Interview: Enabling A Zero Trust Defense Electronics Supply Chain With proteanTecs
The growing complexity of military hardware has resulted in a matching increase in demand for onboard processing power. However, the global chip shortage caused by work disruptions related to the COVID-19 pandemic has resulted in an increase in counterfeit computer chips on the global semiconductor market, raising concerns over the integrity of electronics supply chains in both civilian and military sectors.
Recently, proteanTecs and BAE Systems announced a collaboration to develop a “zero trust” electronics supply chain for defense and critical infrastructure. Overt Defense had the opportunity to speak with proteanTecs Chief Strategy Officer Uzi Baruch to better understand the solution offered by the company, and how it can be applied to secure electronic supply chains.
The transcript has been lightly edited for clarity.
To start things off, introduce yourself and proteanTecs.
My name is Uzi Baruch, and I’m the Chief Strategy Officer for proteanTecs. I’ve been with the company for the last two years.
proteanTecs is an almost six year old company, headquartered in Israel with 250 employees. The foundation of our technology is based on the idea of having monitors and capabilities that are embedded during the design of a semiconductor device. These test the performance of the device through its different life stages, all the way from building it to actual usage in the field. We also provide all the applications, algorithms and analytics capabilities to analyze the data that comes out of the chip and test its performance throughout its entire lifecycle.
This partnership is with BAE Systems for zero trust in the supply chain. How do you define zero trust in this instance?
Basically, it is the ability to understand that the device you are using is actually as intended. It uses the original design, it was assembled properly, it went through the entire verification process and is used as intended.
How transferable is proteanTecs’ solution to the defense sector?
There is no limitation in terms of using our technology. It does require a digital portion in the chip, it’s based on digital IP. We put it inside the chip, so as long as the digital portion of the chip enables us to integrate our technology, we are basically unlimited in terms of devices. Today, our technology is qualified by most big foundries used today, so there’s no limitation on the usage.
What particular use cases are you pursuing under the BAE Systems partnership at this stage?
I don’t want to talk specifics on BAE’s behalf beyond what we communicated in the press release, but one thing about our technology that will answer your question is because our technology is not limited to the production stages, you can actually use it over the lifetime of the device. Meaning in actual application, you can measure and monitor how the device is performing, so we kind of give full coverage from three different aspects.
One aspect is ensuring the supply chain, the way you build, test and produce the devices is secure. You are able to track the device performance over the production and assembly stages, and make sure that it is built, used and verified exactly as intended.
The second use case is around device authenticity, making sure that when you ask the device who it is, you always get the same answer. Our technology is a bit different from what exists today in the market, in the sense that we are not destroying anything on the device like SecureID or encrypted code, our technology makes it so you can always ask the device who it is, and the same key will be regenerated all the time based on the device DNA, which is very unique to what we do compared to what exists on the market.
The third one is actually very interesting. Because our monitors are very, very sensitive to the workload and how the chip is being used, even things like over the air updates or updates to the software using the chip, we can sense small variations over time that are not intended from a software perspective. In which case, you would know that if your initial baseline was behaving in a certain way, now someone updated the software and it’s using it, overstressing it or applying functions that were not intended, you can actually track and identify it from a software standpoint.
Those three capabilities are the foundation of our secure solution, and there’s also other stuff around making sure you’re not reusing old devices or using devices that did not pass quality gates, but that’s kind of another layer as we safeguard the device during production.
Could the solution be used to detect unauthorized use of chips using proteanTecs’ solution in devices?
Fundamentally we are a passive technology, so if someone uses a device in an unintended way, they could be detected. However, if you combine the software and hardware together, for example, relying on specific software to activate a device, we can ensure that it is used for that purpose. So it really depends on the integration and how deep you want to go in ensuring the security of the devices for different usages.
One thing I’ve noticed in discussions with other companies is that there is no assumption that military networks will always be connected to the Internet or intranets. How will the telemetry generated by the technology be managed in that case?
There’s three ways to use the telemetry. One is a closed loop inside the chip itself using firmware, so without any connection to the outside world, you can get signals from the IP regarding power, performance and other metrics we look at inside the chip itself, and it’s a closed loop with regards to what we monitor.
The second, which also is not connected, is on the module or system level, which normally has an operating system. We provide embedded code that takes advantage of the telemetry on the edge device itself. Any system that has an OS can actually leverage an embedded library that allows you to access the telemetry data from the chip and make decisions based on it.
Only the third layer is cloud-based, or server based. That could be deployed at a secure location, we do not mandate that you ship data out of the intended network to be able to conduct fleet analysis.
This is probably looking very far into the future, but when it comes to the data generated by chips in military applications, who will own the data?
It’s a very clear answer for us, military or non-military, the data is always owned by the company producing the semiconductor devices. We are just the licensors of the technology, we do not own the data itself. Every company that integrates our technology, whether in the military or the commercial space, is always the owner of the data generated.
Military processors are usually a generation behind consumer chips due to requirements that they be “known quantities”. How can proteanTecs’ technology help with that?
As we said, there’s no limitations on the integration of our technologies into chips up to two generations back. Without going into the details, I can refer to an example we use with any of our customers, we can integrate it from 28 nanometer to the most advanced chips. From a 28nm perspective, referencing it to any other foundry you can think of – 28nm is not the cutting edge by any means. So there are no limitations for integration, even for older chips, we could potentially do it for the right use case and integration purposes.
Could the telemetry generated help convince military clients that newer chip designs are durable enough?
The transition to modern designs can be guaranteed in terms of reliability, performance and so on, because that’s the purpose of the telemetry, right? Different customers use it for different applications, all the way to characterizing and qualifying the device at the early stages. In addition to the transition to a new process node, the telemetry measures the performance and reliability of the device over time. From the inception of the device to its usage in the field, the telemetry is super helpful in getting measurements throughout its lifetime.
The demands for compute power on various military platforms will keep increasing as they become more networked. Do you see this as an opportunity for proteanTecs and the technology?
Power and performance are currently the core of what we do. If you look at the kind of devices being produced today, the ability to measure its actual performance, not running self tests, but actually measuring the performance and taking decisions based on real application workloads, it’s at the core of what we do.
It’s why I mentioned at the beginning that the technology is very sensitive to application behavior, so we have companies thinking in two phases. One is to characterize the impact of the software on the hardware, and so even when they build the device they already know what to expect.
But as military devices are deployed into different conditions, we can continue to measure the actual application performance in the field. When we see how the workloads are behaving, how the operating conditions change and so on, we are very sensitive to that. So, actually applications like that can take advantage of what we measure to really assess and optimize the power-performance equation.
In many cases, we use that technique to preserve power, meaning we already know the margin they take from a performance standpoint, but because we can actually measure what the performance looks like, we can suggest to users to reduce the amount of power they are using, in which case the device would live longer. Also from a reliability standpoint, we provide them dynamic power performance optimizations which are reliable and based on the actual measurements of the workload of the application. That was the original intention for our technology.
My impression was that proteanTecs’ technology is for through-life management of the chips, and it can be put to any purpose it’s suited to.
Correct. The foundation of the technology is data from telemetry and developing the right algorithms. Keep in mind that the telemetry data is one piece of the puzzle, the algorithms and applications are the others. For example, using telemetry data to optimize power-performance is one of the use cases, supply chain security is a second way to leverage the telemetry, but this time to track a device and ensure the integrity of the production processes and over the lifetime of the device. It’s the core technology, and you can leverage that for different purposes.
The press release touches on the lingering global chip shortage. How will this affect deployment of the technology, or is this expected to be resolved by the time any chips are manufactured for BAE Systems?
The chip shortage has exaggerated the situation with counterfeit devices. Because of the shortage, you needed a device by all means, so even if you compromised on quality, went to reuse devices or to the gray market, that was one of the side effects of the shortage. So while companies continue to produce chips, in which case our chips would be integrated into those chips, the shortage created a scenario where those who were not getting what they needed had to compromise, I would say. Some of them maybe knew or didn’t know that they were using counterfeit or reused devices, most probably did not know, which created an exaggerated scenario with counterfeit and reused devices, or compromising quality gates, and so on. So the topic around supply chain security was exaggerated by the shortage
Do you expect the benefits of the proteanTecs technology to remain even outside of a shortage scenario?
Correct. As I said, companies continue designing and producing chips, in which case our technology is part of many devices produced even during the shortage. Because of the shortage, one of the unique capabilities of the technology on the device is the ability to assess the actual device itself. Many techniques today rely on statistical variation to qualify or unqualify devices, meaning that sometimes you would see based on a population analysis, a good chip might be disqualified by a bad neighborhood, for example.
Today there are many statistical ways, and one of the key points about the shortage that we were excelling at was that we qualified every device based on how the device was expected to perform. When we put our telemetry inside, we already know what exactly needs to happen based on simulations, and then we get measurements of the specific device. Then the proteanTecs answer would not be a comparison to a population of statistical variance, it would be based on the actual device performance.
So we would often help save a good device from being disqualified just because we could measure its actual performance, and not just compare it to others and say “OK, because it’s compared to others and it’s sitting in a certain location, I would disqualify it”. From that perspective, we could have helped companies during the shortage to maximize their yield with our technology.