Counterfeit IC threat evolves with spread of clone parts

3The better government and industry get at detecting counterfeit parts, the better counterfeiters get at fooling detection techniques, especially today with remanufactured or cloned parts adding to the threat. They are an imminent threat as they can permeate military systems, from fighter jets to nuclear submarines, and cause catastrophic failures.

components that find their way into the military supply chain could contaminate jet-fighter , radar systems, and nuclear submarines potentially causing cause loss of life. They look exactly like legitimate integrated circuits (ICs), but have not gone through the rigorous testing and qualification process for use in military systems.

The U.S. government has taken measures against the threat, including passing the National Defense Authorization Act (NDAA) rule on the Detection and Avoidance of Counterfeit Electronic . Millions of dollars are being spent by the military and industry to mitigate this threat, but counterfeits continue to proliferate on the open market and are only a click away on the Internet – all with the potential to affect every area of life that depends on technology.

“Counterfeits threaten every area of the electronics industry, from high-reliability industry applications such as defense and aerospace, medical, automotive, energy and telecom down to the entire commercial sector,” says Tom Sharpe, Vice President of SMT Corp. (Sandy Hook, New Jersey; www.smtcorp.com). “[It] is getting much worse as counterfeiters are not only still producing traditional counterfeits – original component manufacturer (OCM) devices which have been modified/altered and misrepresented to appear as new and unused OCM devices – they are now creating ever-increasing amounts of advanced counterfeits or clones,” he continues. “In other words, they are creating their own parts which unfortunately, are very similar physically and electrically to the real OCM parts, which makes it easier for them to defeat the inspection process. Clones, essentially, are a growing competitor in the open market to authorized supplier sales.”

“The counterfeiters are continuously improving their ability to counterfeit product,” says Dan Deisz, Director of Design and Technology at Rochester Electronics (Newburyport, Massachusetts; www.rocelec.com). “No longer is it the case of them banging parts together then washing them over a bucket in a river as portrayed in many media reports. That impression of counterfeiters is still out there, but the reality is that these folks have made real investments and are doing a far better job of not only how they pull parts off of boards and how they re-mark products for what we look for. They are carrying it one step further by product and trying to make money off of their silicon instead of off the OCM’s product.”

21
Figure 1: Counterfeit parts that make their way into a fighter jet like the F-16 could cause catastrophic failure of the aircraft. (U.S. Air Force photo/Staff Sgt. Nick Wilson)
(Click graphic to zoom by 1.9x)

Much like cybercriminals, counterfeiters continuously evolve their techniques to sidestep every new detection method.

“Escalation in detection capability and awareness within the electronics industry over the past several years has predictably inspired the counterfeiters to get better at what they do,” Sharpe explains. “SMT first detected highly advanced clone devices back in 2012 and they have continued to proliferate. We had to refocus our labs on understanding what this new component threat looks like and how to reliably detect it. To do so, SMT has invested heavily in additional high-end inspection equipment, training, significant electrical testing capability, and qualified component engineers.”

Defining counterfeits

Lee Mathiesen, Operations Manager at Lansdale Semiconductor (Tempe, Arizona; www.lansdale.com), says that “there are three kinds of counterfeits:

1) The wrong part in the right package refurbished to “look” like the part. These don’t work when put in the system, so the only real loss is the procurement cost.

2) Product pulled from electronic waste (Ewaste) that is the correct function, but is refurbished and marked to reflect a different date code, part number, screening level, etc. These are dangerous because they may work at room temperature, at least for a short time. They always fail at the worst possible moment, however, and may cause a loss of the system and mission.

3) Parts that are new, and look and act just like the originals, but they may be tainted to fail or disrupt operation. These include the clones that have been surfacing lately, which raises the question: What organization of counterfeiters can afford to reverse engineer and fabricate these parts? How can they expect to compete with the OCM manufacturer who has amortized the engineering cost over hundreds of thousands of parts? Who is paying for the overhead? A nation-state perhaps?”

Traditional counterfeits still out there

Although industry is vigilant in its search for clones, the old threat of traditional counterfeits still exist and must be guarded against (Figure 2).

22
Figure 2: Pictured are traditional counterfeit ICs. (Photo courtesy of Tom Sharpe.)
(Click graphic to zoom)

“Traditional counterfeits are not going away anytime soon,” Sharpe says. “China continues to turn a blind eye to the rights of intellectual property (IP) holders and instead provides a host country to a billion-dollar black-market industry for the creation of counterfeit electronics. They will continue to produce large quantities of crudely refurbished used parts as long as there is a market who continues buying it.”

Government response to the threat

Authorized suppliers are adept at policing themselves, but they can only do so much. Only the U.S. government can enforce the laws and prosecute the counterfeiters.

“The government writes new laws, and has been chasing down and prosecuting more traffickers of counterfeits, and has been seeking heavier penalties,” Mathiesen says. “We will see just how much the justice system believes that knowingly selling counterfeit parts to the Department of Defense (DoD) is really an act of sabotage on a DoD weapon system. The most recent prosecution is of a man named Peter Picone, who comes up for sentencing next month. The severity of his sentence should tell us a lot about what the judges will do in the future with these saboteurs.” [Editor’s note: Picone reportedly acquired ICs from China and then sold them to the military for use on U.S. Navy nuclear submarines, but before they were installed they were discovered.]

“The DoD and major DoD original equipment manufacturers (OEMs) are much better than others at being vigilant and taking the necessary precautions to combat counterfeits,” Deisz says. “The only time it gets squishy is when you go to contract manufacturers (CMs) and they are incentivized to reduce price. You can’t be sure of what shortcuts the CMs might take to meet those price goals. DoD OEMs do far better jobs at filtering and limiting choices as far as who they buy from, but unfortunately they still don’t look everywhere for authorized solutions.

“There is still a part within the DoD where there is a wicked back and forth on how to manage in the supply chain,” Deisz states. The OEMs more or less “design in” obsolescence up front and nothing has changed regardless of product price and how much time they allow up front for design. However, the DoD wants more flexibility in who they buy from and with price as they continue to deal with budget-cut pressures, which creates the risk that counterfeits may find their way into a DoD system.

“We always assume it is the older technology systems where spare parts have become obsolete, but that is not necessarily true,” Mathiesen says. “Probably more than 50 percent of the counterfeit product found is parts that are still in production at either the OCM or an authorized aftermarket manufacturer. Counterfeits are not a manufacturing problem, they are a procurement problem. If you don’t want to buy counterfeit product, simply don’t buy them.”

“The Counterfeit Components Avoidance Program (CCAP)-101 program is designed to accept only new and unused components as the OCM shipped them,” says Leon Hamiter, Consulting Engineer at Components Technology Institute Inc. in Huntsville, Alabama, which offers the CCAP-101, www.cti-us.com). “We don’t even allow re-tinning of the leads. If you do that you have essentially destroyed the part as originally supplied.”

Defeating the threat

Defeating the counterfeit threat will rely on new technology for detection, cooperation with the authorities, and an ability to keep the counterfeiters from learning about new detection methods.

“We continue to work with the government on the advanced counterfeit challenge, and share information at the right levels,” Sharpe says. “One of the biggest problems with defeating traditional counterfeits has been that each time a new detection method was publicized, the counterfeiters were able to learn what wasn’t working and improve upon it seemingly overnight. This public sharing of detection methods needs to end with the highly advanced counterfeits of today – otherwise we will continue to educate the bad guys.

“For example, a new SAE test standard, AS6171, getting released by the end of this year or shortly after, has already been defeated by clones, as it is designed to detect traditional counterfeits,” he adds.

Don’t tell the enemy

During World War II, the Allies kept the fact they broke Germany’s Enigma code a secret at all costs, knowing that if the enemy found out, they could change their codes and the war could go on much longer, costing potentially millions of lives. Many in the semiconductor industry believe that they need to take the same approach with counterfeit detection techniques and stop publicizing their methods, because the counterfeiters are watching and learning.

“The continuously advancing clone threat will not be defeated by published inspection standards but instead through closely-guarded new detection technologies,” Sharpe says. “Over the past three years, Battelle Labs in Columbus, Ohio, has done just that by developing the “Battelle Barricade” system specifically to counter the advanced counterfeit threat. I believe this highly-advanced detection system and others like it will become part of standard mitigation processes in the years to come.”

Barricade enables “nondestructive authentication of electronic components from both trusted and untrusted sources, enabling separation of cloned or counterfeit components from authentic ones at a dramatically lower cost than alternative methods,” according to a Battelle release (www.batelle.com).

The system, which is made up of electronic component signal-acquisition hardware and software, is installed at user sites. The validation process for Barricade consists of placing the IC into a “chip socket in the Barricade hardware to receive confirmation of authenticity or detection of counterfeit or cloned components within seconds,” according to the release. The system, applicable to both and digital devices, determines authenticity based on electrical signatures and a classification algorithm that creates identity signatures for each class of chips in a given class of authentic devices. Only a few authentic chips are necessary to enroll an entire class of chips into the system. Battelle officials say that the process can be performed at any point in the supply chain to reduce the risk of counterfeit components as well as to address new regulations that may arise for anticounterfeiting.

Trusted sources and proper testing

So what is the best approach for DoD OEMs and government agencies?

“Using authorized suppliers wherever possible is the best answer to the counterfeit threat,” Sharpe says. “Authorized suppliers such as Avnet, Arrow, etc., and aftermarket ones like Rochester Electronics and Lansdale Semiconductor are your best bets to mitigate this growing threat. Clones have made it much more important now than it was five years ago to work with the authorized part of the supply chain wherever possible for components.”

“There are two approaches for dealing with counterfeits: prevention or detection when they do not have positive traceability to the OCM,” Hamiter says. “For prevention you need the samples to be of consistent production with same lot or date code and no signs of being reclaimed or remarked. Samples are x-ray inspected and decaped to verify consistent internal construction to see if the markings are consistent to the external markings. When the date on a die shows it to be newer than the external date code, assigned by the OCM makes it a clear counterfeit.

“A typical counterfeit analysis practice starts by looking for markings inside the package on the die. This requires a microscope with adequate magnification to see the die markings and if the wire bonds of die harvesting and repackaging,” he continues. “There are also tests that can be done to see if the packaging material has the proper ESD characteristics. If it does not then you should assume it has been tampered with and declare it counterfeit as there may be ESD damage.”

“Part of the insidious nature of clones is that they work at room temperature but not in extreme hot and cold environments,” Deisz says. “If a user doesn’t have the methodology to test beyond room temperature, they won’t discover it doesn’t work till it gets in the field. Brokers don’t necessarily have this advantage or capability, yet claim they never see cloned counterfeit technology. How can they know?”

“Buy authorized. Whether it be from the OCM, their authorized distributor, or the authorized aftermarket manufacturer,” Mathiesen says. “There is no 100-percent guarantee that any amount of nondestructive testing will catch every type of counterfeit product, and 100-percent destructive testing leaves you with nothing to use in your system. If you procure product from the authorized chain, the odds of obtaining a counterfeit product fall nearly to zero. If you buy product from the broker market, the odds of buying a counterfeit increase dramatically. If you absolutely cannot get the product through the authorized chain, it may be time to redesign the system.”