Electronics counterfeiting is gaining attention as evidenced by the recent IEEE International Symposium on Hardware Oriented Security & Trust (HOST). More than 250 industry and academic leaders attended the conference to address the growing threat that counterfeit devices are posing to the security of the electronics supply chain. Inadvertent use of recycled, refurbished, or re-marked components can result in significant business risk for a manufacturer's customers, resulting in unwanted returns and damage to their brand value.
The “gray market” & ease of counterfeiting in the electronics supply chain
Because there are so many different companies involved in the electronics supply chain, there is ample opportunity to sell counterfeit chips to the so-called “gray market.” Industry research from KPMG and the Alliance for Gray Market and Counterfeit Abatement (AGMA) shows that gray market sales account for $40 billion in revenue each year and cost IT manufacturers up to $5 billion annually in lost profits.
The gray market thrives because of over-orders within the supply chain. For example, a contract manufacturer (CM) may order more parts than were actually needed for an original equipment manufacturer (OEM) and then dispose of the excess inventory by selling them to anyone who will buy them, especially if the value of those devices can decline rapidly over time (e.g. high performance memory or CPUs).
If a non-authorized distributor purchases the devices, they are now in the gray market and can be resold without regard to the original performance specifications of the device. They may be purchased by a company that has no access to the devices through normal channels (e.g. a company in North Korea) or by a company that needs the functionality of the device (regardless of performance or quality) and will use it in a product line that competes against the real OEM. Unfortunately counterfeit product claims a performance level that may nor may not be achieved.
Other nefarious practices in the gray market include overproduction at the foundry level, where foundries produce more parts, manipulate the yield and production data, and sell excess chips to the market. And in some cases, simple theft of chips or selling recycled and refurbished chips adds to the counterfeiting problem.
Tracking counterfeit devices in the supply chain
The electronics and semiconductor manufacturing industries have technology solutions to limit counterfeiting practices within the supply chain, but they come at a high cost. Currently there are two primary methods, Physically Unclonable Functions (PUFs) and True Random Numbers (TRNs), to track chips. PUFs depend on the uniqueness of their physical microstructure of the semiconductor device. This microstructure and its response to stimulus is dependent on random physical factors introduced during the manufacturing process. These factors are unpredictable and uncontrollable which makes it virtually impossible to duplicate or clone the structure. As a result, each PUF device has a unique and repeatable way of responding to input stimulus and can be used as a unique and tamper-proof device identifier.
TRNs are used to implement a functional-locking block within the logic of the semiconductor device. The functional-locking block's purpose is to ensure that only “unlocked” ICs will have the correct functionality, and only the IP owner knows the correct functional key (FKEY) that will unlock the device. Similar to the way that PGP encryption is used for emails, the foundry provides a TRN to the IP provider who modifies the TRN, and then using their private key, generates a test key (TKEY) and sends it back to the foundry to encrypt each die. The foundry does not know how the TRN was modified so they are unable to know what the correct responses will be to a modified TRN test. There are typically several steps where pass/fail tests are performed based on the modified TRN, but the essential one is after the device is packaged. If the packaged device passes this last test, only then does the IP owner provide the FKEY to unlock the device and sell them into the end market.
In both cases, this anti-counterfeiting technology makes it more difficult for the supply chain to sell off extra parts for unintended uses. However, the costs of implementing PUFs or TRNs into each chip and validating the results is extremely expensive and time-consuming.
Establishing supply chain security with big data solutions
There are several issues that contribute to addressing counterfeiting problems within the supply chain. Connectivity and communication between the supply chains that support the semiconductor and electronics manufacturers are often siloed. here is little to no data shared between the two supply chains and it is further complicated by the geographically dispersed nature of both supply chains.
While hardware solutions like PUF and TRNs can help prevent counterfeiting, big data solutions can easily establish the DNA of every chip and have a record of that chip that dates back to its origin without additional logic or hardware being added to every device. Big data solutions are already used at the majority of global semiconductor manufacturers in test operations. As each chip is registered and tested, these solutions can be used to identify chips that have gone through modifications, which helps identify counterfeit practices. Integration with MES systems and “direct-from-the-source” test data can be used to identify product “overruns” since the foundry and OSAT providers have no way to modify or intercept the stream of data coming from the wafer sort or final test testers. Real-time big data solutions can also improve the overall electronics supply chain integrity and security by connecting CMs to OEMs through the collection and storage of chip IDs and the “test fingerprint DNA” data from billions of chips, that will enable multiple authentication and identification flows that can be shared by semiconductor and electronics companies.
Counterfeiting is an issue that affects everyone from consumers to military operations. As we head into the era of the IoT, supply chain security will become an issue of the utmost importance. It's difficult for organizations to justify the costs to combat counterfeiting, but if the same big data solutions that are improving overall yield, quality and productivity can double as counterfeit prevention solutions, more organizations will begin to take a more active stance to limit counterfeiting in the semiconductor and electronics industries.