Re: Offshore firmware management

On Sun, 26 May 2024 07:14:54 -0700, Don Y
<blockedofcourse@foo.invalid> wrote:

On 5/26/2024 6:20 AM, Joe Gwinn wrote:

When outsourcing manufacture, what steps are you taking to protect
your IP (in the form of firmware) from unauthorized copying/counterfeiting
by the selected vendor *or* parties that may have access to their systems?

>
What is the capability and desire level of the threat actors?  If it's
an intelligence agency of reasonable large country, you probably
cannot do anything effective.

>
No.  The concern is that the contracted manufacturer (or, anyone with
access to his information systems) decides to go into business in
direct competition, simply by selling YOUR device at a cut-rate price
(not having to recover the engineering/development/warranty/support
costs that you have)

 
OK.  Also, what does the device sell for?  This will dominate the
choice.

>
Nominally $100.  But, one would typically buy a selection of a few hundred per
end user.  "One" would have very little value.
>
Hardware "unit" costs are reasonably insignificant; they are designed to be
easy/inexpensive to produce.  No precision components, manufacturing
tolerances, etc.  If you are committed to "copying at scale", then there
is little standing in your way (i.e., molds, boards, packaging, etc.
are just "costs of doing business")
>
*ALL* of the value lies in the software.
>

[good summary, but big snip]

It sound like you really have only one kind of possible solution.

First, as Phil H suggests, do not provide the firmware to the contract
manufacturer at all, instead install it back home.

Now "install" can mean a number of things.  If you just install a
common firmware image, that contract manufacturer can simply buy a
copy in the US, and reverse engineer it, so that isn't going to work
for very long.

If the hardware has a unique and large hardware serial number (there
are chips that do this), the installed firmware can be adjusted to
know its target serial number, and refuse to work anywhere else.  This
is done with a crypto checksum scheme of some kind, complicating and
delaying reverse engineering. 

Next stronger is to also require the product to contact the mother
ship to complete the serial number. 

How far to go is an economic decision - all you need to do is to make
cloning your product economically pointless.  It is not necessary for
the locking scheme to be bulletproof.

Joe Gwinn