Counterfeit chips, including gray market and rogue chips, have created an ongoing, multi-front battle for the semiconductor market to the tune of $75 billion annually, according to ResearchAndMarkets.com. The threat is more significant and broader than the chip maker’s bottom line. Counterfeit chips have numerous hidden dangers, including higher failure rates, corruption of data that can cause a system malfunction, exfiltration or stealing of proprietary information, and making systems vulnerable to cyberattacks. If we look at lessons from the past, the market could be at an elevated risk now.
History tells us that during times of extreme shortages, manufacturers struggling to meet demands, whether intentionally or not, are at greater risk of purchasing counterfeit or gray market chips. With potential disruptions to the semiconductor supply chain caused by the global COVID-19 pandemic, the likelihood grows that counterfeit chips will find their way into products. This risk, combined with the fact that electronics play an ever-increasing role in our lives, opens us up to a potential cybergeddon.
Let’s examine the automotive industry as an example. Even putting aside autonomous vehicles for a moment, chips are critical to an unprecedented number of systems in cars. A counterfeit processor inside the anti-lock brake controller could fail on the approach to a busy intersection. Rogue code inside a fake semiconductor could shut down the engine on a freeway. In a scary and well-documented scenario: malware inside a counterfeit chip could be used to remotely seize control of a car or brick its system in a ransomware attack.
Now adding in artificial intelligence (AI) and machine learning (ML), which increasingly permeate our lives, the risk grows exponentially. Taking the same automotive use case as we advance to autonomous vehicles, there are more chips required for operation, and more danger of adversaries using counterfeit chips to hijack cars, or the possibility of a rogue chip “simply” failing and causing fatal accidents.
The response is to rise to the challenge with solutions that build assurance in the chips that power our world and to maintain that confidence throughout the entire lifecycle of those chips. This starts at the silicon level, building in trust into the chips at the time of manufacture to ensure authenticity. This process needs to include:
- A strong verifiable identity for chips and devices, using keys and certificates
- The provisioning of authenticity during the semiconductor manufacturing process
- Long-term traceability of chips through their entire lifecycle
- A public and low-cost mechanism for verifying chip ID and authenticity
At its foundation, this entails the secure provisioning (injection) of each chip with a unique cryptographic key into a known secure area of that chip such as a secure memory location or one-time programmable memory. To ensure authenticity, the provisioning process should be completely automated, requiring no human intervention (or opportunity for tampering). Keys can then be securely generated in air-gapped systems, known only to a single party: the chip maker or its customer.
This secure provisioning process cryptographically binds the device keys to their identity details. This allows for the authenticity of the chip (and by extension, the electronic system that contains the chip) to be verified at any time, anywhere in the world, by the OEM. This cryptographic process provides assurance of the chip’s authenticity by allowing it to be challenged and confirmed. Even if a counterfeit chip were to be provisioned with a key, the cryptographic mechanisms of the key management service would immediately identify it as a fake, generating an alert for appropriate action.
The trust established in the manufacturing process provides the basis for in-field secure updates, which, sticking with the automotive theme, is where the rubber meets the road. In-field updates allow OEMs or designated entities to fundamentally change the way a semiconductor operates such that a single version SKU of a chip can serve multiple purposes depending on the equipment in which it is installed, such as an ML accelerator that can be configured for L2 or L3 ADAS systems. Features can be enabled or disabled, different firmware can be activated or interfaces adjusted. Not only can device functionality be improved, but OEMs can also see an additional path to post-sale monetization.
When a chip reaches its end of life, in-field provisioning allows a “brick” command to be sent to the device which would set the chip into a permanent state of non-operation. Not only does this safeguard proprietary IP, it also ensures the chip won’t be recirculated into use as a counterfeit chip.
As our dependence on digital devices and the benefits they bring grows, so too must the safeguards we put in place to protect the value they create. Without these protections, we can’t trust that our devices are operating correctly, or that they will be available when we need them most. COVID-19 has caused massive supply chain disruptions, which could open the door to wider chip counterfeiting. Our call to action is to rise to the challenge with secure silicon supply chain solutions that will safeguard users from ever having to suffer a cybergeddon.