Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States Security The Almighty Buck Hardware

NSF Awards $10 Million To Protect America's Processors 48

aarondubrow writes "The National Science Foundation and the Semiconductor Research Corporation announced nine research awards to 10 universities totaling nearly $4 million under a joint program focused on secure, trustworthy, assured and resilient semiconductors and systems. The awards support the development of new strategies, methods and tools at the circuit, architecture and system levels, to decrease the likelihood of unintended behavior or access; increase resistance and resilience to tampering; and improve the ability to provide authentication throughout the supply chain and in the field. "The processes and tools used to design and manufacture semiconductors ensure that the resulting product does what it is supposed to do. However, a key question that must also be addressed is whether the product does anything else, such as behaving in ways that are unintended or malicious," said Keith Marzullo, division director of NSF's Computer and Network Systems Division.
This discussion has been archived. No new comments can be posted.

NSF Awards $10 Million To Protect America's Processors

Comments Filter:
  • by jkrise ( 535370 ) on Friday September 26, 2014 @04:45AM (#48001079) Journal

    http://redmondmag.com/articles... [redmondmag.com]

    Make of these what you will.

    • It gets better when eh NSA offers 400 million to open up the backdoors, and hand out the access keys.

    • by Z00L00K ( 682162 )

      With resistance to tampering it also means that it's harder to find intentional backdoors placed by your favorite agency.

  • Given standard US business practice this will be outsourced to Taiwan (Taiwan Semiconductor) and the work will be performed in China.

    Conversely it can be done in the US by 1H-B visa holders from India.

    Or it could be done by IBM in Zurich or India. If IBM gets a piece of the action, it could be done anywhere. Remember, they no longer report employment by country, so no matter where they say the work was done, big chunks of it cold be done anywhere on the planet.

    Remember that Zuckerberg and Microsoft are t

    • by Electricity Likes Me ( 1098643 ) on Friday September 26, 2014 @05:02AM (#48001113)

      That's uh, kind of the point of this research. Verifying black box chip functionality is a huge concern for the military, who has a standing policy to use consumer hardware off-the-shelf where possible. With chips made in China and all. Beyond that, there's a big problem in just regular supply runs with counterfeit chips.

      • IBM also has a research group in Beijing.

        To make my sarcasm more understandable to you, I'm trying to point out that in the US, even national security is sacrificed to the profit motive. This is one of the reasons that US defense (and other critical infrastructure firms) keep being hacked by Chinese and Russian based groups. They don't spend enough money on security because "profit".

        The US Chamber of Commerce, one of the biggest and most influential lobbying groups, has successfully shut down any legislat

    • Does four million get even one item on this list?

      (from the article)
      Combating integrated circuit counterfeiting using secure chip odometers--Carnegie Mellon University
      Intellectual Property (IP) Trust-A comprehensive framework for IP integrity validation--Case Western Reserve University and University of Florida
      Design of low-cost, memory-based security primitives and techniques for high-volume products--University of Connecticut
      Trojan detection and diagnosis in mixed-signal systems using on-the-fly learned, pre-computed and side channel tests--Georgia Institute of Technology
      Metric and CAD for differential power analysis (DPA) resistance--Iowa State University
      Design of secure and anti-counterfeit integrated circuits--University of Minnesota
      Hardware authentication through high-capacity, physical unclonable functions (PUF)-based secret key generation and lattice coding--University of Texas at Austin
      Fault-attack awareness using microprocessor enhancements--Virginia Tec
      Invariant carrying machine for hardware assurance--Northwestern University

      So of course this whole project will need to attract international support from all those other governments grateful that the US role protects the integrity of critical hardware worldwide.

      After all, those same governments will probably send their very brightest and most dedicated graduate students and post-docs to the institutions conducting the research.

      Maybe they're already supporting it and working on it.

      • Which is why a few transistor 80286 for DOS is such a great idea for the military. It can do a lot on the peripheral systems, and the simpler the design, the less its capabilities, the less the security risks. Centrally or in secure locations you can run complex mainframes, that you can inspect and manage the heck out of, but low cost, discardability and security out in the field beg for simplicity in design.

        • and the simpler the design, the less its capabilities, the less the security risks

          Yup.

          Is it mad optimism to suspect that some tiny fraction of the motivation here might not be military but a concern for the integrity of electronic elections?

    • ... what with the state of education in the US, not only do we not have people with computer talent, we no longer have computer people capable of hacking.

      The good news is that all Americans have been removed from the no-fly list.

      The bad news is that we're screwed.

  • Is in outsourcing.... nothing bad can happen if you have everything made in China....

  • See his blog post on the War on General Computing [craphound.com]. (warning: video lasts more than five minutes, but it is worth seeing.)

    Just another "build me a device that can do anything, except for (<insert feature here>)" action.

    • It's more than that. These people want a device they can inspect for tampering; they have obviously not met Angus Thermopyle.
  • TFA:

    "However, a key question that must also be addressed is whether the product does anything else, such as behaving in ways that are unintended or malicious,"

    Like "off label" usage of prescriptions, using a frozen leg of lamb as a murder weapon, or spending money to fund all things evil and destructive? My point is that a product can and will do anything else, such as behaving in ways that people decide and control, be it malicious or mundane. Nobel invented dynamite, should he get his own prize for breakthroughs in bank vaults? This really sounds like a load of toad.

  • by Maury Markowitz ( 452832 ) on Friday September 26, 2014 @06:53AM (#48001379) Homepage

    I remember watching some show on a river in Africa that never makes it to the coast. Every spring it starts as a rushing torrent, but as the thaw ends and the water spreads out it evaporates and sinks into the land, leaving a huge inland river delta.

    On can construct a similar imaginary money river for this story. $10 million? It will never see hardware, that money will disappear into the bureaucracy like water into the African plains.

    To put this in perspective, $10 million is what, one hour of iPhone sales? That's how important the NSF considers this?

    • The government has always suffered from the inability to stop doing anything. They'll minimally fund an organization that serves no real value just to avoid the pain of dismantling it. Its a lot easier to spend a few million and keep a group of workers trudging along than to actually redirect them or, if need be, lay them off. I wouldn't be surprised if that is a big part of the case here.
    • I suspect Intel spent $10M on chip R&D while my coffee was brewing.

      • by tlhIngan ( 30335 )

        I suspect Intel spent $10M on chip R&D while my coffee was brewing.

        And that's only part of it.

        A set of basic masks for an IC costs around $1M. Very basic 2-metal process that is.

        Each mask is around $100K to produce, which is why in semiconductor design, there are piles of unconnected transistors and gates that are fabbed into every IC so small revisions can be done by changing the metal layers of the mask only - minimizing the number of mask changes minimizes a huge expense.

        A modern IC generally is at l

        • by Anonymous Coward

          Except none of this research is making production processors. Do you have any concept of how university research works? Do you think MIT is spitting out production quality processors? No, because it's idiotic to spend a hundred million dollars to develop something that will never be used or make money. They instead design algorithms, test in simulation, and publish. Then, in five years, Intel puts it in the 5nm Running Bear Lake or whatever they are going to call it.

    • by CastrTroy ( 595695 ) on Friday September 26, 2014 @07:37AM (#48001561)
      $10 million doesn't get you very far anymore. My city has spent over $10 million trying to construct a pedestrian bridge. The initial estimate was over 6.5 million. For a bridge. That people walk on. I think it allows for bikes too. Crazy. And it still hasn't been completed. Who knows how much it will cost by the end of it.
      • by Anonymous Coward

        It'll cost as much as it takes for the politicians who sponsored it to become wealthy enough to retire.

    • The show was probably about the Okavango River [wikipedia.org] which empties into the Okavango Delta in Botswana.

      You're right, none of the water makes it to any sea or ocean. Some of it simply evaporates. However, the majority of the water allows for a thriving ecosystem to exist in an otherwise arid region.

      Include this into your analogy as you see fit.

  • NSF Awards $10 Million To Protect America's Processors
    ...
    The National Science Foundation and the Semiconductor Research Corporation announced nine research awards to 10 universities totaling nearly $4 million...

    One of the first things they are going to research is how to properly add numbers.

  • Dr. Evil would be proud.

    Do you guys realize how minor this money is? Do you know how much research costs? Basically, this is an amount that would run one decent sized lab at a research university for maybe a year. If these are the grants we're crowing about... well, I guess it's a start.

    $10M a year for five years might be reasonable to get some traction on the problem. All this will do is fund a few papers which will probably disappear. That grad students and post docs will survive another year, I guess, so

  • ... is a process, not just a technology.

    How do I know that some microcode hasn't been added to the CPU/GPU I've got plugged into my motherboard? Is there some sort of independant auditing process in place? Not that this would do any good. Customers of components like FPGAs have demanded methods to secure their device code from illicit inspection and copying. And any audit process would be indistinguishable from such inspection. So that isn' going to happen.

    If you buy a router, how can you be sure that a

  • America also pushes the gov. to buy this and help restart the industry.
  • Do the research here then send the details so they can be subverted... Oops I meant manufactured in China. That'll do a lot of good.

You know you've landed gear-up when it takes full power to taxi.

Working...