Mitigating the counterfeit IC threat
29 March 2016
The huge and growing presence of counterfeit components, including ICs, within the supply chain is a serious issue for electronics manufacturers and resellers involved in component purchasing.
This article looks at the steps that electronics companies can take to protect themselves, in terms of both their supplier choices and their counterfeit avoidance strategy. It also reviews Sentry, an easily affordable and simple to use benchtop device for the testing of
components in Goods Inwards and other areas.
In October 2015, a Massachusetts man was sentenced to 37 months in prison for importing tens of thousands of counterfeit integrated circuits (ICs) from China and Hong Kong, for resale to contractors supplying them to the US Navy for use in nuclear submarines. He also sold components to hundreds of other independent distributors and brokers in the US and Europe, who later sold them on to their customers, including government contractors and commercial manufacturers. The counterfeit ICs were marked as originating from 31 different IC suppliers, including Motorola, Xilinx and National Semiconductor.
This case is just one example. In another, a US Government Senate Armed Services Committee asked a number of defence contractors and some of their testing companies to identify instances of counterfeit parts received over a two-year period. The feedback they received revealed 1800 cases covering a total of 1 million individual parts.
These cases, and an unknown number of others like them, mean that the presence of counterfeit components in the supply chain is a very significant problem - and one that has been growing exponentially. Accordingly, any organisation sourcing components, whether for selling on or use within their own equipment, must accept the likelihood of being offered counterfeits either intentionally or inadvertently, and plan for this reality. It is essential to implement a strategy that minimises the chance of becoming part of the counterfeit supply chain and suffering the possible threats to users’ health and safety, and economic and reputational losses, that can follow.
Cupio has long been involved in helping companies as they develop these strategies; their contribution has been based around supplying the Sentry Counterfeit IC Detector (Figure 1) and X-Ray inspection systems. The Sentry is a small piece of equipment which is affordably-priced and easy for non-specialist staff to use, but has proven to be more effective than larger systems costing over fifteen times as much.
While looking at how Sentry achieves its results, bear in mind that it performs best as part of a multi-faceted counterfeit exclusion strategy. In fact, as shown below, it can sometimes perform more than one role within the overall approach.
Broadly, protection should cover two key areas; how to source products safely from the external market, and how to set up a strategy within an organisation to ensure that robust screening procedures are in place, and all relevant staff are trained in using them.
Developing a counterfeit avoidance strategy
The advent of the Internet has provided easy access to a huge number of potential suppliers, but not all are trustworthy. The least - but still present - risk lies with going direct to the manufacturer or using a franchised distributor. Independent distributors widen the choice if supplies are tight; in the US they should be members of IDEA (Independent Distributors of Electronics Association). For UK distributors, look for membership of the United Kingdom Electronics Alliance. The last option is to go to small, unlicensed distributors, but they bring the greatest risk of exposure to counterfeit components.
The UK MOD has developed some useful tools to help electronics companies in fighting the threat of counterfeit components. These are based on DEF STAN 05-135 Fraudulent and Counterfeit Materiel Avoidance Defence Standard, released on 10th July 2014. It was devised for use by the UK MOD and its suppliers in the execution of contracts for the MOD, but is not industry sector specific and can also be used by other organisations in other industries. It requires suppliers to demonstrate the appropriateness of their risk assessment, arrangements, supply chain management and understanding of the criticality of the materiel they supply.
In assessing compliance with DEF STD 05-135, users can refer to a Counterfeit Avoidance Maturity Index, which provides detailed questions to ask suppliers about their component handling practices and systems. A supplier’s response reveals how mature it is in any given aspect of counterfeit avoidance.
For example, one question is: ‘How has management intent or policy on counterfeit avoidance been defined?’ A Level 0 or Immature answer would be ‘Information has not been considered or defined’, while at the other extreme a Level 4 or Mature answer would be ‘Evidence exists demonstrating that published information has improved over time, incorporating industry good practice.’ Intermediate levels include:
- Level 1 (Minimal)
- Level 2 (Improving)
The Matrix comprises an extensive set of questions covering policy statement, competence, training and awareness, purchasing, test and verification, and control and reporting of non-performing materiel. Accordingly, a supplier’s answers to these questions will provide a global yet detailed view of their maturity or competence in screening out counterfeit products. Equally, users can utilise the Matrix to assess and reveal shortcomings or areas for improvement within their own organisations.
From the above, we can also see that test and verification has a role within counterfeit avoidance strategies. ICs, like any other component, should be visually inspected for damage, modifications and poor packaging or suspect paperwork. However, even the most careful inspection will only screen out counterfeits that give themselves away visually; it takes an electrical test to confirm whether visually acceptable chips actually function as their markings suggest – and do so within their manufacturer’s specifications.
One approach is to use a functional test; applying logic inputs, for example, and checking that outputs correspond in accordance with the logical truth table expected of the chip. In some situations, functional testers are essential, but they have a couple of disadvantages. Firstly, they are expensive, with a tester typically costing in the region of £50,000. Secondly, although they detect gross problems, such as a wrong logical function, or no function at all, they cannot reveal more subtle, ‘out of tolerance’ issues – which can be extremely effective indicators that a component is counterfeit. This issue can arise, for example, with older-technology IC families, which sometimes offered different speed variants of common functional library models. Conventional testing equipment with this level of speed test capability would be extremely expensive.
Sentry as a counterfeit avoidance tool
By contrast, the Sentry is a more affordable benchtop device that uses an advanced form of VI testing on any IC chip to determine its electrical characteristics or ‘signature’ (Figure 2). VI testing is about applying a voltage waveform between two IC pins and measuring how the current drawn changes as the applied voltage varies. This response is directly related to the nature of the device, its internal structure and the manufacturing processes it was subjected to. A crucial advantage of Sentry is its VI Matrix test which exercises every possible pin combination on the IC under investigation. This provides more insight than simpler systems that are restricted to testing between pins and ground; this only checks the characteristics of the input/output protection part of a device. By contrast, the Sentry’s Matrix VI test checks the device’s internal structure. This can reveal differences between more of the devices with different functionality but similar technology. For example, a chip that had been remarked as another of different function but with the same input/output pinout would be captured by this test. Overall, the Matrix VI test yields richer, more informative data than the more limited pin to ground test.
The set of VI characteristics captured by Sentry, known as PinPrints, become the unique signature for the device – but how can they indicate whether the IC is good, or a counterfeit? The answer is that the Sentry is set up first by testing a known good device and obtaining its signature. The signatures of incoming, unknown chips are compared with the known good version to check for discrepancies. Small variations are likely to indicate that the chips are from different manufacturers, or possibly different batches from the same manufacturer. Larger differences, however, would suggest that the chips are faulty or counterfeit. Sentry can be tuned for each IC type by setting tolerances that define the point at which a tested device is deemed ‘bad’.
If no reference devices are available, two alternative solutions exist. Firstly, reference data can be exported from other users’ machines or libraries, and imported into the Sentry’s database. Otherwise, testing can be done across the batch; if there is any variance then the whole batch becomes suspect and should be rejected. Also in this scenario, if a whole batch of devices with no internal die is being checked, it is easily spotted and will be obvious from the lack of an ‘active’ characteristic - all pins will show the straight line ‘null response’ of an open-circuit.
Sentry can be set up in hardware terms as well, as it accommodates all types of components, from simple two-pin devices to more complex packages including:
- Dual In-Line (DIL)
- Small Outline Integrated Component (SOIC)
- Small Outline Package (SSOP, TSOP)
- Plastic Leadless Chip Carrier (PLCC)
- Quad Flat Pack (TQFP, PQFP, LQFP)
- Ball Grid Array (BGA)
Adaptors are available for all these packages; additionally, custom adaptors can be designed on demand.
Once set up, the Sentry can be located in the Goods Inwards area, where it provides a quick and easy test resource with minimal technical expertise needed. A user interface is provided by connecting Sentry to a standard desktop or laptop PC. This requires only a limited number of user actions and displays simple results (Figure 3). Each chip’s test result is either Good, Bad or Suspect. New device types arriving for inspection can easily be added to the Sentry’s library by typing in a few reference details and then initiating an automated PinPrints scan.
The Sentry’s ease of use for Goods Inwards inspection does not preclude its flexibility for advanced users such as high level technicians and engineers. Scan profiles – sets of electrical parameters that are applied to the device under test – can be specified, as well as changing the choice of reference pin. Through more detailed analysis of the information made available by Sentry, engineers can find the root of the fault and discuss this with suppliers, in addition to rejecting an IC on a GO/NO GO basis. Custom reports can be generated, for use as evidence as well as traceability of data.
Test information gained or imported for different IC chips can be aggregated into a common database for the entire organisation, and shared with suppliers or customers if appropriate. Additionally, Sentry can store sets of device-specific documents such as text files, spreadsheets, PDF datasheets, web pages and images. These support visual inspection and checking for compliance with technical data; important weapons in the war against counterfeits.
These more advanced features give users a choice – their Sentry detectors can be employed entirely for Goods Inwards inspection, or they can be deployed more widely across the organisation to make a higher contribution to its overall counterfeit avoidance strategy.
The threat of counterfeit components is not going to disappear; the evidence suggests it will continue to grow for the foreseeable future. However, organisations can protect themselves by being carefully selective in choosing suppliers, and by setting up and effectively managing a robust counterfeit avoidance strategy. The Sentry counterfeit IC detector can perform as a highly cost effective component within this strategy, helping users to screen out bad ICs on arrival while continuously building their knowledge and database of counterfeit parts.
Contact Details and Archive...