Obsolete and counterfeit electronics remain challenges for the military

Story

August 29, 2019

Legacy military electronics systems are a frequent target of counterfeiters, a common problem driven by obsolescence. Nondestructive testing solutions are emerging, however, that can help detect counterfeits.

Counterfeiting of electronics and components for military systems is widespread, posing an enormous challenge for designers and users. Many military systems are 40 years old or older, so replacement parts can be difficult to find.

Because so many systems with legacy components need to go outside of traditional channels for purchasing devices, buyers tend to encounter counterfeit components of various types within their supply chains, particularly specified parts that are older than a decade, which is nearly every military system in existence.

“We’re going to be flying the B-52 for a century,” points out Thomas Kent, manager of Microelectronics Trust & Assurance at Battelle (Columbus, Ohio), a nonprofit applied science and technology development company.

“Because of the mismatch with the design cycle and the production cycle of modern electronics, we have an obsolescence problem,” Kent says. “It’s part of the problem and why we get used components from gray markets and the like. The dedicated production of cloned devices is another set of problems because somebody tries to build what are essentially replacements for legacy devices, but they aren’t necessarily authorized by the original manufacturer.”

Scope of the problem

How big a problem are obsolescence and counterfeits of semiconductors, integrated circuits (ICs), and electronics for the U.S. military? “Quantifying how big a problem semiconductor obsolescence is for the U.S. military requires some guesswork, as does gauging the size of the counterfeit problem,” says Dan Deisz, director of design technology for Rochester Electronics (Newburyport, Massachusetts). “The risk goes well beyond the military and is industrywide; it affects all users. No one wants to discuss either obsolescence or counterfeit devices until a product in the field requires a critical component.”

Obsolescence is and always has been a certainty driven by the law of supply and demand, where supply-chain disruption creates an opportunity for the introduction of counterfeit product, according to Deisz. “Counterfeit awareness at the first-level military primes is significantly better than it was five to 10 years ago, but lower-level subcontractors still purchase unauthorized product based on price or lead time where they feel it is necessary to meet schedules or margins,” he explains.

When the term “counterfeit” is used, that word should also mean previously used genuine parts that are being sold as new within that product population, Deisz says. “These are the counterfeit products that create the biggest challenge.”

Used genuine products have “all of the correct date code information and die/package from the original manufacturer,” Deisz says. “Problems arise because test houses don’t have the original test programs used by the original component manufacturers (OCMs), who are the intellectual property rights holders of the product, for these products. Test houses can only provide their best effort based on what they have been contracted to test. The contract manufacturers who use the test houses also don’t have the OCM’s real test programs and they will rarely order lot-by-lot reliability screening or pay for extremely detailed testing. Consequently, used parts can be genuine but are less reliable.”

Another challenge comes from device clones, particularly if the original manufacturer isn’t involved to validate the product and only room-temperature testing is performed. “These device clones from unauthorized sources could easily have malicious circuitry onboard,” Deisz notes. “They may be capable of passing simple room-temperature testing per datasheet specifications, but they may not be capable of passing complete testing over temperature per the OCM’s test program. When a device clone is believed to be discovered, the OCM should be involved for proper validation.”

Counterfeit detection

Counterfeit microelectronics come in a wide variety of shapes and sizes and different levels of sophistication. The level of fraud can range from simply scraping a label off and putting a newly printed one on all the way to passing it off as advanced new silicon. Microelectronics can also be reverse-engineered and built again.

“There are many challenges for detecting counterfeits within a supply chain,” Kent says. “Counterfeiters often are able to functionally mimic a device’s original design intent. If you look at the data sheet for a counterfeit device, does it do what you tell it to do? Chances are you’re going to get the same result. It’s usually detected via more nuanced signals like performance over temperature, things like resisting certain elemental content tests, but even some of those are pretty easy to replicate.”

Battelle has developed unique nondestructive electrical tests for devices to detect counterfeits ICs, essentially looking at the second-order effects, or side-channel behavior, of devices. “This really probes the fundamental physics or architecture to really tease out how we measure the unique signatures of the manufacturing process by which these devices were built,” Kent says. “And the neat thing about that signature is that it can evolve over time, so if parts are reused, you’ll tend to see different signatures from those parts than if they were brand-new.”

Battelle’s nondestructive technology – called “Barricade” – measures very minute power consumption of devices. “The difficulty of detecting counterfeits depends on what kind of device it is and the question you want to answer,” Kent explains. “Is it anomalous or is it a known specific counterfeit device from a specific manufacturer? Attribution is a very challenging problem. So we’re working to establish some partnerships with government and industry to really understand how to make these techniques successful and scalable, as well as how to make them a great solution for nondestructive tests for 100% screening.”

Most parts go through some sort of testing – often by a third party – to, at a minimum, see if they match a data sheet. “They typically aren’t tested for other types of behavior,” Kent says. “But it’s something that we think needs to be included in future processes to screen parts for authenticity.”

A significant number of counterfeits come from Southeast Asia, Kent says, because this type of activity tends to be widespread anywhere a lot of e-waste recycling happens: “You can make a buck doing it, but it requires some capital investment up front for more sophisticated counterfeiting.”

The concern is that as counterfeiters become more sophisticated and start creating new parts with designs that they’ve either stolen or reverse-engineered, there’s a possibility of them not just directly counterfeiting the device but also manipulating the device’s behavior to make it meet their end goals.

“Legacy systems are a rich target, primarily because of their reliance on gray-market sources for devices,” Kent says. “Then there’s buy low and sell high, and cost economics, so you go for higher-value things to counterfeit – certain types of chips would have higher market value. Processors and FPGAs and things of that nature are where you want to be especially careful.”

Avoiding counterfeits for legacy systems

Avoiding counterfeits and destructive testing is why the military often chooses to buy from companies like Rochester Electronics or Lansdale Semiconductor.

“We were authorized by the original manufacturers to produce their parts when they discontinued them, so by default we’re supplying noncounterfeit parts,” says Dale Lillard, president of Lansdale Semiconductor (Tempe, Arizona).

If you think about how easy it is to duplicate a Rolex watch, at least so it looks right, faking paperwork and integrated circuit marking is easy, according to Lillard. “Destructive testing is one way to detect it,” he says. “You look at whether the part has been erased, and x-ray the die size to see if the die is the correct size or if there’s even a die in the package. All kinds of processes have been authorized by the government to ensure that parts aren’t counterfeit. But a lot of military parts can be counterfeited. A commercial ceramic part can be made to look like it’s a military processed part, and it’s very difficult to tell the difference.”

Rochester Electronics also provides 100% authorized product, “never buys from open markets, and adheres to a standard (AS6496) that we helped write,” Deisz says. “We’re actively involved in the Semiconductor Industry Association’s Anti-Counterfeit Task Force and provide a significant amount of counterfeit training for U.S. Customs and Border Protection agents.” (Figure 1.)

Figure 1 | Tracking and authorization of product are paramount in ensuring no counterfeit parts are supplied for mission-critical electronics applications. Photo courtesy Rochester Electronics.

Supplying obsolete parts isn’t easy. “The challenges are greater with commercial products because the sales aren’t concentrated,” Lillard points out. “It’s very difficult for companies like us to pick up a commercial product line that we know the military needs. Because they buy so many different products, it’s expensive to try to support. And, for the most part, it’s getting more difficult to try to pick up product lines to support the marketplace because volumes are just too low to maintain production.”

Emerging trends and threats

During the past decade, researchers have worked to translate what’s known about destructive testing for counterfeits into nondestructive high-throughput electrical testing that can be done automatically in a test facility.

The field is now starting to mature around a few different electrical test approaches, with second-order effects among them. “There are many groups engaged in various aspects of gaining a better understanding of the fundamental physics, how we can build the best instrument and validate it, and Battelle is involved in this work,” Kent says.

Another trend, Deisz points out, is the continual evolution of counterfeit-device detection methods being classified broadly into two categories: “track and trace” or “known good library” of parts. “From what we’ve seen, counterfeit-detection methods fall into one of these two categories and both have significant shortcomings,” he says. “The first step in avoiding counterfeits is to buy from authorized sources when available.”

One emerging threat Deisz sees is unmarked devices being shipped into the U.S. “Unmarked devices are a threat because U.S. Customs can’t stop products without a mark,” he says. “This essentially allows used products to be marked and then sold as new within the U.S.”

Moreover, while the use of commercial off-the-shelf (COTS) technology “allows us to take advantage of innovations, it’s not necessarily optimized for Department of Defense (DoD) applications,” Kent says. “But the challenge of going back to a 1980s model of making everything bespoke is simply that the DoD needs to be able to leverage commercial innovations, specifically in microelectronics, because the industry out-invests the government significantly in terms of R&D and fabrication capability in making advanced systems. In the area of microelectronics, we’re really along for the ride.”