Automated Component Recognition for Hardware Assurance

Organization
Office of the Director of National Intelligence (ODNI)
Reference Code
ICPD-2020-40
How to Apply

Create and release your Profile on Zintellect – Postdoctoral applicants must create an account and complete a profile in the on-line application system.  Please note: your resume/CV may not exceed 2 pages.

Complete your application – Enter the rest of the information required for the IC Postdoc Program Research Opportunity. The application itself contains detailed instructions for each one of these components: availability, citizenship, transcripts, dissertation abstract, publication and presentation plan, and information about your Research Advisor co-applicant.

Additional information about the IC Postdoctoral Research Fellowship Program is available on the program website located at: https://orise.orau.gov/icpostdoc/index.html.

If you have questions, send an email to ICPostdoc@orau.org.  Please include the reference code for this opportunity in your email. 

Application Deadline
2/28/2020 6:00:00 PM Eastern Time Zone
Description

Research Topic Description, including Problem Statement:

Printed Circuit Board (PCB) fabrication and assembly generally follow market forces and are undertaken in areas where costs are lowest.

It is common for a PCB to be designed in one location, fabricated in a second location, then assembled in a third location prior to shipping to its final destination where these supply chains and shipping routes are outside the control of the initial designer and the end consumer.

Full verification of the supply chain to authenticate each individual step and component in the process is presumed to be prohibitively difficult, time consuming and expensive. It is therefore an accepted risk that the supply chain is vulnerable to outside influence and potential attack.

A recent WIRED1 article details a relatively cheap and simple proof of concept attack whereby a security researcher added a small integrated circuit onto a PCB to successfully attack and gain access to the security administration configuration code running on the board thus gaining full control of the running software.

The additional integrated circuit was chosen to be of a small enough size that it would be hidden in plain sight among the forest of components on the board making it very difficult to all but the most determined and technically capable end user to find.

While this is a proof of concept attack, a more capable and better resourced attacker could further refine this method, further increasing the difficulty of identifying any potential attack.

One method to mitigate against this type of attack is examination of the electronic components and their locations on the PCB and comparing the components to known good samples and their position to that specified in the design data.

Comparing both the components to a known good reference, and comparing the layout to the design data is currently a slow manual process that does not scale with increasing demands for PCB and supply chain verification.

The aim of this topic is to create a process to automatically identify, categorize and determine component packages and record their centroid location information.

This automated process would greatly reduce the manual effort required and speed up the process of hardware assurance, helping to mitigate against hardware attacks on critical and secure high value systems.

However, the aim is simple to write, and automated component recognition has been researched as a proof of concept on contrived PCB examples, the wide variety of integrated circuit package types available and idiosyncratic PCB layouts make it a hard problem to generalize component recognition outside contrived examples.

The array of high value end user equipment purchased that would benefit from enhanced hardware assurance means a more generalized and efficient approach to automated component recognition is a necessity.

Example Approaches:

Literature review of published knowledge on PCB component recognition.

  • Identify common processes and compare their strengths and weaknesses.
  • Identify possible solutions and algorithms.

Generate and acquire a PCB image dataset encompassing variations of PCB designs and components.

  • Evaluate the optimal approach to imaging PCBs and components for machine learning e.g. 2D/3D/hyperspectral images.

Use the dataset to optimize machine learning algorithm to recognize components, their locations on the PCB and label them.

Test and verify machine learning algorithm

Create a Windows PC application to automate component recognition, generate a labelled output and specify a hardware setup optimized for component recognition.

Relevance to the Intelligence Community:

A successful automated component recognition process would enable higher confidence and more efficient assurance of high value hardware systems, that ensures the functionality of the product is as claimed by the vendor and help mitigate against attacks facilitated through a potentially vulnerable supply chain.

References:

Nast, C. (2019, October 10). Planting Tiny Spy Chips in Hardware Can Cost as Little as $200. Retrieved from https://www.wired.com/story/plant-spy-chips-hardware-supermicro-cheap-proof-of-concept/

Key Words: Machine Learning, Computer Vision, Printed Circuit Board, PCB, Hardware Assurance, Integrated Circuits, IC, Electronics, Component Recognition

Qualifications

Postdoc Eligibility

  • U.S. citizens only
  • Ph.D. in a relevant field must be completed before beginning the appointment and within five years of the application deadline
  • Proposal must be associated with an accredited U.S. university, college, or U.S. government laboratory
  • Eligible candidates may only receive one award from the IC Postdoctoral Research Fellowship Program

Research Advisor Eligibility

  • Must be an employee of an accredited U.S. university, college or U.S. government laboratory
  • Are not required to be U.S. citizens
Eligibility Requirements
  • Citizenship: U.S. Citizen Only
  • Degree: Doctoral Degree.
  • Discipline(s):
    • Communications and Graphics Design (2 )
    • Computer, Information, and Data Sciences (16 )
    • Earth and Geosciences (20 )
    • Engineering (27 )
    • Environmental and Marine Sciences (15 )
    • Life Health and Medical Sciences (46 )
    • Mathematics and Statistics (11 )
    • Nanotechnology (1 )
    • Other Non-S&E (2 )
    • Other Physical Sciences (12 )
    • Physics (16 )
    • Social and Behavioral Sciences (27 )