1. Field of the Invention
The present disclosure generally relates to a method of physical chip identification and, more particularly, to a method of physical chip identification for chip-to-chip communications.
2. Description of the Related Art
The industry of information and communication technology has leaped forward after entered the 21st century, and has created even larger market in recent years. Not only informational terminal devices, all things such as household appliances, houses, automobiles, are connected to “Internet of Things (IoT)”. IoT does not belong to any existing market. The even wider “Internet of Everything (IoE)” may even have the hidden possibility of changing the basis of the society lying inside.
Technically, it can be viewed as a chip-to-chip communicating technology within a smallest unit (node) connected to the network. It is different from the current network technology that the amount of the nodes may be up to trillions to tens of trillions (Trillion Nodes). For example, if the world population is seven billion, each person is surrounded by nodes at the amount of thousands. Those chips contain not only personal information, but also those systems controlling machines surrounding each person. Practically, it is impossible that everyone carefully and frequently manages those chips. Even under central control by well-trained experts, it is also impossible that there exists a computing resource which can handle trillions of nodes simultaneously. Even has it been developed, who should be in charge of the management system? It is inappropriate to have a single private enterprise to implement. Based on current situation, it is also inappropriate and impractical to have an artificial intelligence which is superior to a human being to handle that.
What may happen if we are unable to handle that? Imagine an auto-driving vehicle having high-volume Lithium-ion batteries being hacked, and it would be easy to understand. There could be a lot of auto-driving vehicles being remote controlled to move to targets (The White House, The U.S. Capitol, etc.) then being overcharged to cause big explosion. Similarly, imagine how dangerous it would be if someday an explosion happens in the garage of shopping center by remote-controlling those vehicles, two high-speed trains or bullet trains collide by manipulating the train control system, or a nuclear facility having atomic reactor or an air traffic control system is hacked.
It is too hasty to say that we will have no problem because the networks of such important facilities are insulated with strong firewall from the common internet, or are physically isolated. In fact, a nuclear facility in Iran have been severely attacked by a malware called “Stuxnet.” (For example, Non-Patent Literature 1: http://www.washingtonpost.com/wp-dyn/content/article/2010/10/01/AR2010100106981.html).
There were several different versions of the attacking method of Stuxnet, the most believable one is attacking via mobile devices or USB storage devices. Once Stuxnet has been placed in the internet, it spends several months waiting for the opportunity to invade the targeted system. Even it is protected by a strong firewall, Stuxnet still can invade the USB storage devices or the mobile devices and wait until those devices are carried into inside the firewall and then the devices are connected to a terminal inside the firewall. Once connected, Stuxnet opens the backdoor and manipulates the PLC (programmable logic controller) of the centrifuge to start remote control it. By doing so, those one thousand centrifuges in the nuclear facilities in Iran are repeatedly accelerated and decelerated rapidly; and thus become damaged. While inside the physically isolated systems, Stuxnet attacks them by itself.
The damaged centrifuges in the nuclear facilities in Iran were insulated from the common network, but they had to be connected with the mobile devices of the manufacturer of those centrifuges at the periodical maintenance. If the centrifuges were connected with the common network, the centrifuges were not necessary to be connected with the mobile devices of the manufacturer. However, these connections were needed because the centrifuges were insulated. Furthermore, even if Stuxnet infects non-target hosts, it does nothing and hides. Thus, it is very difficult for any anti-virus software to detect it.
The Stuxnet attack is deemed to defer the nuclear research in Iran, and to prevent Israel from launching air strikes against Iran. However, what is dangerous is that the source code of Stuxnet has been stolen and leaked. There has been new malwares very similar to Stuxnet appeared since in 2014. (For example, Non-Patent Literature 2: http://www.wired.com/2014/07/usb-security/).
The virus which is called BadUSB manipulates the firmware of a USB device, instead of hacking into the PLC of an industrial equipment. A USB device is usually connected to another device, thus it usually has an identification mechanism for such a connection. The identification mechanism is built in the firmware. The firmware is stored in the controlling chip of the USB device and is used to control the program of the chip. BadUSB steals the identification from the firmware and does nothing to the equipment which the USB device is connected to. For example, BadUSB does not infect the personal computer, but it steals the IDs of the mouse and the keyboard used to control the computer. By doing so, the hacker who is on the other side of the earth can remote control other's computer. Because the virus does not infect the computer, it is then impossible for the anti-virus software to detect BadUSB.
The smallest communication unit (node) in IoT/IoE is the controlling chip of a machine. The controlling chip has controlling program (firmware) stored inside. The firmware has identification code for identifying each chip. The above mentioned new attacking method of remote controlling auto-driving vehicles can be done by stealing the identification code to remote control.
It may become possible for some hacker groups to conduct the synchronized terrorist attacks like the 9/11 in the future. This kind of new threats may not be eliminated by adopting the conventional counter-terrorism policy or conventional cyber security technologies.