As the size of the integrated circuit (IC) industry has increased, and more ICs are fabricated off-shore, the size of the IC counterfeiting market has increased considerably. Counterfeiters are finding new and interesting ways to introduce their wares to market. IC manufacturers who fabricate ICs occupy a unique position in the IC supply chain. Intellectual property (IP) owners have to turn over their full IC design, as well as test patterns and test responses, to foundries to allow them to fabricate and test the ICs. The high cost of IP development puts the parties involved in IC manufacturing and testing in a position where it is possible to profit from exploitation of the IP they have been provided with.
One example of such would be if a foundry were to produce more ICs than they were commissioned to make, allowing them to sell these over-produced ICs for the low cost of the materials needed, without having to pay the high cost of the IP development [1]. Another example would be if they were to sell, rather than discard, the defective ICs that they have produced. It is worth noting that a defect could be subtle and difficult to detect, causing the IC to appear functional despite a known error in rare cases. Additionally, it is possible that a foundry or assembly produces an IC which functions correctly in most ways, but is in some way outside of specification. For example, an IC which cannot function at its specified frequency without exceeding some power requirement could be considered an out-of-spec IC. These types of ICs may function correctly in most ways but do not fully meet their specification.
In general, counterfeit ICs represent serious reliability and security concerns, especially with regards to secure, life-threatening, or mission-critical applications [6]. Various techniques have been proposed as ways to combat IC counterfeiting over the last several years. For example, one method for detecting counterfeit ICs is for an IP owner to uniquely identify each manufactured IC and maintain each IC's ID in a database. Counterfeits can be detected by checking an IC's ID against that database, with ICs not in the database being considered counterfeit. These IDs can be as simple as a bar code sticker [7], or they can be intrinsic to the IC, being produced by exploiting the process variations found in manufactured ICs [8]. Physical Unclonable Functions (PUFs) are a class of silicon hardware structures which produce different outputs in different ICs based on the unique process variations of the ICs they are used in [9]. Ring oscillator (RO) based PUFs (RO-PUFs) [10] can produce the same kind of static, yet unique and reliable identifiers. Other types of PUF, such as the Arbiter PUF [9], use a challenge and response scheme. Use of a challenge-and-response mechanism still requires an ID database and ID checking as described above. However, this allows the IP owner to maintain a secret challenge which only they know and use to identify ICs, making it more difficult for counterfeiters to tamper with or fabricate the identifier.
Another approach to prevent counterfeiting is by requiring that ICs be “activated” by the IP owner after being fabricated by the foundry. Several “active metering” techniques aim at preventing over-manufacturing by requiring that the foundry retrieve “passwords” from the IP owner after fabricating each IC [15] [16] [19]. By requiring the foundry to disclose the existence of every IC they would like to activate, the IP owner is able to “meter” the production of ICs.
The above techniques address only part of the IC counterfeiting problem. Some basic implementations of IC identification techniques, such as the example of the barcode sticker, are easy to fake, especially if the IP owner is not proactive in their counterfeit detection efforts. Even the more technically advanced PUF-based identification techniques, while making counterfeit detection possible, do nothing to actually prevent counterfeit production. The active metering techniques described above do attempt to prevent counterfeits from ever being produced. However, these techniques do not prevent production of all types of counterfeits. This is because these techniques require that the IC be activated before the IC can be tested. The IP owner is required to provide the “key” to the IC before they know that the IC is not defective and is within specification. This may allow the foundry to sell defective or out of spec ICs, which have already been activated by the IP owner. In addition, a foundry can request more keys than necessary from the IP owner by pretending that the yield is low. Thus, the foundry can place many functional (defect-free) ICs in market.