The counterfeiting of electronic components continues to rise alarmingly. IHS iSuppli reported that, in the first eight months of 2012, more than 100 incidents of counterfeiting were reported each month. In the past six years, more than 12million parts have been discovered to be fakes.
Physically unclonable functions (PUFs) provide one way to tie a device to its mark of authenticity. Each IC is subtly different to its neighbours on wafer, even though all that make it through test will operate in the same manner. For example, internal srams have subtle biases such that, when they are first powered up, they contain a pattern of 1s and 0s that is essentially random from die to die, but which is consistent from power cycle to power cycle for that die. Repeatability can be as high as 80% under different test conditions. This pattern can be used as an unclonable device 'fingerprint' that, together with a digital certificate stored as part of the manufacturing and test process, guarantees authenticity. There are a number of requirements for the digital certificate. The first is the presence of embedded non volatile memory to store the data and a communications interface to allow the data to be read. The device needs sufficient computational capability to implement cryptographic functions in real time such that the secret value certified is never exposed. The certification circuitry is used to answer challenges with responses consistent with a public key supplied by the manufacturer to allow testing for authenticity. Hardware level security on top of these functions ensures criminals cannot probe the device. Microsemi's SmartFusion2 SoC fpgas implement all these functions, making them suitable for a strong technical anti counterfeiting solution. With the necessary hardware in place, a secret key can be injected into the device at wafer test. This is followed by injection of a digital certificate bound to the secret key at the assembly and binning stage. This process provides a certificate that has been securely signed by the OCM and which supports all downstream anti counterfeiting measures. The certificate, which can be interrogated at any point, provides traceability for suppliers and end users, providing a way of guaranteeing a counterfeit free supply chain downstream. The public data in the certificate can contain not just a unique device number, but also a model number with grading information and the assembly date code. Grading data can weed out valid parts remarked by forgers to resemble higher grade parts. The date code assists in identifying older devices that require additional screening to ensure they are new and have not been previously used. The production mechanism ensures only good devices receive a certificate, which prevents the representation of failed components as good ones. The hardware security module (HSM) at the fab logs each certificate securely, so the OCM knows exactly how many have been issued. As part of a screening process, such as checking the delivered device against the order, SmartFusion2 devices can be authenticated in a number of ways. The certificate's integrity and signature can be checked using the Microsemi public key. The certificate can be checked for listing on a certificate revocation list and the device itself can be checked to ensure that it knows the correct unique private cryptographic key and is bound correctly to the certificate. This proves the certificate belongs to that particular device and is not a copy of a certificate belonging to another device. By adopting a strong foundation of technologies for anti counterfeiting, devices such as SmartFusion2 provide the assurance of authenticity that is now needed in the forgery prone electronics supply chain – not just for the devices themselves, but also for the subsystems into which they are assembled. G. Richard Newell is senior principal product architect with Microsemi's SoC products group.