1. Technical Field
The subject matter relates, in general, to an apparatus and method that uses radio frequency RF illumination of electrically powered devices to detect detailed configuration, quality, authenticity, status and state of electrical devices. It further relates to detecting modifications and/or changes in hardware, software, or firmware to the electrical device using unintentional electromagnetic energy emitted from the devices during non-contact RF illumination of the device. It additionally relates to recognition of anticipated, abnormal or unexpected changes, patterns and/or characteristics in the unintentional electromagnetic emissions given off by the electrically powered devices due to the effect of RF illumination.
2. Description of Related Art
The following background information may present examples of specific aspects of the prior art (e.g., without limitation, approaches, facts, or common wisdom) that, while expected to be helpful to further educate the reader as to additional aspects of the prior art, is not to be construed as limiting the present invention, or any embodiments thereof, to anything stated or implied therein or inferred thereupon.
Generally, criminal elements have demonstrated a propensity to use modern electronic devices for illicit purposes. The ability to insert malicious circuitry into parts is well known. The fraudulent reuse of parts is well known. This invention provided a novel approach to detecting parts of this nature to prevent them from getting into and integrated in electronic products.
As stated in a recent Popular Science Article, “The more powerful our microchips, the more capabilities we have”. But when such complexity is paired with massive scale, $333 billion-worth of chips were sold in 2014 alone, it also creates significant vulnerabilities, and an ever-more irresistible opportunity for hardware hackers. In a recent report for the Brookings Institution, John Villasenor, a professor of electrical engineering and public policy at University of California at Los Angeles, wrote “The laws of statistics guarantee that there are people with the skills, access, and motivation to intentionally compromise a chip design.” In other words, more frequent and large-scale hardware attacks are just a matter of time. And when they come, whether from a nation state, a crime syndicate, or a rogue employee, they will arrive in one of two forms: overt or covert.” . . . “At this point, hardware hacking is still in its infancy, and so too are solutions to it. Chip designers primarily rely on protocols that have not appreciably changed for years. For that reason, Villasenor wrote in 2010, ‘Defensive strategies have not yet been fully developed, much less put into practice.’” The invention described herein provides a novel approach to detecting and addressing these threats as well as more standard counterfeiting, misrepresentation or quality control threats.
Conventionally, employed solutions to validate or verify existence of correct, unwanted, incorrect, dangerous, intrusive, defective, malicious, out-of-specification, or within specification changes in firmware or hardware or out-of-specification hardware, or firmware typically utilize methods which require a chip, circuit, IC, component, sub-system or system to be appropriately powered and appropriately interfaced to specified clock and/or I/O inputs within or near specified voltage and frequency ranges and signal characteristics. This typically requires time and specifically configured test circuitry to be designed, tested, and implemented as a platform for the conventional testing means.
Conventional methods or solutions may typically use existing system's own hardware and/or software resources to provide and generate a necessary electrical context for the subsequent generation of signals used to evaluate the electronic entity under test. This approach typically requires initial and ongoing time, cost and physical resources, and a commitment of these resources before the component can be tested. Further, if a device is found to be unacceptable, additional time and effort is typically required to temporarily or permanently move, activate, deactivate, remove or replace the offensive component, board or entire system—depending on device accessibility and economic feasibility.
Further, to the best knowledge of the Applicant, conventional solutions are incapable of testing any arbitrarily chosen pre-existing operating device without typically incorporating an additional interface means such as an added software component or connected hardware component, requiring additional hardware and/or planning expense.
As well as, conventional solutions may not be capable of influencing (without specific forethought related to the specific system to be tested) any arbitrary pre-existing device, sub-system or system in a wide variety of selectable ways, inducing a wide variety of responses, whether in an operational or non-operational state.
Further, conventional solutions may not be capable of influencing pre-existing devices to a wide range of degrees, especially while the devices are under operation ranging from undetectable to the device under test, to inducing specific selected changes in RF emissions and associated operational influences on pre-existing specific hardware components based on design choices and features, subsystems or components contained therein, to complete disablement of the operating device, to permanent disablement of the device.
The existing methods or solutions typically do not address the detection of changes already or previously placed in firmware or hardware circuitry. Further, the existing methods may require an intrusive means, typically including added hardware or software components to the system, effectively modifying its design and/or modifying system's operation to accomplish intended goal(s). The existing methods typically may not be performed in a non-contact, undisturbed, non-powered, unmoved manner and/or an undetectable manner and/or at a distance from a questionable device. More so, to the best understanding of the Applicant, conventional solutions, employed to address the above described issues, are associated with many disadvantages.
For example, the conventional solutions typically may not detect deliberately concealed and temporarily inactive malicious hardware or firmware modifications lurking in an infected system and waiting to be automatically invoked or unleashed when triggered by a condition, a signal combination, a status change or any combinations thereof. The conventional solutions may not be implemented in a separate, portable, unobtrusive, non-contact, and attachment-not-needed devices for inspection of suspected equipment. The conventional solutions may not function without modification of or addition to the aggregate digital signaling to or within, digital processing, or logical operations of the device under test, inspection and/or screening. The conventional solutions typically may not improve accuracy by acquiring a baseline of operations, baseline characteristics, or baseline behavior, without a period of intrusive changes such as data acquisition periods while operating nominally and executing on a known-good system and cannot do this at a distance. The conventional solutions typically may not geolocate or locate an electronic device or area within such device associated with a source of emissions indicating the presence of such undesired modifications or lack of modifications in hardware or firmware. The conventional solutions may not invoke state changes which selectively activate, modify or inhibit such malware activity or malware in firmware activity results from a distance by active Radio Frequency (RF) illumination. The conventional solutions may not determine if active RF illumination has succeeded in a desired malware mitigation state change from an illumination source disposed remotely, at distance, from the device under testing inspection and/or screening.
Conventional test methodologies, to best knowledge of the Applicant, may not be capable of unobtrusively detecting malicious malware in hardware components in unpowered, unconnected devices. Existing methods using unit tests run on individual components or regression tests performed may only be capable of assessing presence or absence of functionality.
Counterfeit and subversively modified electrical and/or electronic components represent a substantial threat to electronic systems. Therefore, there is a need for an advanced apparatus, method and tool with widespread applicability towards electronics employed in security applications and, more particularly, in cyber physical security applications.