Blockchain Attempts To Secure The Supply Chain

Blockchain technology is starting to be deployed more widely In the battle against counterfeiting, often coupled with component IDs to allow device authentication.

Securing the supply chain is a complex challenge, particularly as more IP from more vendors in more locations makes its way into chips, packages or even systems. Being able to attest to the history of the device to prove its provenance and chain of custody is essential to make sure quality is consistent and that chips only do what they are supposed to do, and nothing more.

“With blockchain, trustees can look at who did what in the supply chain and how those things came into the value chain,” said Tom Katsioulas, head of trustchain business at Mentor, a Siemens business.

But blockchains, especially when used for individual systems, can involve an enormous amount of data. How that data is optimized and how the load on validators is managed are key elements to be worked out as interest in this field grows. And not everyone sees blockchain as inevitable in the future.

More than just identity
Counterfeiting is a real and growing problem. “We have several customers who are very concerned about counterfeiting and other security issues, and they are thinking of multiple ways to secure their ICs and systems,” said Geoff Tate, CEO of Flex Logix.

This is partly the role of identity, but identity may not be sufficient without the further knowledge of the history of the item. And that history can involve an enormous range of considerations. How much to include must balance the cost of tracking and storing data about huge numbers of individual components and systems against the consequences of having too little historical information.

“Blockchains provide a convenient means to permanently record transactions, and they have application to the provenance of components,” said John Hallman, product manager for trust and security at OneSpin Solutions.

Dave Huntley, business development at PDF Solutions and co-chair of three SEMI committees/task forces, elaborated further. “When a new asset like a package is assembled, it is enrolled as a brand-new asset on the blockchain, along with its bill of materials,” he said. “You now have a genealogy, and you could take a module from a car, open it up, figure out the printed circuit board and slide it out, open that up, look at the packages inside, open one of them up, and look at the die inside. And every step of the way, you could be pinging the identifier and issuing a ‘verify’ transaction.”

These histories are often seen as being of greatest value in retrospect, mainly for traceability. But they also can help prospectively. If an item is transported from one place to another, for instance, the departure and arrival can be logged, and it can establish the chain of custody for acceptance at the new location.

“It’s also useful in certain kinds of compliance environments,” said Logan Spears, CTO of Sixgill. “We have a pilot with a company that does clinical trials, where there’s a high incentive to mess with the data and support the conclusions that you want to support. But having a mathematically verifiable way to say, ‘Hey, that’s not the case,’ adds value.”

Blockchain technology, most commonly associated with cryptocurrencies, provides one way of accumulating a history. While not everyone is convinced that blockchain is the future for supply-chain management, it appears to be the only mechanism that has achieved some commercial traction, mostly outside the semiconductor industry.

A blockchain is a ledger, much like a bank book, but it has two critical characteristics for helping to establish trust — It’s distributed and it’s immutable. Because this technology may roll out in the future for electronic systems, much of what follows deals with what is possible rather than the exact way that blockchains would roll out. There are many design decisions that must be made individually for each application.

Blockchain isn’t new, of course. Spending on blockchain technology is forecast to grow as much as 50% in 2020 as compared to 2019. Its use for managing the supply chain is also not new. Data from IDC shows that around 22% of blockchain usage lies in manufacturing. Silicon manufacturing is not yet a part of that number.


Fig. 1: Industry usage of blockchain technology. Data source: IDC

Distributed ledger
The fact that a ledger is distributed means that it’s not stored in one central location. Instead, the entire ledger is replicated many times in many places in a network. New entries to the ledger must be approved by a form of “consensus” among the various nodes of the network. Only if the transaction is approved by some threshold percentage of the nodes will the entry be permanently placed on the ledger.

The idea here is to protect the ledger from being attacked or manipulated. The assumption is that as long as there are many nodes, then no one can interfere with enough of them to affect the contents of the ledger. Bogus entries would not hit the threshold for approval, while legitimate entries couldn’t be blocked. That means networks must be very large to make any such attempted interference mathematically improbable.

The approval of a transaction happens algorithmically on computers. It’s not that the owners of the computers personally intervene in the decision. Computers remain online and process work that’s sent to them. Exactly what that work might be will vary both by algorithmic decisions and by the type of network chosen.

There are two kinds of networks — permissionless (or ‘public’) and permissioned (or ‘private’ or ‘consortium’). In a permissionless network, the members are anonymous, and anyone can join or leave. In order to reduce the opportunities for mischief, each approval must be accompanied by some type of task. For Bitcoin, it was a “proof of work” — solve a really hard problem. That’s an energy-intensive approach, so alternatives are being explored.

Permissioned networks, by contrast, use only members that have been explicitly approved for participation. This can reduce the workload required when approving entries, which can be a benefit for making enormous numbers of transactions efficient and for saving energy. The details of the approval processes can be rather involved, which makes it important that it all works smoothly, with no need for participants to understand the details of what’s happening in the background.

Various companies have commercially available blockchain offerings. Some companies may have different network structures for different applications. Those networks come with the consensus participants in place. It’s not necessary to create a new consensus network for each application.

Immutability
The other key characteristic of a blockchain is that it’s considered, or at least intended, to be “immutable.” Once an entry is approved, it cannot be changed. With a well-managed bank book, one doesn’t change an entry by crossing out the old numbers and writing in new ones. Instead, the old numbers remain and an adjustment is added as a new entry to preserve the history. Of course, with a bank book, one is relying on a human to follow procedures. With blockchain, the structure itself is intended to provide immutability.

This is accomplished using cumulative hashes. With each new entry, a hash is added to the ledger. But it’s not simply a hash of the new entry. The hash includes the hash following the prior entry. That hash, of course, includes the entry prior to that, all of the way back to the very first entry. In other words, the last hash of the ledger incorporates the entire history of the ledger. If you go and change a past entry, then it’s not enough to change the hash for that entry to cover one’s tracks. Every hash following that one would have to be changed, which is a daunting task. It also would put that particular copy of the ledger out of sync with others on the network.

So it’s while it’s possible to change an entry, it’s nearly impossible to do so undetected.

A wide range of possible things to include
The number of possibilities for information to be included in a ledger is enormous. Safety-critical and other high-security applications may apply many of them. Lower-value systems may use less. But there are numerous opportunities for inclusion before, during, and after a unit is manufactured. “The recording of transactions could be done for basic data or with more complex data, like design information, verification results, process information, parameters, or test information,” said OneSpin’s Hallman.

Each device’s history starts with design. Exactly how that design process is managed will vary according to the device. “You’re going to have RTL design, and you better be able to trace every step in the process,” said Mentor’s Katsioulas. “And you can do that with blockchain.”

A semiconductor chip will follow a particular tool flow, and the tools used, along with verification results, can be entered onto a ledger. Any individual unit could then incorporate that design ledger to attest to the completeness and correctness of the design. This might seem pedantic, but it could help in situations where an initial design is modified. A given unit would then be attributable to either the old or new design, which is useful information for failure analysis.

While the design history is inherited by all units built from that design, manufacturing establishes a history for each individual unit. Each manufacturing step can be entered, along with results from metrology and tests. “It’s not just the product, but also the tooling that made the product so that the audit trail can go all the way from the end consumer use case, through the product, through the logistics of the product, through the tooling for the product, all the way to the origin of all the materials, whether that was from the supplier or done in-house,” said Chris Kaufield, CFO of Alitheon.

Manufacturing applies to individual components themselves, their assembly into boards and sub-systems, and final integration into a full system. “You start your process of assembling the board with resistors, capacitors and chips, where the assembly process is potentially traced using blockchain technology,” said Katsioulas. “You capture all the metadata for what goes in/what goes out.”

Most of this is automatic. “You enroll the device when it first powers up,” said Huntley. “So then the world becomes aware on the blockchain that this device has been born into the world with a unique ‘DNA.’ And you put that DNA into the blockchain as a combination of the identifier and the challenge response pairs you need to be able to validate it in the future. The company that does that is saying, ‘I built this thing, and I say it’s real.’”

All components can be verified and recorded either by identity or by lot. “A box full of tape-and-reels could be considered as an asset record on the blockchain,” Huntley explained. “A board manufacturer would open up the box, and then they would put the reel on, load a package off that reel, and read the package ID. They could verify that the package ID did belong to this reel. So who put the reel in the box, who put the package on the on the reel – those things could be identified.”

The need for manufacturing throughput, however, can limit what can be done during assembly. The verification steps might be done only when tracing back the provenance of the materials in a forensic operation.

Component authentication also can be recorded. Alitheon mentions, for example, that it can validate a component used in an assembly at any step of the process. The “feature print” being captured can be entered onto the ledger – or at least the fact of taking the feature print and confirming its validity. This can help to establish a chain of validation events in the event that, for instance, one component is removed from a system and replaced by another. At some point, component authentication will fail, and the ledger can help to determine where that change happened.

One challenge is that such manufacturing data is often closely guarded, both by the foundries and by the companies owning the devices. “All that data is private. Nobody wants to share it,” said Huntley. “The only data you will get back is going to be based on the contract you have with that supply-chain partner. He’s not going to give you all the data. He’s going to give you what you’ve agreed to, and there’ll be systems in place that guarantee the security of that data exchange.”

Goods may be transported between fabs during manufacturing or between warehouses afterward. While steps are being taken to thwart tampering while a unit is en route, recording the transaction further establishes the chain of custody.

“When a wafer ships, they will record the fact that the wafer itself is an asset, that they’re shipping this way, and that it contains all these dies with all these other assets,” said Huntley. “It also can include the fact that it’s now departing from this location and headed to that location, recording the GPS coordinates. And, most recently, a lot of people are putting an odometer onto the device too.” Transfers between handlers or vehicles also could be recorded, including final receipt at the destination.

There’s another possible event to be recorded in association with transport, as well. When a silicon wafer, for example, moves from a foundry to an assembly house, it changes location, but it doesn’t change ownership or “title.” In contrast, when a finished unit is transferred to a sales warehouse, ownership may change, depending on how the sales process is structured. “There’s another transaction that has to do the ownership stake,” he said. “When it gets packaged and sent to a distributor, then there is a release of ownership transaction on the blockchain, and then an acquisition of ownership.”

Manufacturing is followed by the operating life of a unit. Where that starts is subject to interpretation. Enrollment could happen at first power-up during the testing of the system, or it could happen upon first power-up by the end customer. In fact, these could be independent events, with both of them being recorded.

Going forward, any number of events could be recorded, including:

  • Powering on and off;
  • Internal software and hardware attestations;
  • Network authentications;
  • Major operational events, which would depend on the application;
  • BiST or monitoring events and results;
  • Errors or warnings;
  • Changes of location;
  • Changes of user;
  • Servicing events, even calls for support if the support system were linked in, and
  • Changes of ownership.

Finally, there’s the end of the useful life of the system, at which point the unit is decommissioned. But just because someone is done with a unit doesn’t mean it no longer can be used. It might have been replaced with a newer model, or it might have been broken and tossed, with someone else trying to repair it. It might contain components that could be removed and re-used.

Some regions require the ability to re-use, remanufacture, or recycle systems and components. How that affects the ledger may be complicated. A simple change of ownership is straightforward, assuming that it’s recorded. But a repair could be treated as yet another step in the life of the system, with one component — and its history — being replaced with a new component, which would come with its own history.

Salvaged parts from a defunct unit might work the opposite way, where the component and its history would be detached from that of the original unit, which ceases to “exist”, and it may join a new system and become part of that system’s history.

The following image shows what would be possible if everything were captured in blockchains. Given the number of components in a sub-system and the number of sub-systems in a system, this can become extremely verbose extremely quickly. That’s where blockchain design decisions will decide what is important and what isn’t.


Fig. 2: An extreme illustration of a complex of blockchains. Each system shares a design, but incorporates individual sub-systems. Those sub-systems each have a design and incorporate components, each of which has a design and a manufacturing history. Repairs and salvaging can extend the web of relationships. How much of this is incorporated into any specific system is a blockchain design choice. Different blockchains may use different technologies. Source: Bryon Moyer/Semiconductor Engineering

In the figure above, the design of one component may use a different brand of ledger from the manufacturing of a sub-system or the run-time history of the full system. For this reason, there are some standards in other industries that define the syntax and semantics of the entries so that the data can be meaningfully exchanged between blockchains. “Having all ecosystems speak the same language is important,” said Kevin Otto, senior director, community engagement at GS1, an organization involved in blockchain-related standards.

Blockchain challenges
It’s unlikely that a unit would have every such event logged due to the volume and size of the ledger (bearing in mind that, in theory, every individual unit would have its own enormous ledger). So data storage and communication — and securing both — may limit exactly which of the events are important enough to track.

The tracking also adds friction to flows that are constantly under pressure to become simpler and more efficient. For example, a consumable medical item today would simply be trashed when its use was complete. Having to log that end-of-life event adds another step that’s likely to be omitted, breaking the completeness of the ledger.

Likewise, when units go from manufacturing to sales, they can be tracked when moving through the official channels – but unofficial channels may be a problem. “Blockchain works great when it comes to franchise distribution,” said Uri Elhav, marketing and business development at Cybord. “But when you step into the broker, the spot market, it’s a whole different story. And unfortunately, people go there.”

For these reasons, blockchain processes work best when automated. The recording step then takes no extra effort. But that also assumes few or no escapes into a gray market of questionable authenticity.

Then there are questions about whether or not a system can be gamed. Permissioned networks in particular may have fewer nodes than a public network. “Could a nation-state mount some vast distributed attack on a ledger in order to invalidate it or manipulate it in a way that enables them to do things like fielding invalid devices?” asked Alric Althoff, senior hardware security engineer at Tortuga Logic. If the ledger becomes corrupted, would that corruption then remain in place forever? If detected, could it ever be fixed?

Finally, there’s the reality of the moment. While various industries are taking up the blockchain solution, semiconductors – for design or manufacturing – aren’t among them. “There’s been no involvement in our area of the industry with blockchain,” said Simon Rance, head of marketing at ClioSoft, a company heavily involved in design-data management. “We have customers, from FPGA design to analog PCBs, all the way to telecom companies, and companies doing consumer products, and none of them is even inquiring about blockchain. Where blockchain is getting a little bit more traction is in the manufacturing areas.”

So blockchain has proponents and cautious doubters. “We’re very excited about blockchain,” said Tortuga Logic’s Althoff. “But we have to decide whether a distributed ledger is really what we want,”

Conclusion
The cost and efficiency of so much tracking may limit the kinds of systems that maintain a thorough history. In an era where there appears to be no such thing as too much data, it remains to be seen whether blockchain is taken up only for sensitive systems, or whether it becomes business as usual across the board.

“I don’t think blockchain will fix everything, but at least it starts to create that dialogue, because everybody’s wanting to head in the same direction,” said Michael Ford, chair of IPC-1782, -2591, and -2551 committees for the IPC.

Even so, Huntley is keeping his eye on this prize. “We can’t completely prevent counterfeits, and we can’t completely prevent security breaches,” he said. “But we can detect them quickly. And we can track them, find the bad actors quickly, and punish them.”