The electronics supply chain is seeing evidence of increased sophistication in the counterfeiting of complex ICs and simple passives, both of which can impact the functioning and safety of the systems that use them.
New technologies are being developed to build trust by helping to identify counterfeit devices before assembly and during failure analysis. It’s too early to tell how effective those measures will be, but individual component identification is becoming an important tool in that effort.
“Trust requires looking at the whole value chain, from design through manufacturing, and carefully monitoring every step,” said Tom Katsioulas, head of trust-chain business at Mentor, a Siemens Business. “Security is about the digital assets. Trust is about the physical assets. And identity connects the two.”
Questions about authenticity can occur at a supplier, with contractors to a supplier, or during the movement of components between contractors and to the customer. The types of anti-counterfeiting options to be used depend both on the value of the component and the consequences of fake components. But they all focus on the ability to uniquely identify a component so it can be tracked through final system assembly.
Counterfeiting can occur anywhere there’s a reliable revenue stream. “There’s $70 billion a year in printer consumables sold into the world,” said Scott Best, technical director of anti-counterfeiting products at Rambus. “This is a remarkable opportunity for counterfeiters. It is a $10 million effort to take apart somebody else’s security chip, completely reverse engineer it (the reverse engineering is completely legal), and print a functional clone. That’s 50 people for a couple of years. But if you can do it, there’s a guaranteed $100 million annual product stream from that chip.”
In addition to lost revenues and profits, safety is driving much of the concern today. “What I’ve seen now are other, more important markets, looking for anti-counterfeiting solutions because of safety issues,” added Best.
This changes the stakes of counterfeiting. “If this is a Gucci bag, you [as a customer] might have lost if you paid for a real one and got a fake one,” said Ophir Gaathon, CEO of Dust Identity. “Clearly, an airbag has a completely different implication.”
Fig. 1: An illustration of the many aspects of the supply chain for an electronic device. Source: Keyfactor
Anti-counterfeiting measures have similarities with traceability, especially when it comes to developing unique component IDs. While such IDs solve two different problems, they go much further with anti-counterfeiting. Critically, wherever economically feasible, counterfeiting protections can be used in a forward-looking manner — as a system is being assembled. They also help in retrospect if a failure ends up being caused by a counterfeit component.
“One of the big problems is being able to identify a part, and there have been different tag technologies that have surfaced over the years to address that,” said John Hallman, product manager for trust and security at OneSpin Solutions. “If you go back 10 years ago, there were attempts to attach DNA tags. They’ve made some progress. Now there are all sorts of electronic IDs, where you have an identifier that is random in silicon, and authorization technologies. We’re looking at verification data as a unique identifier, where you take verification data and attach that to the IP using blockchain technology.”
In effect, that data becomes unique down to the individual bit. “That data can then stay with the device, and if someone modifies it, you can see that,” Hallman said. “This approach turns the problem of trying to look at a piece of IP or chip and assess it into one of how to build this into a device so it can travel along with that IP. The data stays encrypted and is connected in an external database.”