Dangers of Counterfeit Semi Chips

In 2019, the worldwide fake semi market was estimated at $75 billion according to Industry Week. This counterfeit chip market particularly prevalent in the government and defense industries. According to a US government report, more than 1 million counterfeit electronic components were used in 1,800 instances affecting military aircraft and missiles.

Counterfeit chips were one of the key cyber-attack surfaces that Warren Savage talked about in his keynote address at DesignCon 2020. Such compromised chips are a serious problem for the semiconductor, automotive and consumer industries. For example, a counterfeit chip in a tank could feed details of the payload to adversaries. Rogue code in a fake semi could shut down the air supply of an airliner. A counterfeit chip could be used to shut down a car in a ransomware attack.

To learn more about this growing problem, Design News caught up with Paul Karazuba, senior director of product marketing at Rambus Security. What follows is a portion of the conversation.

Design News: Walk me through the ways that semiconductor chips can be counterfeited?

Paul Karazuba: Counterfeiting chips can be done in a variety of ways and take multiple forms. I’ll explore some of them shortly. Please note that the term “adversary” used here is a catch-all for people who counterfeit.

Design News: What dangers do counterfeit parts present to chip designers?

Paul Karazuba: The dangers of counterfeit parts to chip designers include loss of revenue and reputation of the chip OEM. The primary danger is in the system that the chip is placed into.

Counterfeit chips may function similar to a new, authentic chip. However, there is really no way to know how they will perform.

Grey market chips may function identical, but as they are not sold and warranted by the OEM, there is no guarantee on how they will function. Reverse engineered chips are even harder to forecast. They are typically impossible to visually identify and there is no way to understand how the counterfeit chips will perform in a system, often until too late. Counterfeit chips can exfiltrate data while making the chip appear to function normal, corrupt data in the chip, cause the chip to malfunction; and all of these are hard to detect in complex SoCs. Who made these chips? Why did they make them? Do the counterfeit chips actually operate as the original (authentic) parts were supposed to? Or, more likely, is the chip operating maliciously? Do the chips have ‘trojan horse’ contents designed to surreptitiously compromise the system(s) around it? Are they passing information they gather to an adversary?  Simply put, there is no way to identify them and no way to know what they’ll do once in the field. Indeed, in many countries, there are no legal penalties for either the counterfeiting, or knowingly selling a counterfeit chip.

Design News: What are the most numerous and dangerous types of counterfeit chips?

Paul Karazuba: The most dangerous types of counterfeit chips include those that may be deliberately counterfeited, either in chip design or at the fab and those that are intentionally misrepresented as being of higher performance grade than advertised. For example, several failed space missions may fit into this category such as Russia’s first attempt to go to Mars.

It is challenging to identify which fake chips are more dangerous. The best way to answer that question is not necessarily the method in which the chip was counterfeited, but rather the intended use. A counterfeit chip inside of a home IoT device would likely primarily present privacy risks. However, a counterfeit chip inside of a military device could risk national security. Inside of a self-driving car, human life risk.

Design News: What are some potential solutions?

Paul Karazuba: Rambus believes the best way to guarantee the authenticity of a chip is to (a) provision unique identifiers into the device, during the silicon manufacturing process, that are immutable and (b) provide a cloud-based service that allows system OEMs to verify the authenticity of a chip at any point in its lifecycle, from anywhere in the world. The Rambus CryptoManager Infrastructure product does exactly that.

RELATED ARTICLES:

John Blyler is a Design News senior editor, covering the electronics and advanced manufacturing spaces. With a BS in Engineering Physics and an MS in Electrical Engineering, he has years of hardware-software-network systems experience as an editor and engineer within the advanced manufacturing, IoT and semiconductor industries. John has co-authored books related to system engineering and electronics for IEEE, Wiley, and Elsevier.