inductive Powering and Communication DARPA SHIELD will develop the ability to provide: - 100% assurance against certain known threat modes; - quickly, on demand, at any step of the supply chain; and - essentially for free. SHIELD Target Spec - 100µm x 100µm (0.01 mm2 Area) - 100K Devices - 100 MHz Clock Rate - 50 µW Total Power - T ≤ 120C - <1¢ per dielet Image courtesy of http://www.hitachi.com/New/cnews/030902.html
    • Approved for Public Release, Distribution Unlimited 30 SHIELD Exemplary CONOP Encrypted Challenge 3. Encrypted Sensors Dielet Smartphone Server 2. Challenge Download Serial ID No. TCPIP Address 1. Serial ID Upload -Database with Dielet Serial ID Fab Name, Fab Date, Part No. Random Challenge Generator 4. Authentication Out Decryption Engine w/Crypto key; decrypt; compare to original challenge Encryption Engine w/ Crypto Key (VPN) Temp Extremes Xray Exposure Light Exposure -Sensors Status -Test Date -Auditor Identity -Key Requests 3. Appliance Data
    • Approved for Public Release, Distribution Unlimited Potential Production Test Approaches Flying Prober Inspiration from existing Tube, Pick-and-Place, Wire Bond Robotic tech 1. Stock checking of Component 2. Assembly checking in Supply Chain Pick and Place, Wirebond Tube handling of components 31 Volume Production technology can be applied to SHIELD approach. Tooling and control can easily be adapted to authentication.
    • Approved for Public Release, Distribution Unlimited 32 Critical Hardware Assurance On-Dielet Features 1. A hardware root-of-trust cryptographic key storage which is prohibitively expensive and time-consuming to reverse-engineer; 2. A complete, compact, on-board key encryption engine, capable of encrypting an external challenge using its on-board cryptographic key; the cryptographic key never leaves the SHIELD dielet. The message will be decrypted using the cryptographic key stored in a secure server database; 3. A physically-fragile but electrically-robust dielet which can be embedded in the host component's electronic packaging. The dielet self-destructs upon any attempts to physically open, remove, or transfer it from its host component with standard reverse-engineering de-processing techniques; 4. Unpowered, passive sensors that record attempted compromises to the authenticator dielet and potentially other operations on the overall packaged assembly such as soldering or de-soldering; 5. Inductive or RF communication and powering to allow contactless operation; and 6. Built-in dielet resiliency against power-based component exploits or attacks.
    • Approved for Public Release, Distribution Unlimited 33 Additional Required Design Properties 1. Hardware attacks often leverage re-writable data storage; Any rewritable storage on dielet must be carefully assessed for its security. 2. SHIELD dielet proposal must be completely stand-alone, and should not interact with the host chip in any way. Reliability impacts include: a. package alterations needed to carry the dielet, b. unintended inductive or RF coupling impacts on the host device 3. To maintain operational security, the inductive /RF probe and dielet must be in the immediate vicinity of each other to be able to link. 4. Personalized crypto keys on dielet and server should never be sent. 5. Entire proposed CONOP, including the SHIELD dielet, needs to be extremely inexpensive to acquire, implement, and execute. 6. To minimize size, power, and cost of the SHIELD dielet, CONOP complexity should be pushed up to the secure server wherever possible.
    • Approved for Public Release, Distribution Unlimited Current Untrusted Logistical Supply Chain Trusted Zone * Trusted Zone * Shipping Original Equipmt Mfr Approved Reseller Merchandise Returns Independent Distributor EBAY DoD Application ? ? ? ? PC Board Assembly Subsystem Assembly Vulnerability Zone For all but simplest exploits, DoD has little system component assurance of authenticity *Assume parts have OEM integrity before leaving first Trusted Zone Shipping Shipping Shipping System Mfg Stock 34 1 5 432 6 7 8
    • Approved for Public Release, Distribution Unlimited SHIELD’ed Supply Chain Exemplar Trusted Zone * Trusted Zone * ShippingOriginal Equipmt Mfr Approved Reseller Merchandise Returns Independent Distributor EBAY Shipping Shipping DoD Application Shipping Shipping Shipping Shipping Subsystem Assembly PC Board Assembly System Mfr SHIELD Authentication outside Trusted Zone Component compromises are now visible at any point along the supply chain * Assume parts have OEM integrity before leaving first Trusted Zone Stock 35 REFRESHER 35 1 5 432 6 7 8
    • Approved for Public Release, Distribution Unlimited 36 SHIELD Program Structure
    • Approved for Public Release, Distribution Unlimited Deliverables by Tech Area and Phase 37 Phase 1 Phase 2 Phase 3 TA1 Tech Dev On-chip HW tech devlpmt Key Store, Sensors, Comm, Pwr, Mfg Processes - Models - Test Sites - SHIELD layouts TA2 Design & Integr Dielet Logic Design Standards Conformation SHIELD Dielet Design SHIELD Dielet Fabrication SHIELD Dielet Characterization TA3 Deploy- ment Packaging Development Reliability Analysis Dummy Dielet Fabrication Network Architecture Design Inductive Appliance Design Tooling and Techniques for handling, insertion Network Structure Build-out Inductive Device Fabrication Demonstration Proof-of- Concept Supply Chain Exercise across sites Red Teaming Evaluations
    • Approved for Public Release, Distribution Unlimited 38 Technical Area 1/Phase 1: Technology Months 1-18 TA1/Phase 1 develops fundamental devices, materials, structures realizing specific on-board capabilities. Prospective solutions should provide the SHIELD target specifications. Test Sites will serve as prototypes for specific solutions practiced in Phase 2. • Fully-described hardware-based solutions • Hardware models (i.e. COMSOL, SPICE, finite element modeling, etc.) • Design, build, characterization of hardware proof-of-concept test sites • Verification of technology compatibility to conventional IC manufacturing process. • Layouts of specific technology reductions-to-practice for Phase 2 • Description of specific test conditions and test pattern files • Development of a fully defined interface specification for the technology for product integration. Technical Area 1 / Phase 1: Technology
    • Approved for Public Release, Distribution Unlimited 39 A. Secure Cryptographic Key Storage Technology. Secure cryptographic key storage is required on the dielet to sustain cryptographic-level authentication of the product. 1. Exceedingly difficult to reverse-engineer; 2. Effectively incorruptible; 3. Self-destructive upon reverse-engineering or tamper attempts - exquisitely fragile, while still extremely reliable under normal use conditions; 4. Economically personalized with unique serial ID and cryptographic key information in volume production. 5. Compatible with, and ideally available in, the chip process technology selected by performers for the dielet’s fabrication. Technical Area 1 / Phase 1 (Cont’d)
    • Approved for Public Release, Distribution Unlimited 40 Encryption Details 1. DARPA SHIELD is committed to using only open standard encryption: Universal trust in the SHIELD concept is critical to its wide acceptance. 2. Performers may implement their choice of encryption Provide as secure a solution as device count/area/power/perf allows. 3. SHIELD must accommodate drop-in alternative encryption engines. Program derives technology for new hardware platform. 4. Performers will not be creating new encryption algorithms. Use only NIST IEEE standards, and CMVP approved code. 5. Performers may use third party IP for encryption engine. Be sure to document source and accreditation. 6. Dielet should be able to store up to 256 bits of secret key. Key store should be Suite B compliant.
    • Approved for Public Release, Distribution Unlimited 41 B. Passive Sensors Sensors monitor the integrity of the authentication dielet itself, and watch for component compromise. Sensors must: 1. Passively sense while unpowered; be read only when powered; 2. Be readable only and permanently altered by the exposure; non-resettable in any way; 3. Be inexpensively integrated into a conventional CMOS process without impacting the host process; 4. Be small enough to fit in the SHIELD dielet form-factor and specification; 5. Have an appropriately-tuned sensing threshold, to prevent false positives caused by safe, existing exposures encountered throughout the current supply chain. Technical Area 1 / Phase 1 (Cont’d)
    • Approved for Public Release, Distribution Unlimited 42 Chemical Nitric Acid / Sulfuric Acid Sensing for chemical de-packaging attempts Mechanical Pressure or acoustic sensing for polish de-packaging attempts Laser Laser wavelength detection for laser de-layering attempts Light Daylight sensing for identifying exposed dielet X-Ray X-ray detection for attempted secret key imaging Heat Temperature sensors to detect de-soldering, component PCB removal. Technical Area 1 / Phase 1 (Cont’d) Passive Sensor Examples
    • Approved for Public Release, Distribution Unlimited 43 C. Communication/Power Transmission Technology Inductive/RF coupling will enable small form-factor devices to power and communicate with the dielet. 1. Dielet should be powered; receive a challenge message; and receive the encrypted reply within approximately 2 seconds. 2. Performers will determine the bandwidth necessary to support this latency while passing up to 256 bit key words, a 64 bit serial ID, random encryption challenges, and much shorter sensor output words. 3. Proposers should develop technologies providing ultra-high efficiency coupling between on-dielet inductive coil / RF antenna, and the appliance. 4. Dielet must couple to the appliance only when the appliance’s probe is in its immediate vicinity. The probe otherwise should not emanate significantly beyond the dielet, nor link to other external devices. 5. Communication with the SHIELD dielet should not be via conventional RFID technology; but rather only by inductive or RF coupling to another device within a few millimeters of the host component’s package. Technical Area 1 / Phase 1
    • Approved for Public Release, Distribution Unlimited 44 D. Manufacturing/Process Technology Multiple CMOS process and manufacturing changes needed to produce SHIELD dielets, with new capabilities, and at target of less than a penny per dielet. Challenges include: 1. Wafer thinning technologies for SHIELD wafers that are potentially 10µm or less in thickness, for 100µm x 100µm dies; 2. Integrating sensor, key store technologies into common process; 3. High volume crypto key and ID personalization of each dielet; 4. Contactless test technologies for dielets, test coverage protocol, application-specific test patterns; 5. Economic production solution for dicing/picking microscopic dielets that are ~100μm x 100μm; 6. Reliability, lifetime of SHIELD dielet matching host component. Assume host components require 100 KPOH lifetimes. Technical Area 1 / Phase 1 (Cont’d)
    • Approved for Public Release, Distribution Unlimited 45 SHIELD Technical Area 2 integrates Technical Area 1 technologies onto a microscopic dielet equipped to provide comprehensive supply chain authentication. The extremely small chip will integrate: • The Technology: A self-contained encryption engine, secure key storage, passive intrusion sensors, inductive/RF communication and power, and • The Logic: All necessary logic and intellectual property necessary for the dielet to function as a true authenticator, realize the interface to the secure server. Technical Area 2: Design and Integration
    • Approved for Public Release, Distribution Unlimited 46 Technical Area 2/Phase 1: Design Months 1-18 Performers will, by the end of TA2/Phase 1, complete the high level design of the SHIELD dielet: 1. Define a SHIELD Design Environment, Methodology: a. Define EDA design environment, using industry conventions b. Accommodate SHIELD-specific Logic design, synthesis, modeling, simulation, layout, power estimation, test pattern generation needs. c. Define conventions for performer interfaces 2. Develop a SHIELD logic design/description, expressed in an appropriate high-level design language. Design should be: a. Design should accommodate SHIELD CONOP sequence b. Design must have logical control of passive sensors 3. Select and identify effective encryption design: a. Proposals leverage certified 3rd party crypto IP or pre-existing designs b. Only open standards may be used. Technical Area 2 / Phase 1
    • Approved for Public Release, Distribution Unlimited 47 4. Design to Boundary Conditions a. Sufficient performance to complete interrogation in ~2 secs including network latencies, ~1 sec without latencies b. Designs may be asynchronous or synchronous, free choice of clock rate c. Modeled power consumption and confidence that design will remain under inductively/RF-powered limitations. Anticipate power-conditioning. 5. Anticipate concurrent technologies being developed a. Sockets for key store, sensors b. add new technology as IP blocks; include voltage level shifting, timing changes, signal buffering. 6. Create and model SHIELD physical design a. verify robust design functionality across process, voltage, and temperature. b. Accommodate +/- 3σ composite process distribution window, c. BC/WC/Twist Timing Corner functionality verified d. Functionality from 0-35deg C. Survive -55 degC to 125 degC. e. Functionality inside +/- 3σ conditioned voltage window Technical Area 2 / Phase 1 (cont’d)
    • Approved for Public Release, Distribution Unlimited 48 7. Fabrication Implementation Plan a. Identify technology and node to be used, preferred vendor b. Define checkpoints and approximate dates for design and build c. Explain how new technologies will be accommodated by fabricator d. A clear path to manufacturing is needed 8. Anticipate concurrent technologies being developed a. Provide sockets for concurrently-developed key store, sensors 9. Create and model SHIELD physical design a. verify robust design functionality across process, voltage, and temp. b. Accommodate +/- 3σ composite process distribution window, c. BC/WC/Twist Timing Corner functionality verified d. Functionality from 0-35deg C. Survive -55 degC to 125 degC. e. Functionality inside +/- 3σ conditioned voltage window 10. Provide a Critical Design Review Technical Area 2 / Phase 1 (cont’d)
    • Approved for Public Release, Distribution Unlimited 49 Technical Area 2/Phase 2: Integration & Fab Months 19-36 Performers will, by the end of TA2/Phase 2, incorporate TA1’s specific technology instantiations into their Phase 1 dielet chip design. After final design checks, process audits, designs will be fabricated. 1. Complete SHIELD dielet design: a. Incorporate final TA1 outputs b. Complete checking, generate specific test patterns. c. Define conventions for performer interfaces 2. Fabricate SHIELD dielets: a. Release design to MFG, monitor fabrication, intercept for process exits and re-entries for adjunct technology introductions b. track process metrology and in-line monitors for SHIELD parts to assure dielet functionality for Phase 3 technology reduction. c. dielet may be fabbed at US or foreign fabrication facilities; transition partners may later impose restrictions. d. Test, characterize, and assess reliability of manufactured dielets. Provide qualification strategy for demonstrating design fulfills spec. Technical Area 2 / Phase 2
    • Approved for Public Release, Distribution Unlimited 50 Performers in Technical Area 3 will develop the infrastructure necessary to demonstrate the SHIELD concept. Work completed in TA3 includes: • Developing the ability to place SHIELD dielets in component packaging. • Creating appliances and probes to remotely test components • Pulling together a simplified SHIELD network / server environment • Demonstrating an exemplary CONOP employing the SHIELD device in an actual DoD product acquisition program. Performers may team on TA3-only proposals. Technical Area 3: SHIELD Deployment
    • Approved for Public Release, Distribution Unlimited 51 Technical Area 3/Phase 1: Pkg Tech, Networks Months 01-18 Fundamental dielet package insertion, attachment, or lamination techniques are developed in TA3/Phase 1. Network communications and server backbone design is initiated. This environment will serve only as a demonstration of the SHIELD proof of concept. 1. Develop package placement target parametrics: a. Determine required specs, tolerances for dielet placement in the host b. Develop coupling required for sufficient inductive / RF power, comms c. Find size of antennae, maximum submersion below package surface d. Develop positioning conventions to accommodate various package types. 2. Create SHIELD dummy dielet surrogate (1 performer): a. Create with TA2 performers consultation to resemble final form-factor b. Place electrical structures to assess specific issues of concern Technical Area 3 / Phase 1
    • Approved for Public Release, Distribution Unlimited 52 3. Assure reliability of host component containing SHIELD dielet: Performer will assess reliability, serviceability impacts to host chip caused by dielet presence and operation. Concerns include: a. Package strain caused by insertion or presence b. Hermetic seal fails caused by insertion or presence c. High electromagnetic field impacts to host component during interrogate 4. Assure reliability of SHIELD dielet in host component: Performers will assure the integrity, reliability of the placed SHIELD dielet in the host package, considering potential damage caused by: a. Chemical / mechanical / temperature, or electrical materials interactions with the host packaging materials or process occurring during normal processing, packaging, dielet insertion or due to aging in normal use. b. Failures which should intentionally occur if the product is compromised; must also be demonstrated to occur reliably. c. Mechanical strain, compressive or tensile effects induced on the SHIELD dielet by the package or host component d. Dielet exposure to radiation, high X-ray or RF fields when not in use. Technical Area 3 / Phase 1 (cont’d)
    • Approved for Public Release, Distribution Unlimited 53 5. Create a SHIELD Inductive/RF Authentication Appliance and Probe: Performer will design an inexpensive inductive/RF appliance for use in exercsing the SHIELD concept. The appliance may be the retrofit or repurposing of an existing appliance such as a smartphone, with the addition of an inductive/RF probe connected to the device Responsibilities include: a. Design of handheld appliance concept, including documention, b. Design of an inductive/RF probe, anticipating potential electromagnetic interference which may obscure coupled signal. c. Development of necessary microcode, firmware, software needed The entire SHIELD demonstration will be executed solely using this hand-held interrogation appliance. Technical Area 3 / Phase 1 (cont’d)
    • Approved for Public Release, Distribution Unlimited 54 6. Design Network/Server Architecture for the Demonstration Exercise: SHIELD network and server capability will be created by performers and will conform to hardware developed in Technical Areas 1 and 2. Deliverables include: a. communications between the dielet and the server through the inductive/RF appliance and network using TLS standards;, b. All required server transaction and decryption software; c. A simple graphical user interface that allows users to observe actual SHIELD transaction demonstrations as they are executed; and d. A key management plan describing how all cryptographic keys in their proposed architectures are derived, protected at rest, and protected in transit. Network and system architecture should support a geographically distributed proof of concept using multiple external vendors. Note that sufficient network and server architecture should be probided to support demonstration of the SHIELD concept, but is not the prime focus of the program. Technical Area 3 / Phase 1 (cont’d)
    • Approved for Public Release, Distribution Unlimited Technical Area 3/Phase 2: Implementation Months 19-36 Development of specific techniques, tooling for placement of dielet into the host package is created. Mechanical alignment aids for inductive/RF appliance to SHIELD dielet within the package will also be developed. Actual networks and servers will be configured. At the close of TA3/Phase 2, performers should be prepared to execute the SHIELD CONOP in an actual federal acquisition program. 1. Develop the SHIELD Insertion technology: Instrumentation, tooling, and logistics for going from wafer final test into an actual component placement are developed. Steps include: a. Developing handling technique for taking SHIELD from diced wafers into a dispensing tool that feeds dielets to a package injector. b. Creating tooling which dispenses diced and separated dielets into the injector, and inserts them into the packages. c. Associating the placed SHIELD dielet serial ID and crypto key with the host component P/N, date/location of manufacture, reliability grade, and cryptographic key. 55 Technical Area 3 / Phase 2
    • Approved for Public Release, Distribution Unlimited 2. Develop the SHIELD Network Structure : Networks and protocols developed in TA3/Phase 1, and in the design are implemented during TA3/Phase 2. At the end of TA3/ Phase 2, performers will provide the following deliverables: a. Detailed network schematics indicating protocols and standards; b. A specific Bill-of-Material indicating commercially available devices that the transactions will be executed upon; c. Estimates of transaction times and network latencies; d. Simulation of actual transactions demonstrating successful execution of true and false authentication requests, with and without flagged compromises appearing on the SHIELD sensors; and e. Build-out of the actual prototypical hardware network for use in SHIELD TA3/Phase 3. 56 Technical Area 3 / Phase 2 (cont’d)
    • Approved for Public Release, Distribution Unlimited 3. Develop the SHIELD inductive/RF appliance: Technical Area 3/Phase 1 performers who designed the inductive/RF appliance and its code will, in Phase 2, fabricate the appliance’s inductive/RF probes and repurpose the appliance itself to the SHIELD function with required firmware, or software additions or changes installed. Specific deliverables associated with this task include: a. Inductive/RF probe fabrication b. Repurposed Appliance microcode, firmware, software installation c. Stand-alone testing of communication between the SHIELD dielet and appliance. 57 Technical Area 3 / Phase 2 (cont’d)
    • Approved for Public Release, Distribution Unlimited 58 Technical Area 3/Phase 3: Demo Months 37-48 DARPA SHIELD concludes with a demonstration, one year in duration, of the CONOP practiced in the supply chain of an actual DOD component listed in a federal acquisition program’s BOM. Actual components will be shipped between work sites developing the specific assembly the component is a part of, and performers will exercise SHIELD at those sites. Performer tasks will include: 1. Demonstrate robust SHIELD placement into real product: a. Performers will mate SHIELD dielets to product at pkg encapsulation. b. Performer will identify, correct SHIELD failure modes in practice, performing defect characterization to identify needed changes to installation process. Failure data will be collected and compiled by performers as components are encapsulated and tested, including: • Fails due to faulty package insertions • Fails due to non-functional SHIELD chips • Screening of components, for failure rate uplift at module final test which had previous passed wafer final test, above the fallout baseline before SHIELD introduction. Technical Area 3 / Phase 3
    • Approved for Public Release, Distribution Unlimited 59 2. Exercise the CONOP: Performers will exercise the entire SHIELD CONOP. a. Performers will choose the packaged host they exercise their SHIELD technology upon from options offered by DARPA. b. Performers will placing SHIELD solution in those packages in a production-like environment which DARPA will provide access to. c. Resulting actual components, equipped with SHIELD, will be passed through real supply chain channel settings, from supplier acquisition, through normally-used shipping channels, to subsequent board and system subassembly vendors. d. Government Red Team members will compromise the supply chain. e. Performers will execute the SHIELD operation at various work sites in the component’s supply chain throughout the US, looking for compromises. f. Government team members will monitor performer detection results. Technical Area 3 / Phase 3 (cont’d)
    • Approved for Public Release, Distribution Unlimited 60 Performers will be measured to a set of quantitative benchmarks. Metrics on SHIELD performer solution effectiveness will include: 1. “Probability of Detection” of compromises (PD), broken out by a. Component Package (i.e. small passive/discrete, quad plastic flat pack) b. Failure mode (i.e. missing , inappropriate, or failing SHIELD dielet.) c. Location type (i.e. at distributor, at subassembly vendor, in shipping), d. Setting of host component (i.e. supplied in a component tube, mounted on a printed circuit board, installed in a system) 2. Probability of False Alarm (PFA), broken out by: a. Component Package (i.e. small passive/discrete, quad plastic flat pack) b. Setting of host component (i.e. supplied in a component tube, mounted on a printed circuit board, installed in a system) 3. Average completed authentication delay per SHIELD component. SHIELD Quantitative Benchmarks
    • Approved for Public Release, Distribution Unlimited 61 SHIELD Summary of Suggested Specifications Area A ≈100um x 100um (0.01 mm2) Device thickness Thinned substrate, likely 10 um or less. Interrogation Latency ≈ 1 second dielet delay; ≈2 second full transaction delay including network latencies Network Communication Protocol TLS Standard Minimum Delay between interrogations > 1 Second Positioning of inductive/RF probe T ≈ 1 mm below top surface of component package; Encryption Standard Up to 256 bit Serial ID Length 64 bit Power Consumption Approximately 50µW Voltage; tolerance (default) VDD at discretion of proposer; +/- 10% (default) Host Temperatures -55deg C - 125deg C Interrogation Temperatures 0-35 deg C Reliability Sufficient to match 100KPOH host component operation. SHIELD total operational time is under 1 hour. Cost C < 1.0¢ per dielet
    • Approved for Public Release, Distribution Unlimited 62 Program Calendar 14 March, 2014 Proposer’s Day, Arlington, VA 31 March, 2014 Abstracts Due into DARPA by EOB 30 April, 2014 Encourage / Discourage Full Submission Letters to Proposers 30 May, 2014 Full Abstracts Due into DARPA by EOB 3Q 2014 Source Selection, Notification, Contracts 4Q 2014 SHIELD Phase 1 begins
    • Approved for Public Release, Distribution Unlimited SHIELD Government Support Saverio Fazzari SHIELD SETA SHIELD Industry Day 14 March 2014
    • Approved for Public Release, Distribution Unlimited Government SHIELD Funding • DoD recognizes the urgency of addressing supply chain security. • DARPA MTO is making a significant investment in SHIELD, consistent with threat supply chain loss-of-control poses to lives and missions • SHIELD Funding levels and number of performers per technical area and phase will remain undisclosed, but are substantial, in plan, and committed • Submitters should submit proposals that get the job done, rather than be tailoring them to a specified funding level. Amounts will be calibrated to resources during contract negotiation. 64
    • Approved for Public Release, Distribution Unlimited Government Team Responsibilities in SHIELD Tech Area 1: 1. Red-teaming the secure key storage 2. Evaluating the sensor’s capability versus state-of-the-art features Tech Area 2: 3. Red-teaming dielet designs for reverse-engineering 4. Red-teaming dielet performance and reliability 5. Identify a trusted manufacturing source for dielet 6. Fabrication of dielet, delivery to performers Tech Area 3: 7. Identify host components for test, and test environment 8. Develop prototype software for security database 9. Develop appliances and fixtures for checking devices 10. Red-team integrated solution 11. Run test environment for final demonstration 12. Support transition opportunities General: Acting as virtual lab with NSA, Navy, Air Force involvement to provide evaluation capability for the program. It will provide early access to transition opportunities. 65
    • Approved for Public Release, Distribution Unlimited Government Obligations 66 Tech Area Government-Furnished Equipment and Intellectual Property TA1 Tech Dev None TA2 Design & Integr None TA3 Deploy- ment Components for SHIELD insertion Vendor Locations for SHIELD exercise sites
    • Approved for Public Release, Distribution Unlimited Manufacturing Options Solutions must demonstrate a path allowing it to be built in a standard semiconductor process, and at the target cost. • Proposers should be able to build prototypes and document a plan for transitioning their approach to meet the above goal • Non-production university labs may be used Many organization offer services for a small number of parts to be built: • Shuttle runs • Multi Project Wafer (MPW) runs Foreign fabrications are allowed in SHIELD Useful Sources for Information include: • https://www.tapoffice.org/ • http://www.dmea.osd.mil/trustedic.html • http://www.mosis.edu • http://cmp.imag.fr/ • http://www.europractice-ic.com/ 67
    • Approved for Public Release, Distribution Unlimited SHIELD Metrics Arnett Brown SHIELD SETA SHIELD Industry Day 14 March 2014
    • Approved for Public Release, Distribution Unlimited 69 • Purpose of this discussion • Detail the attributes of SHIELD design elements that will be measured. • Outline the methods by which those attributes will be measured. • Why metrics? • Tracking and reporting program results and accomplishments. • Used for objective evaluation of performers. • Wherever possible, quantitative metrics will be used with industry accepted figures of merit. • Qualitative metrics will typically be used to evaluate performer processes in the absence of a quantitative metric. • Metrics will not always have a “pass” or “fail” level, especially when innovative technologies are involved. • Depending on what is proposed, certain metrics may not apply perfectly. • Do not allow a metric (alone) to discourage proposing a good idea. Metrics Overview
    • Approved for Public Release, Distribution Unlimited 70 Metrics Technical Area 1: SHIELD On-board Technology Phase Design Element Characteristics Metric 1 Secure secret key storage - reverse engineering protection Harden dielet against attempts to reverse engineer Cost1 to reverse engineer using typical methods2 1 Secure secret key storage - hardware corruption protection Harden dielet against attempts to defeat security Cost to defeat using typical methods3 1 Secure secret key storage - self destruct on tamper attempt Discriminate between apparent tamper and normal operation Percent success in triggering against typical intrusions; percent success in not triggering against non- intrusions 1 Secure secret key storage - serial ID personalization Determine economic method for serializing dielet in volume production Cost per dielet to implement 1. Cost = time (hours) * number of personnel required * cost of tools ($) 2. Procedures that are known to have been used to reverse engineer integrated circuits. 3. Procedures that are known to have been used to attempt to defeat security features through hardware corruption.
    • Approved for Public Release, Distribution Unlimited 71 Phase Design Element Characteristic Metric 1 Passive sensors – examples include chemical, mechanical, light, X-rays, heat, etc. Performer-defined As appropriate Technical Area 1: SHIELD On-board Technology • Specific metrics will be determined based on the nature and function of the sensors proposed. • General metrics to consider include sensing threshold, cost.
    • Approved for Public Release, Distribution Unlimited 72 Phase Design element Characteristics Metric 1 Dielet power Inductive power coupling mechanism Q factor 1 Dielet communications RF communications mechanism Baud rate 1 Manufacturing process modifications – form factor Modifications to meet form factor requirements1 Cost2 1 Manufacturing process modifications – integration Modifications for sensor and key storage integration Cost 1 Manufacturing process modifications – testing Modifications to enable dielet testing Cost 1 Manufacturing process modifications – special needs Production solutions for dielet dicing, picking, handling Cost 1 Manufacturing process modifications - reliability Physical design for reliability3 Cost Metrics Technical Area 1: SHIELD On-board Technology 1. SHIELD wafer thickness may be 10 microns or less. Dielet size: 100µm x 100µm. 2. Cost is referenced against the target CMOS process with no modifications. 3. Assume 100 KPOH lifetime for host component, no more than 3 Failures In Time (FIT). Assume SHIELD dielet usage less than 1 KPOH over its lifetime.
    • Approved for Public Release, Distribution Unlimited 73 Metrics Technical Area 2: SHIELD Dielet Design and Integration Phase Design element Characteristics Metric 1 Dielet design – encryption engine Logic design for encryption engine Performance to specifications1 1 Dielet design – key management Logic design for key management protocol Performance to specifications 1 Dielet design – power supply interface Interface logic for power supply Performance to specifications 1 Dielet design – communications Interface logic for communications Performance to specifications 1 Dielet design – sensor interface Interface logic for sensors Performance to specifications 1. Design specifications will be established during Phase 1 development; to verify performance, performers are responsible for providing results of simulations and/or hardware testbenches as appropriate.
    • Approved for Public Release, Distribution Unlimited 74 Phase Design Element Characteristic Metric 2 Dielet integration – sensors, encryption engine, power, communications and support logic Mask layout design, including logical and physical verification; functional test pattern generation Functional testing; adherence to dielet power budget; compliance with manufacturer ground rules; percent test pattern coverage; reliability analysis 2 Dielet fabrication Release to manufacturing; process tracking as required Pass/Fail1 2 Dielet functional testing Test fixture should be capable of exercising all dielet functionality Pass/Fail 2 Dielet characterization Characterize across process, voltage and temperature range Pass/Fail Metrics Technical Area 2: SHIELD Dielet Design and Integration 1. Pass/Fail: deliverable is required to meet design specifications and pass any/all tests.
    • Approved for Public Release, Distribution Unlimited 75 Metrics Technical Area 3: SHIELD Deployment Phase Design element Characteristics Metric 1 Dielet-host integration - packaging Develop solutions for insertion of dielet into host package Insertion depth tolerance of host package1; tools and skills required to insert dielet 1 Dielet-host integration - reliability Analysis of dielet insertion reliability and impact to host Projected lifetime analysis of host chip; package strain analysis; electromagnetic analysis2; Environmental testing (temperature, shock and vibration)3 1 Dielet-host integration – dummy dielet Fabrication of a dielet mock-up for experimentation Pass/fail 1 Network architecture design Realization of server-side hardware and software for dielet-server communication Pass/fail 1 Inductive appliance design Realization of hardware and software for inductive appliance Pass/fail 1. The SHIELD dielet will be placed approximately 1mm below the outer surface of the host chip. 2. Identify impact of inductive and RF probing in the host chip. 3. The performance of the host chip without a SHIELD solution will be used as a basis for comparison.
    • Approved for Public Release, Distribution Unlimited 76 • Technical Area 3, Phase 3 Metrics measure the performance of the total SHIELD solution (dielet in host chip package, interrogated by inductive appliance). • PD, PFA, authentication delay • Probability of Detection of compromises (PD), broken out by: • Type of host component (e.g. small passive/discrete, quad plastic flat pack) • Failure mode (e.g. missing , inappropriate, or failing SHIELD dielet) • Failure location (e.g. at distributor, at subassembly vendor, during shipping) • Setting of host component (e.g. supplied in a component tube, mounted on a printed circuit board, installed in a system) • Probability of False Alarm (PFA), broken out by: • Type of host component (e.g. small passive/discrete, quad plastic flat pack) • Setting of host component (e.g. supplied in a component tube, mounted on a printed circuit board, installed in a system) • Average completed authentication delay per SHIELD component Metrics Technical Area 3: SHIELD Deployment
    • Approved for Public Release, Distribution Unlimited 77 Phase Design Element Characteristics Metric 2 Tools and procedures for dielet handling and insertion Develop tools for physical insertion into host device Dielet insertion failure rate1 2 Network architecture development and build- out Implementation and testing Pass/fail (functionality) transmission error rate2 2 Inductive appliance development and fabrication Implementation and testing Pass/fail 3 Proof-of-concept demonstration Testing of complete SHIELD solution Probability of detection (PD); Probability of false alarm (PFA); Average completed authentication delay per SHIELD component 3 Government “Red Team” evaluation Penetration testing Metrics Technical Area 3: SHIELD Deployment 1. Likelihood of the dielet to be damaged during the insertion process (# of failures per 100 insertions). 2. Transmission errors between dielet and server due to operational anomalies such as improper positioning of inductive appliance, insufficient application time, low battery condition, etc.
    • Approved for Public Release, Distribution Unlimited 78 • Technical Area 2, Phase 2 is essentially a CMOS IC physical design and manufacturing effort • Performers will be expected to perform design, validation and verification tasks consistent with a CMOS IC physical design process including: • compliance with design ground rules of the manufacturer; • logical to behavioral design verification; • logical to physical design verification; • functional test pattern generation with a goal of 100% test coverage; • EM and power analysis • additional checks as required to validate any “special case” technologies • Performers will be responsible for functional testing and characterization of the finished dielet. • Characterization results will be compared against expected (simulated) results as a metric for the physical design effort, and against Phase 1 specifications as a metric for the logical design effort. Metrics Technical Area 2: SHIELD Dielet Design and Integration
    • Approved for Public Release, Distribution Unlimited 79 Image courtesy of DARPA