When most people imagine counterfeit goods, they tend to picture the ‘Rolax’ watch that you can buy from that somewhat shady guy behind the local watering hole, or the knock-off purse your relative brought you back from vacation. Most don’t imagine their new security camera containing non-authentic components, or that the military plane seen on the news might be flying with counterfeit chips. Scary, but it’s a reality.
Counterfeit semiconductors are everywhere. Industry estimates are up to 5% of military and medical equipment contain counterfeit parts. The issue isn’t unique to any particular application or geography. In 2017’s “Operation Wafer,” the European-wide Joint Customs Operation (JCO) seized more than one million counterfeit semiconductor devices during a 2-week operation. One million devices – in just two weeks! Industry Week has pegged the fake semiconductor market at $75B, with Havocscope reporting more than $169B in counterfeit parts circulating in the marketplace. The problem is so prevalent that the Global Semiconductor Alliance started a working group on supply chain security.
So…why should fake chips matter to you? Lets talk safety. There is no way to understand how counterfeit parts function. Are they actually doing what the original (authentic) part is supposed to do, or are they operating differently? An even scarier thought, are they intentionally compromising the systems around them? Or are they passing information they gather to an adversary? Confirmed recent incidents of counterfeit parts being found in the field include automated external defibrillators (AED), airport landing lights, intravenous (IV) drip machines, and braking systems for high speed trains. Each of these represent a significant risk to human health and safety.
Device OEMs are forced to address a key question, “if we can’t trust the authenticity of semiconductor components we buy, how can we (and our customer) really trust the devices we make?” Frankly, the answer is “we can’t.”
So how can we fix this? Trust starts at the silicon level, but that trust is only as good as the security applied during manufacturing. That’s where the Rambus CryptoManager Infrastructure becomes a highly valuable tool towards guaranteeing semiconductor authenticity, starting at time of initial manufacturing and stretching all the way to end of life.
During the manufacturing of a chip, whether at an OEM or 3rd-party facility, CryptoManager Infrastructure securely provisions (injects) each and every semiconductor with a unique cryptographic key, or other secure data, in a known-secure area of the chip. Each key is unique to the individual chip and forms the basis of a trusted identity. The process is completely automated. There is no human intervention, allowing the process to take place in just about any facility around the world. Keys are securely generated in air-gapped systems, and only known to the OEM. Once the chip leaves the factory and is placed into a device, the authenticity of that chip can be checked at any time using the Rambus Key Management Service (KMS).
Chip OEMs who use our infrastructure product can provide a chip authenticity guarantee to their device OEM customers, who can then provide the same guarantee to their customers. By cutting down the number of counterfeit chips, we lower the risks to safety and security in electronic devices.