February 23, 2012
By: Murray Slovick
Ever since the first combatant started using new technology in battle in an attempt to gain superiority over his enemy, the response by the other side has been an increased effort to reduce the effectiveness of the breakthrough. This same measure versus countermeasure approach seems to be taking place in the semiconductor industry’s attempts to stem the flow of counterfeit ICs and components.
Existing methods of microchip verification including visual inspections, paperwork reviews and reliability testing are proving to be increasingly inadequate. Even near-perfect copies of holograms somehow become available within days of their initial launch.
As a result, although authorized distribution has evolved and developed best practices and standards to keep up with the growing threat of counterfeit parts, there has nonetheless been an increase in the amount of counterfeit chips reported by customers and IC suppliers.
Now the federal government has stepped in. On December 31, President Obama signed the 2012 National Defense Authorization Act into law, which included the Federal Anti-Counterfeiting Amendment Act, placing liability for counterfeit chips in military equipment squarely on Department of Defense (DOD) contractors. The legislation requires contractors to assure the DOD that the parts they supply are not counterfeit and they are criminally and financially liable if they are.
Responsibility also has been shifted to the contractor to remove and repair any damage created by the use of counterfeit parts. What is more, the Secretary of Homeland Security is charged with establishing a program of enhanced inspection of electronic parts imported from any country that is determined by the Secretary of Defense to be a significant source of counterfeit parts in the DOD supply chain. The law also authorizes information sharing with original component manufacturers to the extent needed to determine whether an item is counterfeit.
Faced with potentially disastrous financial exposure suppliers are turning to what they know best—technology — to minimize the influx of counterfeit products into the supply chain.
We’ll look at two promising new approaches in the arms race going on between IC manufacturers and distributors on one side and chip counterfeiters on the other: 1) the use of DNA (deoxyribonucleic acid) markers to forensically protect electronic devices and 2) the use of physically unclonable identifiers to derive secret keys for a part by employing the inherent uniqueness in every silicon chip.
Recently the College of Nanoscale Science and Engineering (CNSE) of the University at Albany and Long Island-based Applied DNA Sciences, Inc. announced a partnership to accelerate the development of a DNA-based product that irrevocably marks original chips as authentic. The program involves DNA deposition on semiconductor wafers and chips both prior to, and including, final packaging to ensure the integrity and security of processed wafers.
The approach uses uncopyable, full genomic botanical DNA to create taggants – a marker added to materials to allow various forms of testing − to designate the product as authentic in a unique way. The DNA taggant can be added to something already there − such as into the ink that is used to print the component number or lot code − so that there is no disruption to the existing manufacturing process. That ink can then be scanned for rapid detection and authentication.
DNA code is quaternary (uses the base-4 numeral system) storing its content as a linear array of four organic options for each bit. DNA taggants are said to be so complex that they are statistically impossible to duplicate. As such, the sequence of the relevant DNA in a specific taggant must be known in order to manufacture the primer needed for the detection process. Applied DNA Science says it maintains its records of DNA sequences in a highly secure fashion on a cloud-based server. Sequences are encrypted and available to individuals on only a partial basis.
DNA marking is a form of forensic evidence trusted by law enforcement and recognized by international courts around the world. When used to identify individuals or to establish paternity, the error frequency for false positives is less than one in a trillion.
This forensic analysis is very similar to what you see on TV crime dramas. The chip is swabbed with what looks like a cotton swab, which takes up the DNA, assuming it’s there. A lab, either onsite or at a central location, performs several processes and provides a forensic level report for verification.
Any ablation, sandblasting, blacktopping, or refurbishing of the chip will distort or remove the DNA mark. For example, if the DNA is removed by scraping the ordered DNA structure becomes perturbed and the DNA mark becomes unreadable. Similarly, if the DNA is covered by blacktopping, it becomes “unreachable” and the chip is no longer authentically marked. If the DNA is obscured even by partial repackaging it will not be detected, thus the chip will not pass an authentication program.
Last year in a two-month pilot program funded by the Defense Logistics Agency, Applied DNA Science supplied ink containing its proprietary plant-based DNA to a West Coast chip maker (not identified beyond that), which used it to mark the packages of its finished semiconductors. When the chips entered the supply chain, distributors were reportedly able to identify all of the marked chips to confirm their authenticity, according to the company. The microchips themselves were scanned at the chipmaker’s facility, while the DNA-marked outer packaging was scanned at an un-named distributor’s location.
Another hardware security approach, known as Hardware Intrinsic Security (HIS) revolves around Physically Unclonable Function (PUF) technology, where a secret key is extracted from silicon hardware directly and only when required. HIS technology utilizes the inherent uniqueness in each and every silicon chip. Unlike other electronics security technologies, HIS does not use a key stored on the device, which can be vulnerable to hackers, thus attackers have nothing to find because no key is stored or present in the powered down state.
What makes the key unclonable is that it is extracted from the intrinsic properties of the device that originate from variations in the deep-submicron manufacturing process. For example, when a voltage is applied to a memory cell, it chooses its logical preference state: the logical 1-state or the logical 0-state. Each cell has a unique preference state due to its composition; their tiny differences are randomly distributed and lead to a completely random start-up behavior of neighboring SRAM cells on a device. The string determined by all the preference start-up values of the memory cell array can form a random identifier that identifies the SRAM memory uniquely. This identifier is the PUF “key”.
A measurement circuit is able to read out the device-unique characteristics of the PUF and translate this into digital PUF data. In the case of an SRAM PUF, this is simply a circuit that reads out the start-up values of a specific range of SRAM memory that is exclusively reserved for this purpose.
The Hardware Intrinsic Security (HIS) Initiative is organized by Intrinsic-ID BV, a Dutch-based security IP vendor that was spun out of Royal Philips Electronics in 2008. Members of the HIS consortium include Cisco Systems, TSMC, NXP, Microsemi, IMEC, MIPS, SiVenture and Renesas.