Network Security

Detecting and reducing counterfeit chips

In a world where the risks of counterfeit or tainted information and communication technology (ICT) are ever-present, I propose a call to action: 

ICT original equipment manufacturers (OEMs) and our brethren in the semiconductor industry should embark on a coordinated effort to share chip identification information.

What would such coordination achieve? Today, semiconductor manufacturers use a variety of physically unclone-able functions (PUFs) to uniquely identify chips. Ideally, such unique identifiers, with some compilation and controlled disclosure, would allow ICT OEMs to leverage those identities to create “fingerprints” at higher levels (e.g., printed circuit board and system levels). 

Die-level traceability can ensure a variety of positive outcomes. Those outcomes include: yield improvement; enhanced quality; and for the security-minded traceability via identity. This third outcome can serve as a powerful weapon in the war against counterfeit and potentially afford assistance in the prevention or detection of tainted ICT. 

Die-level traceability can ensure a variety of positive outcomes.

Traceability can already be achieved by use of a die/chip PUF, more commonly known as an “electronic chip ID” (ECID). In essence, ECID is a register that contains a unique identifier for an individual die. The data in that register is typically “fixed” and cannot be modified. While this concept is far from universal, it has traction in the semiconductor industry (particularly in complex devices such as ASICs and processors). 

How does this help the ICT OEM community in counterfeit detection and mitigation? In short, these unique identities are readable. In fact, an international standard embracing this concept already exists. IEEE 1149.1-2013, the “Standard for Test Access Port and Boundary-Scan Architecture,” includes a method for “reading” ECIDs as part of the manufacturing test process. Thus, reading the unique identity allows an ICT OEM to validate chip authenticity in the course of manufacturing its products. 

How might this work? Let's walk through a simple model. 

  1. A semiconductor manufacturer programs the unique identity into a register on the device and creates a repository of those unique identities.
  2. That repository is made accessible on a controlled, limited access basis to those OEMs and their manufacturers who are using the chips.
  3. A simple pre-assembly validation step could then be implemented as a first phase of electronic circuit counterfeit detection and mitigation. The OEM would compare the unique identity from the semiconductor manufacturer's controlled register to the list that has been provided by the supplier of the chip.
  4. If the unique identity from the component supplier is on the list from the semiconductor manufacturer, the assembly process can move forward. Next, the OEM would log that specific identity into a list of all those identities acknowledged as genuine but already assembled onto a printed circuit board.
  5. An OEM could thereby detect a potential counterfeit chip by the fact that the identity was duplicated and therefore already used on a board. 
  6. The OEM would also be able to associate each chip and its unique identity to a specific printed circuit board-level serial number. 

By tying ECIDs to printed circuit board- level serial numbers, counterfeit components and printed circuit board assemblies can more readily be detected. Are you ready to join to movement?

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.
Edna Conway

Edna Conway is the CEO of EMC Advisors, a firm that provides board and advisory services to enterprises and governments globally on technology, security, risk management and supply chain resilience. She most recently served as Microsoft’s VP and the Chief Security & Risk Officer for its Cloud Infrastructure program. Edna is responsible for the security and resilience of the cloud infrastructure upon which Microsoft’s Intelligent Cloud business operates. Previously, Conway served as the Chief Security Officer for Cisco’s Global Value Chain. Edna also was a partner in an international private legal practice and served as the Assistant Attorney General for the State of New Hampshire.

Conway is an advisor to numerous capital investment organizations, has served on over a dozen boards and is an inductee into Fortune’s Most Powerful Women. She also serves on the NYU Tandon School of Engineering Cyber Fellows Advisory Council, as a guest lecturer for the Carnegie Mellon University CISO Program and is a Senior Non-resident Fellow at the Carnegie Endowment for International Peace program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds