January 2018: Component Counterfeiting

Happy New Year! Welcome to the January 2018 edition of the Embedded Artistry Newsletter. This is a monthly newsletter of curated and original content to help you build better embedded systems. This newsletter is intended to supplement the website and covers topics not mentioned there.

This month we'll be taking a look at the problem of electronic component counterfeiting and new anti-counterfeiting developments. We'll cover:

  • The problem of component counterfeiting
    • Detecting counterfeit components
    • New DARPA anti-counterfeiting initiatives
    • Using blockchains to establish a component "chain of trust"
    • Steps you can take to protect against counterfeit components
  • Recommended articles from around the web
  • Embedded Artistry website updates and popular posts

The Problem of Component Counterfeiting

Hardware designers face a variety of challenges today. Critical hardware components, such as NAND, DRAM, and OLED displays are experiencing shortages and long lead times. Companies are increasingly compressing schedules and striving to reduce the cost of producing their products. Driven by these schedule, price, and supply constraints, engineers and manufacturers will often acquire components from smaller distributors, electronic markets, scrap electronics dealers, or even eBay. The largest risk of using these untrustworthy sources for component purchases is the risk of receiving counterfeit parts.

Counterfeit components are introduced in a variety of ways, such as recycling old components from end-of-life products, recycling scrap electronic material, selling out-of-spec components, selling factory rejects, creating a cloned part, remarking parts with a higher-grade (e.g. commercial-grade parts marked as industrial-grade), or forging documentation.

One of the largest risks with counterfeit components is that they almost work correctly. Take this example of counterfeit electrical safety outlets - a component you probably don't think twice about:

Authorities in Suffolk County, N.Y. seized counterfeit electrical safety outlets—used in bathrooms, kitchens, and garages to guard against electrical shock—bearing phony UL logos. The bogus parts had no ground-fault-interrupt circuitry. Had they been installed anywhere near water, the results could have been fatal.

Many counterfeit components do not have such egregious and easily detected problems such as missing circuitry. Instead, the electrical characteristics of counterfeit components such as slew rate, current supply, timing, or noise might be out-of-spec. They also tend to be less reliable and exhibit a shorter time-to-failure than their legitimate counterparts. Counterfeit components can wreak havoc on consumer electronics. It would be utterly detrimental if they were to sneak into safety-critical devices like fire alarms, medical devices, or automotive electronics.

Detecting Counterfeit Components

Luckily, those who make counterfeit components are often not very good at it. Legitimate component manufacturers have high quality standards for their parts. In many cases, counterfeit components expose themselves with major packaging flaws. Common visual inspection cues are:

  • Incorrect part numbers
  • Incorrect date codes
  • Impossible date codes
  • Date codes that are in the future
  • Incorrect manufacturer country of origin marking
  • Components with the same lot code shown as being manufactured in different countries
  • Pre-soldered pins
  • Pins pitch is too wide or too narrow
  • Package made with the wrong material
  • Different numbers, shapes, and sizes of IC package indents
  • Laser cut lines in the markings
  • Incorrect font
  • Crooked or misaligned text
  • Incorrect silkscreen on a flexible circuit or PCB
  • Incorrect / incomplete logos
  • Logos that vary from part-to-part
  • Misspellings
  • Using ink-based IC markings that can be removed with acetone

Counterfeit components also give themselves away when comparing die shots between suspected counterfeits and known-good parts. Sometimes counterfeiters do a decent job with package markings, which may cause parts to slip through a visual inspection. Consider this example of a counterfeit Nordic NRF24L01+ transceiver. When the dies between the suspect parts and the legitimate parts are compared, you can clearly see that they are different. Unfortunately, capturing and comparing die shots safely requires the help of a lab.

For more information on spotting counterfeit components (including examples):

DARPA Anti-Counterfeiting Initiatives

The United States Department of Defense (DoD) has taken significant interest in counterfeit components. Most of the components used in military systems are produced outside of the US, where the DoD cannot regulate or influence off-shore IC fabrication. DARPA is sponsoring two anti-counterfeiting programs in order to combat the risk of out-of-spec, unreliable, and counterfeit parts: Integrity and Reliability of Integrated Circuits (IRIS), and Supply Chain Hardware Integrity for Electronics Defense (SHIELD).

The objective of IRIS is to develop techniques for non-destructive IC analysis. One major effort is the Advanced Scanning Optical Microscope (ASOM). ASOM enables researchers to scan ICs and provide sub-micron structural details. The IRIS program also aims to develop modeling and diagnostic techniques to determine the reliability of an IC.

SHIELD is focused on developing a small (100 micron x 100 micron) component that will authenticate electronic components. This component, called a dielet, will be inserted into IC packages by the manufacturer, but will require no electrical connection between the dielet and the host component. The final goal is that the authenticity of a chip can be confirmed on receipt by using a handheld or automated probing device.

For more on the DARPA anti-counterfeiting initiatives:

Using Blockchains

Proposals have started to appear for using blockchains to create a chain-of-custody for electrical components through the supply chain. The key features that blockhains can provide are non-localization, security, and auditability. A public, distributed resource prevents bad actors from hiding information and also helps create a publicly auditable system. Security is controlled through cryptography, which reduces the risk of forgeries and ensures that you can only interact with an account if you possess the correct key. Operations can be replayed and audited by anyone who joins the blockchain network since each transaction is permanently stored in the blockchain.

I think that creating a blockchain-based auditable chain-of-trust is a promising anti-counterfeiting measure despite the current excessive hype around them.

For more on using blockchains to fight counterfeiting:

What You Can Do Today

The best thing you can do to prevent the use of counterfeit parts is to always purchase your components from the original manufacturer or authorized distributors. Reputable suppliers do not want to risk their reputation by supplying bad parts and they do put effort into protecting their supply chain against infection. Buying components from eBay, discount retailers, or electronics markets increases the risk of receiving counterfeit components or recovered scrap material.

A secondary line of defense is incoming product inspection. Components and assemblies should be audited to ensure that counterfeit components are not being used. The inspection can be performed in-house or by a certified lab. If your product does not have an inspection process in place, this paper provides a basic inspection protocol.

We can also significantly reduce the risk of using counterfeit components by changing our expectations. When we apply cost and schedule pressures, engineers and manufacturers will cut corners and purchase from untrustworthy suppliers. By planning for sufficient lead times and paying manufacturer suggested prices we can decrease the likelihood of receiving counterfeit components.

For more on component counterfeiting:

Around the Web

We're already facing component shortages for OLED displays, DRAM, and NAND. It seems that we're likely to face longer lead times for IC packaging in 2018

Amazon announced its stewardship over the FreeRTOS kernel. The new kernel update sports AWS IoT integration right out of the box.

AllAboutCircuits recently posted GPS Times, Atomic Clock Frequencies, and the Increasing Accuracy of GPS. The article gives a quick intro to GPS time and the precision improvements that have been made over the past decades.

Website Updates

  • The Glossary has been reorganized and expanded
  • The Beginners page has new "General Resources", "Hardware" and "Startup" sections
  • The Hardware References page has been expanded with additional resources, including references on counterfeit component detection
  • The Software References page has been updated with more C++ blogs, a list of embedded systems newsletters, general software references, and Jenkins references

Articles Published in December

These posts were added to the website in December:

These were the most popular articles in December:

  1. Circular Buffers in C/C++
  2. Installing LLVM/Clang on OSX
  3. std::string vs C-strings
  4. Implementing Malloc: First-fit Free List
  5. An Overview of C++ STL Containers
  6. A GitHub Pull Request Template for Your Projects
  7. Creating and Enforcing a Code Formatting Standard with clang-format
  8. C++ Casting, or: Oh No, They Broke Malloc!"
  9. memset, memcpy, memcmp, memmove
  10. An Improved Jenkins SCM Sync Configuration Plugin

Thanks for Reading!

Have any feedback, suggestions, interesting articles, or resources to recommend to other developers? Let me know!

Happy hacking!