The Threat Of Supply Chain Insecurity

Concerns about counterfeit chips are growing as more chips are deployed in safety- and mission-critical applications, prompting better traceability and new and inexpensive solutions that can determine if chips are new or used. But some counterfeit chips still slip through, and the problem gets worse wherever there are shortages.

Estimates vary widely for how much counterfeiting costs in terms of lost revenue and jobs. In 2017, DARPA pegged the cost at $170 billion in lost electronics revenue. That same year, the Semiconductor Industry Association estimated that counterfeiting cost the chip industry $7.5 billion per year. But all of that happened before the pandemic, which caused severe shortages and long wait times in markets such as automotive and appliances, particularly for chips manufactured at mature nodes using 200mm technology.

So far, there are no good estimates of the total cost of those shortages. But there has been much research into how to identify and prevent counterfeit chips and components.

Mark Tehranipoor, chair of the ECE department at the University of Florida, identified five categories of counterfeit chips — recycled, cloned, re-marked, over-produced, and forged. “We know which one makes up the most, and which ones show up more than others, and it really depends on the type of chips and the market demands for them,” he said. “For example, when we had the chip shortage, the number of counterfeit chips went up because there was demand for chips. The counterfeiters knew that, and therefore tried to bring them to market some of the chips that had demand. Also, the majority of chips that were in shortage, if not all of them, were actually manufactured in older technology nodes, not the cutting-edge ones. In fact, the newest node chips were not in shortage. It was the 65nm, 90nm, and 130nm nodes that had a shortage.”

The counterfeiting problem is growing as the supply chain widens, and it’s bigger than most manufacturers suspect. “When it comes to consumer goods like watches or designer clothing, buying the products in odd places at cheap prices may suggest these products are fakes,” said Konrad Bechler, security consultant brand protection and anti-counterfeit at Infineon Technologies. “Buyers of semiconductors very often don’t realize this is also true for semiconductor components. When treating this as a marginal topic, counterfeit semiconductors might turn into a serious problem, which means the components do not meet the expectations or specifications of the manufacturer. There is always a life-threatening aspect to counterfeits. Just think of an airbag not deploying properly during a crash, or medical equipment like an automated electric defibrillator not working in a life-threatening situation. These are only two use cases. Since semiconductors are an integral part of our daily lives, counterfeits pose a serious threat and will eventually lead to deaths if they don’t meet the specs.”

Heterogeneous integration and chiplets increase the threat. “If somebody is going to put an embedded memory chip onto a die so that a 3nm processor can have some embedded memory without going off chip, that embedded memory chiplet is built in a trailing-edge node,” said Scott Best, technical director, anti-counterfeiting products at Rambus. “It’s not built in 3nm. It’s built in something that has been optimized for embedded memory, and not for high-performance compute. So you isolate the specialization of the chiplets. This seems to be a good idea, and then the CPU vendor will work with a memory vendor. But how do you know that other chip hasn’t been cloned, copied, and something malicious hasn’t been slipped into the supply chain? That’s terrifying. And yes, it’s a solvable problem, but it turns away from being an electronic security problem and it becomes a supply-chain security problem.”

Drivers of counterfeiting
There are various reasons why and how counterfeiting happens. “The most obvious reason is cost savings,” Bechler said. “Many device manufacturers experience price pressure and have to produce products that are cost-neutral. This may drive them to find cheaper ways to develop their products. With this mindset, they are likely to receive counterfeit components. Another motivation to buy counterfeits is the discontinuation of specific components because they have reached their end-of-life cycle. Some manufacturers might need them either for regular production or as spare parts. This is due to devices that are certified in accordance to the end product, and any change in certification is extremely costly. Long lead times might be another motivation. Of course, manufacturers want to serve their customers and get corresponding components in alternative ways, which counterfeiters take advantage of.”

As for the best way to address this, Tehranipoor said it depends on the type of counterfeit chips, because not all counterfeit chips are the same. “There are recycled chips that anyone could do. Anyone, anywhere in the world can take chips off of discarded PCBs, clean them up, and put them back into market. That doesn’t require a tremendous amount of resources or money. The fact that recycling makes up 80% of all types of counterfeits, that’s how prevalent recycling is. Because it’s easy — anyone can do it — you don’t need to invest millions of dollars.”

Cloning is more complicated, particularly if it involves reverse engineering. “Assume an IP is obtained somehow illegally,” he said. “Then one can fabricate it in many foundries across the globe. Stealing IP requires a higher level of sophistication, so you don’t do it to sell the chip for few dollars. This is normally done for chips that are priced higher, because reverse engineering could be expensive. And while I can’t say it’s absolutely true for every type of chip, as chips get more expensive, they may require more effort and a higher level of sophistication to be able to be counterfeited.”

Countering the counterfeiters
Stopping the flow of counterfeit chips requires a concerted effort across the entire supply chain. This is improving, but the necessary measures are still not in place for all types of chips.

“There are solutions that have become much more acceptable and easier to deal with,” Tehranipoor said. “For example, recycling is actually quite easy to detect. If you place an odometer into your chip, which is extremely cheap, it will easily tell you whether the chip was used or not, and how long it was used. More and more companies seem to be receptive to the idea of including measures [like odometers] that are low cost into their integrated circuits to help address this concern. Re-marking is also easy to address using electronic chip IDs, but mostly suitable for large circuits. Cloning and over-production are very difficult to address.”

Others point to similar approaches. “There has been a lot of focus on visual inspection, but electronically there are things you can do,” said Mike Borza, Synopsys scientist. “One of the interesting things is that some of the SLM technologies have ways to measure aging, or at least how much a chip has been used, before you receive it. Some involve direct counter odometers, but there are other kinds of odometers that are based on how the silicon ages as its used. This means you can detect systematic changes like oscillator frequencies or the tuning parameters for PLLs. Those kinds of things indicate a die has been used more than you would expect it to at the age it’s sold to you as. This is all part of that trust and assurance program to try to bring these technologies along, make them more readily available and make them easier to use.”

Some of this is tied into I/O of the chip, but much of this focuses on the clock infrastructure. Borza said there is a lot in terms of PVT monitors and performance monitoring, which people are utilizing for certain kinds of chips. “If you think of a large AI accelerator, which is really an array of things that are all very similar, you can redirect power consumption in one area of a chip if it’s running too hot when I’m transferring the load to a different part of the chip, because functionally it’s still equivalent. You have this redirection of the data to process. It’s a form of load balancing for thermal reasons.”

Fig. 1: NIST developed a way to insert aluminum atoms a few nanometers into the silicon to create a novel ID tag for critical ICs. When probed with radio waves, it produces a unique response. Source: NIST

Supply chain challenges
Securing the supply chain itself is more complex. “In supply chain security, you’re transforming what we call physical trust into electronic trust,” said Rambus’ Best. “So somewhere out there in the world is an air-gapped HSM (hardware security module) that is signing firmware images, and creating key material, and authenticating with tester equipment that has wires down on a chip during wafer sort. The trust of that physical box now is being transformed cryptographically into trust on that chip at that wafer sort step. When that chip leaves wafer sort, gets mishandled by dozens of people, and then shows up weeks later at the final test facility, how do you know it’s the same chip? Now you can test it, because the HSM was offline under physical security, biometrics, guard dogs. It was under lock and key supervision. And now when the wafers are showing up, that physical trust has been transformed into cryptographic trust. That’s the nature of supply chain security. We work on that, as well. In fact, when we deliver product to our anti-counterfeiting customers, we help them manage the supply chain of those chips, because over-manufacturing is a problem. That’s the easiest way to clone a chip. You order 100,000. The fab makes 120,000. So 100,000 go out through the front door, and the other 20,000 go out through the back door, and they’re completely compatible.”

While it’s unrealistic to assume all counterfeit chips can be stopped, the volume certainly can be reduced. “When you think about supply chain collaboration, you’re looking at a very large ecosystem, and they miss a lot of stakeholders,” said Alan Porter, vice president for the electronics and semiconductor segment at Siemens Digital Industries Software. “It’s important to promote transparency and make sure there’s good communication between all the stakeholders in the ecosystem, whether it’s manufacturers or suppliers or distributors. Those folks need solutions and technologies to help them identify the risks, and also take timely action to mitigate those risks.”

Porter said ecosystem players can connect in a trusted marketplace, where they’re able to learn about and acquire different components. This approach is currently immature, but companies realize they need to make this work. This is one of the key reasons Siemens acquired Supplyframe in 2021.

A secure supply chain is an important facet of any anti-counterfeiting program. “A secured supply chain approved by the original component manufacturer (OCM) confirms a product’s origin, lot integrity, and the quality of its handling, storage, and shipping,” said Bechler. “Purchasing products only at OCM directly, or from one of the OCMs authorized distributors, is the best way to avoid an unpleasant surprise. For discontinued products, customers should also check with the OCM to see if there is a distributor that provides long-term storage. If there is no such distributor, knowledgeable FAEs know best how designs can be adapted at reasonable cost. Sometimes there are drop-in replacements, and sometimes a new design will even reduce the bill of material (BOM).”

Infineon constantly provides information to customers about the risk of purchasing components on the open market or from questionable sources. “To create awareness at governmental authorities, we regularly train customs in the U.S., in the E.U., and in Greater China, providing them with knowledge how to identify and seize suspected shipments,” Bechler said. “We also work together with different associations like the SIA (Semiconductor Industry Association), or governmental economic organizations, to increase awareness about the risk of counterfeits.”

But all the dots must be connected. “We have been looking at ways of providing the traceability and data provenance that’s needed to connect those dots, more or less like a CSI-type of evidence chain,” Porter said. “This is where you understand where things have been, all the way back to the raw materials to understand the entire process. You don’t want your materials being blood diamonds. You want to have good social responsibility. While this is not tied directly to counterfeiting, you can counterfeit materials, too. Even the cotton industry gets in trouble because they say they’ve got premium cotton, and somehow garbage cotton gets into their supply chain and their goods aren’t the best. The same thing can happen in semiconductors. You can get raw materials that are corrupted. So this issue goes all the way from raw materials, through the manufacture of the products, and then even tracing the logistics between Point A to Point B.”

Software can be corrupted, too. Everything needs to be tracked and accounted for, using technologies like blockchain ledgers.

“There’s a whole market out there of counterfeit devices, including everything from good devices that have been recovered from old equipment that is being re-sold, to gray devices that have crept out of the factory,” said Lee Harrison, director of product marketing for the Tessent group at Siemens Digital Industries Software. “These are not 100% good devices. They’re failures, essentially, but they end up in the black market anyway. We’re really focused on providing all the embedded security technology to make sure that even within the manufacturing plant itself, the devices are provisioned and given an ID. That gives them traceability right through to where they end up in a vehicle. And if you ever need to replace a certain component or an ECU or a circuit board within the vehicle, you have traceability of where they’ve gone.”

Additionally, when a device is defined as at the end of its life, when the embedded security technology is in place, it can effectively be turned off and can’t be re-used. “There’s a lot of work that goes on in that area,” Harrison observed. “Using things like a Root of Trust, you can provide a complete end-to-end traceability in the supply chain. The automotive market is definitely at the forefront of this because replacement parts and aftermarket parts were fine in vehicles in the past, and even today. But as we move toward more autonomous driving, do you really want to get in a car where someone has just taken it to a back-street garage and replaced an ECU, and you have no idea where it comes from? The same goes for the software. There already are a huge number of regulations involved to make sure you have all of the right elements in place so you can guarantee that the software version that ends up on the vehicle is the right version for that vehicle and that it has not been tampered with.”

Cost vs. risk
Harrison noted that other segments of the electronics industry are just catching up. “If we look at IoT, it’s probably slightly behind where the automotive industry is. But there’s huge desire there, because these semiconductor suppliers are losing money, so it’s in their interest to focus on counterfeiting prevention.”

For the chip provider, it’s always a question of cost vs. risk. “Let’s say Company X sells a lot of analog chips,” said Tehranipoor. “Some of them sell for five cents a part. Would you put a one cent anti-counterfeiting solution into a five-cent part? The answer is clearly no. So many companies perform their own risk analysis to decide whether to include anti-counterfeit solution into the chip.”

Still, Tehranipoor wishes that semiconductor OEMs knew that counterfeiting is easier to detect than they can imagine if all the preventive measures are applied early on in the design process. “Imagine that you have a small authentication IP to drop into the chip, and that IP will be responsible to tell you whether the chip will be recycled, cloned, or re-marked,” he said. “For a chip above a few million gates, it’s easy to do it, it’s worth it. It gives everybody peace of mind. The problem when we go to smaller chips is the risk-cost analysis. What can a company do about it? Nothing really, because they may not even have data to tell you how much of a risk they are taking. How much should they be investing for anti-counterfeiting? It’s hard to say. After all, they care about their bottom line and the profit margin. If they won’t meet their margin, they won’t do it. If a vulnerability exists that was not fixed, it will happen. It’s a matter of time and resources that the attacker will put in. Sometimes design engineers know those vulnerabilities exist, and sometimes they don’t. Many of the chips today are being shipped with known bugs in them. One could argue that it is the same for having vulnerabilities in the chip, as well. Fixing them may delay the production team, and that’s going to cost company a lot of money.”

Security is relative, too. “There’s no such thing as secure,” Tehranipoor said. “Security is like a bear attack. If a bear attacks you, and there are five of you, all you have to make sure is that you’re not the last one. Once the bear catches the first one, the other four are safe. Sometimes businesses look at security that way. Can I make myself a bit more secure so that I won’t be the one that suddenly gets in the news?’ When it comes to many hardware vulnerabilities, there is no such thing as secure. There are no metrics to give you that confidence.”

Even so, Tehranipoor noted there are two approaches chip companies can take — determining the threat model and conducting a risk-cost analysis. “Often in a semiconductor company, they’re being asked this simple question: ‘What is the easiest attack one can fix that has the most risk to the company bottom line and reputation?’ There’s no need to find the most difficult attack that has the least risk, because then the company must spend significant amount of money to get minimum gain in return. How do you make sure you take all the low hanging fruit out of the way, which means that you get 95% of the security problem solved?”

Conclusion
The electronic ecosystem is built on a very secure supply chain that can be tracked back to the manufacturer at any time, but there also are plenty of non-authorized suppliers that function outside the authentic supply chain.

“Manufacturers ensure with contracts and audits that the supply chain is continuously secured,” said Infineon’s Bechler. “However, because pricing is always a key differentiation for device manufacturers, there are times when they do not purchase from authorized distributors. When this happens, due to a lower pricing structure, their security might be compromised with counterfeits. It is vital that every part of the supply chain, from chip manufacturers to software and device providers and consumers purchase from authorized sources and distributors to keep the electronics supply chain secure.”

Some applications are more sensitive than others when it comes to counterfeiting. “For a mission critical application like launching a missile or space shuttle, one needs to perform a thorough integrity assessment, Tehranipoor said. “One of the multi-million-dollar missions by Russia failed several times because they had a counterfeit memory chip in it. This $500 counterfeit memory chip failed such an important mission. That’s the risk we’re talking about. The higher the criticality the mission is, the more seriously we have to take the integrity of the electronic devices we put in place.”