NAND flash can verify a device's identity

Tests of a flash chip's unique characteristics could prevent counterfeiting, researchers say

People who make, buy and sell flash storage could detect counterfeit products based on the unique "fingerprints" of the chips, using techniques being developed by university researchers.

Scholars at the University of California at San Diego and Cornell University have developed software to test variations in flash behavior that are unique to each chip, said Steven Swanson, an associate professor at UCSD and director of UCSD's Non-Volatile Systems Laboratory. By running the same test in the factory and then further up the supply chain, for example, a company could compare the results to verify that a flash chip was authentic, he said.

One industry observer believes this could be a useful tool.

"There's a lot of counterfeit in the [supply] chain," said analyst Roger Kay of Endpoint Technology Associates. It can be hard to detect, because the chain is not always as simple as a device maker contracting with one flash manufacturer to supply the chips for an entire production run of consumer devices, he said. System vendors need to fill unexpected surges in demand, so they often buy small lots of chips on the open market.

There are many third parties that buy and sell these chips, Kay said. "This is one of the biggest things they do, is verify parts, and it's a pain," Kay said.

UCSD's Swanson discussed his team's work at the Flash Memory Summit in Santa Clara, California, this week.

Swanson proposed another possible use of the technology: to prevent counterfeiting of devices such as cellphones and tablets that contain flash. It could also be used by governments to determine whether spies had swapped an official's phone with a seemingly identical one that is bugged, he said.

Testing flash silicon as a proxy for an entire device provides an authentication technique that doesn't require any hardware changes, Swanson said. It only requires firmware and an infrastructure for testing devices at key points in the supply chain, he said.

"I think if someone wanted to do this, they could do it now," Swanson said. The technology could be licensed to manufacturers, who would create a database of results for each of the chips that ships out of the factory. No manufacturers have approached Swanson's team yet, he said. The research was first presented last month.

The system uses "physically unclonable functions" (PUFs), or variations in manufacturing that are unique to each element of each flash chip. Swanson described one PUF that his team has worked with, called Program Disturb. It uses a type of manufacturing flaw that doesn't affect normal operation but causes problems under test conditions.

Data is written and erased from NAND flash through changes in the states of each cell, which are applied by sending a voltage through the cell. If a cell is rewritten many times in a row, the voltage can bleed into an adjacent cell so much that the adjacent cell also changes its state. The order in which cells are modified prevents this from happening in normal operation, Swanson said.

In the test, the number of repetitions it takes to disturb the neighboring cell depends on the thickness of the barriers between the cells and other factors, which vary from one chip to another, Swanson said. The Program Disturb test counts the number of repetitions needed to cause the cell next door to change its state, typically hundreds or thousands. It can be run again later to see if that number matches the original result.

The UCSD researchers even considered the possibility that a highly skilled and motivated hacker, such as an enemy government, could fool this test. The hacker might test the NAND flash itself and store the expected values on the chip, then replay the expected results when the chip was tested. In this way, they could impersonate the authentic chip. However, tests showed that there would not be enough room on any chip to store the data needed to carry this out. The amount of data needed would grow with the capacity of the chip and would be orders of magnitude larger than its capacity, he said.

Analyst Kay believes one advantage of this technique is that it uses immutable characteristics of the chip, so it could be carried out and repeated at any stage when a supplier or manufacturer wanted to verify the hardware. But he thinks demand for the system would most likely come from within the flash industry rather than from consumers.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com

Tags SSDDrivessecuritystorageUniversity of CaliforniaSan DiegoCornell University

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stephen Lawson

IDG News Service

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?