NAND Flash Can Verify a Device's Identity
People who make, buy and sell flash storage could detect counterfeit products based on the unique "fingerprints" of the chips, using techniques being developed by university researchers.
Scholars at the University of California at San Diego and Cornell University have developed software to test variations in flash behavior that are unique to each chip, said Steven Swanson, an associate professor at UCSD and director of UCSD's Non-Volatile Systems Laboratory. By running the same test in the factory and then further up the supply chain, for example, a company could compare the results to verify that a flash chip was authentic, he said.
One industry observer believes this could be a useful tool.
"There's a lot of counterfeit in the [supply] chain," said analyst Roger Kay of Endpoint Technology Associates. It can be hard to detect, because the chain is not always as simple as a device maker contracting with one flash manufacturer to supply the chips for an entire production run of consumer devices, he said. System vendors need to fill unexpected surges in demand, so they often buy small lots of chips on the open market.
There are many third parties that buy and sell these chips, Kay said. "This is one of the biggest things they do, is verify parts, and it's a pain," Kay said.
UCSD's Swanson discussed his team's work at the Flash Memory Summit in Santa Clara, California, this week.
Swanson proposed another possible use of the technology: to prevent counterfeiting of devices such as cellphones and tablets that contain flash. It could also be used by governments to determine whether spies had swapped an official's phone with a seemingly identical one that is bugged, he said.
Testing flash silicon as a proxy for an entire device provides an authentication technique that doesn't require any hardware changes, Swanson said. It only requires firmware and an infrastructure for testing devices at key points in the supply chain, he said.
"I think if someone wanted to do this, they could do it now," Swanson said. The technology could be licensed to manufacturers, who would create a database of results for each of the chips that ships out of the factory. No manufacturers have approached Swanson's team yet, he said. The research was first presented last month.
The system uses "physically unclonable functions" (PUFs), or variations in manufacturing that are unique to each element of each flash chip. Swanson described one PUF that his team has worked with, called Program Disturb. It uses a type of manufacturing flaw that doesn't affect normal operation but causes problems under test conditions.
Data is written and erased from NAND flash through changes in the states of each cell, which are applied by sending a voltage through the cell. If a cell is rewritten many times in a row, the voltage can bleed into an adjacent cell so much that the adjacent cell also changes its state. The order in which cells are modified prevents this from happening in normal operation, Swanson said.
In the test, the number of repetitions it takes to disturb the neighboring cell depends on the thickness of the barriers between the cells and other factors, which vary from one chip to another, Swanson said. The Program Disturb test counts the number of repetitions needed to cause the cell next door to change its state, typically hundreds or thousands. It can be run again later to see if that number matches the original result.
The UCSD researchers even considered the possibility that a highly skilled and motivated hacker, such as an enemy government, could fool this test. The hacker might test the NAND flash itself and store the expected values on the chip, then replay the expected results when the chip was tested. In this way, they could impersonate the authentic chip. However, tests showed that there would not be enough room on any chip to store the data needed to carry this out. The amount of data needed would grow with the capacity of the chip and would be orders of magnitude larger than its capacity, he said.
Analyst Kay believes one advantage of this technique is that it uses immutable characteristics of the chip, so it could be carried out and repeated at any stage when a supplier or manufacturer wanted to verify the hardware. But he thinks demand for the system would most likely come from within the flash industry rather than from consumers.