An Introduction to Counterfeit ICs: Counterfeiting, Detection and Avoidance Methods

Introduction

The optimum case in electronics manufacturing is when all the used parts are original and manufactured by an authorized producer, but what if the MCU you are using is recycled and has a short life time? What if the transistor in the input voltage protection circuit is not identical to the rated values according to the datasheet? In this case, your product may have serious problems. The MCU could become out of service due to a short life time, and the input protection circuit is probably going to fail.

Actually, this is not your fault and it is not because of a bug in your design. This is because of counterfeit ICs. You may say: “the MCU chip was labelled correctly and has the same appearance of the original one—this is impossible”. I would say: you are right, but are you sure it has the right silicon die inside?!

Counterfeiters can really make a wealth from counterfeiting. One of the case studies showed that some firm had a $2 million/month revenue of just one part type [1].

The Problem

Sometimes, in the electronics supply chain, manufacturers and developers need to deal with brokers and third-party suppliers, when the authorized distributors are out of stock of a certain part, or when too much lead time is present, or simply when they are seeking a lower price. Whatever the case is, they could be a victim of purchasing counterfeit ICs. There are too many ways and shapes of counterfeiting, and defects start from partial failures to complete failures.

Counterfeit ICs carry many risks and it may not be discovered until the parts are assembled into the PCB. This requires costly rework and wasting a good amount of time.

Is This Problem A Serious Threat?

It’s a rising threat in the global semiconductor supply chain. In November 2011, the US Senate Armed Services Committee held a hearing to address the growing issue of counterfeit parts in the U.S. military supply chain. The defense contractors was investigated about the rising number of detected counterfeits in the supply chain [2].

Moreover, serious disasters can happen as a result of using counterfeit microelectronics. Here are some examples of incidents mentioned in the Semiconductor Industry Association SIA’s report:

• A broker shipped counterfeit microcontrollers intended for use in braking systems in high-speed trains in Europe.
• A broker shipped counterfeit semiconductors intended for use in nuclear submarines.

So, yes. It’s a serious global threat.

The Problem in Numbers

Many reports and studies estimated the impacts of counterfeiting. A report from 2008 by the International Chamber of Commerce estimated the cost of counterfeiting for G20 nations as much as $775 billion each year and will grow to $1.7 trillion in 2015 [2].

Another study conducted by the U.S Department of Commerce from 2005 to 2008 showed that 50% of component manufacturers and 55% of distributors have encountered counterfeit parts [4].

Moreover, Experts have estimated that as many as 15 percent of all spare and replacement semiconductors purchased by the Pentagon are counterfeit products.

Counterfeiting Methods

Hackers, IP thieves and counterfeiters are always adaptive and pioneers in finding new ways to do their job. We will mention the most common ways of counterfeiting in this article.

Experts generally divide counterfeiting methods into categories:

• New parts that are misrepresented and old parts that are sold as new [3].
• Functional and nonfunctional counterfeiting [1].

I have a tendency to the second classification. I think it’s the broader one.

In this article, I will adopt a taxonomy proposed by a paper [2] as a starting point, and I’m going to make some tweaking for the sake of this article.

Remarking and Recycling

It’s the most common way of counterfeiting. More than 80% of the counterfeit components are recycled and remarked [4]. In recycling, components are removed from scrapped printed circuit boards (PCBs) and their package is repainted or “blacktopped” and/or remarked and then they are sold as new parts.

In some cases, the die is removed from the packaging and then repackaged and remarked to the device in demand. What is really dangerous about recycling is when the recycled part is not functional or the prior usages have done some damage to its functionality.

Taking the die out of a package includes acid decapsulation of the plastic package, removing the bond wires (the wires that connect the die with the outside pins) using tweezers, heating the package to loosen die from the leadframe and sanding the back side of the die. Dies are sent later to the assembly house in China for new packaging.

The new wire bond can be a clear evidence of the recycled die, where the new wire bond is placed on top of the old ball.

In remarking, the counterfeiters remove the old marking on the package and mark it again. The purpose of the remarking would be:

• Updating date code: Old parts remarked with current date codes.
• Up-marking: Changing the marking to an upper grading (military or industry grading).
• Remarking failed real parts: some parts are already marked by the manufacturer. These parts failed manufacturer testing and were scrapped, but maybe retrieved from the dumpster or smuggled by employees.

Examples of recycling and remarked parts

Cloned and Tampered

Cloned parts are those ICs produced by unauthorized producers of a part without having the legal IP rights to produce the ICs. Reverse engineering can help to clone the original design of the IP.

Tampered parts are those ICs that possibly include “hardware trojans”. Tampered components can potentially leak valuable information to the counterfeiter. Actually, IC reverse engineering and hardware trojans need a separate article, as it’s a wider subject to be discussed in this article.

Others Counterfeit Types

• No DIE inside: Counterfeiter marks blank packages to the desired device. This can be detected easily using X-ray.
• Some Semiconductor designers ask a foundry/assembly to manufacture and package their silicon designs. Sometime untrusted foundry/assembly may overproduce the original IP design outside the contract and the IP’s owner knowledge. This type is dangerous because the die and the package will look exactly like the original, while overproduced chips may not be tested under the conditions set by the original designers before shipping to the global market.
• Forged documentation. No physical counterfeiting in the ICs, but the counterfeiter would add/change some features of the IC on paper. This can include fake specifications or electrical characteristics.

 

Counterfeit Detection Methods

When you want to secure your home or firm, the first thing you need to do is to think like the thief not like the security guy. The first step to avoid the counterfeit ICs is to know the counterfeiters methods.

Now, if you want to know if someone has stolen your house or firm, you need to search for evidence. The same thing here—counterfeit ICs defects will lead you to the answer of “Is this a fake IC?”.

The defects seem to be countless. A suggested taxonomy of the defects can tell you why!

Some defects are easier to be detected than others. So let’s detect some defects together! By the way, these kinds of defects are the easiest to detect even using your bare eyes.

Examples Set 1 (Exterior Inspection):

These two ICs are blacktopped and remarked and clearly the circled mark has a glaring shift.

In the above picture, there is a clear indication of blacktopping.

Laser machines are used for packaging marking. The vague exposure of the laser beam may cause burn marks on the package.

Examples set 2 (Interior Inspection):

The bond wires as shown in the figure above may be missing in counterfeit ICs as shown in Fig. 13 This may happen when the die is repackaged. X-ray technology is used to detect this defect.

Another case of interior defects is using a completely wrong die. Sparkfun, the American electronics distributor, reported discovering a reel of counterfeit Atmega328 MCUs. After investigation, they found that these ICs has the marking and the package of Atmega328 but with the die inside of a buck controller IC—not even close to the MCU function!

Example 3 (Electrical Inspection):

A case study of a counterfeit opAmp showed that the device failed slew rate testing by 10x and only a comprehensive test including AC’s could identify the fakes.

Counterfeit Avoidance Methods

“A penny of prevention is better than a heap of gold to cure”—an old Arabic saying.

Detection of counterfeit parts is a challenge because of cost, testing time, lack of the metrics to evaluate (sometimes) and the rapid change of counterfeiting technologies.

There are many mechanisms, and each one targets some counterfeit methods and component types as described in the following table:

In this paragraph, we will select a few of these avoidance methods to explain.

Combating Die and IC Recycling (CDIR) Sensor

As the name implies, the concern of this technique is the recycled ICs.

More than one structure in the silicon die can act like a CDIR sensor, and for sake of simplification, we will mention one structure of them: the ring oscillator (RO)-based sensor. More structures can be found in [6].

The RO-based sensor captures the usage of the chip in the field and provides an easy detection capability. This sensor is composed of two ring oscillators: reference RO and a stressed RO. The sensor principle relies on the aging effects of MOSFETs to change the RO frequencies. The approximate usage time of the chip can be calculated using the difference between the frequency of reference and stressed ROs.

Secure Split Test (SST)

As we said earlier in the counterfeiting methods section, some semiconductor designers ask a foundry to manufacture their silicon design and an assembly to package it. Sometimes untrusted foundry/assembly may overproduce the original IP design outside the contract and the IP owner knowledge or even sell the IP design. To prevent this, the manufacturing process can be secured using cryptography as a hardware component locking mechanisms to block the correct functionality of an IC until it is activated by the IP owner during or after the test. The communication flow between IP owner, foundry, and assembly using the SST method [6], as shown in the following diagram:

The IP owner first gets a die’s true random number (TRN) from the foundry and modifies it in such a way that only he knows it (encryption using a private key) to produce a test key (TKEY). The IP owner sends back the TKEY to the foundry for each die. The chip then encrypts the modified TRN by using a public key and tests the die using this modified TRN. It then sends the response back to the IP owner for the pass/fail decision. Either the IP owner will discard the die if the verification result was a fail or the foundry sends it to the assembly when it’s true.

The assembly obtains the TRN from IP owner, and after packaging the die, the assembly tests the parts again. The assembly then sends the response to the IP owner. The IP owner then unlocks the good ICs using the final key (FKEY) and sends them to the market.

 

DNA Marking

This mechanism belongs to a wider mechanism called “Package ID” and targets cases like: designs with no enough space for adding any extra hardware, active components with no authority for changes in the masks and obsolete components that no longer manufactured.

In DNA marking, a plant DNA is scrambled to generate a unique sequence and mixing it in the marking ink to be placed on the package of the IC. When authentication is required samples of the marking ink is sent to the lab to make sure it is valid. This requires a database of valid sequences.

Physical Unclonable Function (PUF)

Physical Random Function or Physical Unclonable Function (PUF) is a function with random output related to the physical specifications of the device. It is random and unpredictable, but it’s repeatable under the same conditions. Because the manufacturing process makes uncontrollable and unpredictable variations, no two ICs are identical, though we can embed a silicon PUF inside each chip and the output of PUF will be unique for each IC.

PFU measures the (response) for certain given inputs (challenge). Many methods are used to get the challenge-response pair. One of them is the delay PFU as shown in Fig. 20. Random variations in delays of wires and gates on silicon leads to random outputs. The arbiter is typically implemented as a latch to produce 1 or 0 depending on which input transition comes first. the PUF can have a huge number of challenge–response pairs where the response is unique for each IC. A trusted database for challenge–response pairs is needed for future authentication operations.

References & Read More

1.

Mark Marshall (2012) Best Detection Methods for Counterfeit Components

2. Ujjwal Guin, Daniel DiMase, Mohammad Tehranipoor (2013) Counterfeit Integrated Circuits: Detection, Avoidance, and the Challenges Ahead.

3. Ujjwal Guin, Daniel DiMase, Mohammad Tehranipoor, Mike Megrdichian (2013) Counterfeit IC Detection and Challenges Ahead.

4. Anju Boby, Dr.G. Mohanbabu, S.Gopalakrishnan (2014) Detection and Avoidance Measures of IC Counterfeits: A Survey.

5. By many (2012) Can EDA Combat the Rise of Electronic Counterfeiting?

6. Yiorgos Makris, John M. Carulli, Ujjwal Guin, Ke Huang, Mohammad Tehranipoor (2014) Counterfeit Integrated Circuits: A Rising Threat in the Global Semiconductor Supply Chain.

7. Counterfeit Integrated Circuits: Detection and Avoidance By Mark (Mohammad) Tehranipoor, Ujjwal Guin, Domenic Forte.

8. Srini  Devadas (2006) Physical Unclonable Functions and Applications