Hunt for the kill switch in microchips

The Department of Defense is freaked out that the commercially-manufactured microchips in their tech might contain "kill switches" that bad people could use to remotely knock the devices out of operation. So at the end of last year, DARPA launched its Trust In Integrated Circuits program to develop methods for sussing out chips with "malicious" circuitry hidden inside. IEEE Spectrum writer Sally Adee looked at the technicalities of the controversy. She told me, "I think interviewed every electrical engineer in the country so I could wrap my head around 1) why that's a big deal and 2) how it would affect me (I'm selfish that way.) From IEEE Spectrum:
Feeding those (fever) dreams is the Pentagon's realization that it no longer controls who manufactures the components that go into its increasingly complex systems. A single plane like the DOD's next generation F-35 Joint Strike Fighter, can contain an “insane number” of chips, says one semiconductor expert familiar with that aircraft's design. Estimates from other sources put the total at several hundred to more than a thousand. And tracing a part back to its source is not always straightforward. The dwindling of domestic chip and electronics manufacturing in the United States, combined with the phenomenal growth of suppliers in countries like China, has only deepened the U.S. military's concern.

Recognizing this enormous vulnerability, the DOD recently launched its most ambitious program yet to verify the integrity of the electronics that will underpin future additions to its arsenal. In December, the Defense Advanced Research Projects Agency (DARPA), the Pentagon's R&D wing, released details about a three-year initiative it calls the Trust in Integrated Circuits program. The findings from the program could give the military–and defense contractors who make sensitive microelectronics like the weapons systems for the F‑35–a guaranteed method of determining whether their chips have been compromised. In January, the Trust program started its prequalifying rounds by sending to three contractors four identical versions of a chip that contained unspecified malicious circuitry. The teams have until the end of this month to ferret out as many of the devious insertions as they can.

Vetting a chip with a hidden agenda can't be all that tough, right? Wrong. Although commercial chip makers routinely and exhaustively test chips with hundreds of millions of logic gates, they can't afford to inspect everything. So instead they focus on how well the chip performs specific functions. For a microprocessor destined for use in a cellphone, for instance, the chip maker will check to see whether all the phone's various functions work. Any extraneous circuitry that doesn't interfere with the chip's normal functions won't show up in these tests.

“You don't check for the infinite possible things that are not specified,” says electrical engineering professor Ruby Lee, a cryptography expert at Princeton. “You could check the obvious possibilities, but can you test for every unspecified function?”