Securing the Future with Trusted Traceability and Blockchain

Article By : Alan D. Porter, Siemens

The world runs on semiconductors. But semiconductors run on trust.

Our world runs on semiconductors, operating everything from F-35 fighter planes, cell phones, medical devices, and smart buildings. But semiconductors run on trust, and nothing is more important than being able to trust the data and devices that protect our privacy and our security.

Unfortunately, our world is struggling with an erosion of trust right now. Counterfeiting, backdoors, malicious code, and cyberattacks have shaken public confidence in the supply chain for electronics and smart products. In addition, critical chip shortages that occurred during the COVID–19 pandemic revealed the fragility of U.S. dependence on global supply chains, even raising concerns about national security. Some critical factors have come to light as a result:

  • Approximately 10 percent of components that reach an electronics manufacturing service line are compromised, whether they be counterfeit, refurbished, or damaged.
  • In today’s complex global supply chain, components for a single semiconductor chip can travel 25,000 miles to numerous specialized contractors before they are ready for installation, according to research from the Global Semiconductor Alliance and Accenture.
  • Data and devices are so complex that audit trails have become daunting tasks.

Since trust is critically important to all of us, our industries, companies and governments must find a way to restore it. What could be more important? That’s what traceability is all about.

How does traceability work?

To restore trust, it’s important to practice zero trust. This might sound contradictory at first, but it really isn’t. By practicing zero trust, you will need to always verify the truth. And verifying the truth requires traceability.

Traceability is the ability to trace a device’s current status back to its point of origin, providing an audit trail or genealogy. As the device’s history is traced back to the beginning, critically important information about its lifecycle will be available:

  • Who supplied the device to an OEM?
  • Is the device built to spec as designed?
  • Is the device genuine, or has it been tampered with?
  • If the data has been altered, who did it and why?

If the trace finds that a device isn’t built to spec, or can’t perform as intended, customers need to know the truth. If it’s found that the device has been tampered with, or is a counterfeit, it can cause very serious issues when those devices are used for many critical applications.

In the case of medical, aerospace, and automotive applications, device failure can have devastating consequences. That’s why traceability must be enforced by secure software systems that can verify the authenticity of devices and data over the course of a product’s entire life. Once the data is verified by traceability, only then can it be trusted.

What is trusted traceability?

Traceability is simply an audit trail or genealogy. Trusted traceability, however, is an audit trail with data provenance, which raises its credibility up to the level where it can truly be trusted. Our goal should always be to achieve trusted traceability on a consistent basis.

In national security considerations, the critical need to provide measurable verification of device authenticity is clearly seen in the evolution of policy at the Department of Defense (DoD), which has made the need for semiconductor traceability a priority in technology used for national security. That’s why the National Defense Authorization Act for Fiscal Year 2021, Section 9905, provides funding “to support the development and adoption of measurably secure semiconductors and measurably secure semiconductor supply chains.” As a result, semiconductor companies doing future business with the DoD will need to take measurable traceability very seriously.

In the food and beverage industry, significant progress is being made to provide trusted traceability for ingredients from farm to table to safeguard the supply chain. The development of innovative blockchain technology has equipped the industry to tackle challenges such as recalls due to contamination, counterfeiting, as well as meeting new consumer trends. Previously, the challenges of collecting and transferring data to the blockchain were technically daunting. But with the growing prevalence of internet access, cloud computing, and the decreasing cost of the Internet of Things (IoT), it’s now possible to effectively generate, manage, communicate, and verify the essential data.

Restoring trust takes a global village

Ultimately, the restoration of trust will require a collective effort by stakeholders across industries, corporations, government agencies, and standards organizations. Restoring trust, however, requires that the genealogy of the component, the intellectual property (IP) and the chip be completely traceable to verify that as–designed product specifications match as–built realities.

A typical semiconductor company may have more than 16,000 global suppliers, so achieving traceability can be extremely difficult. Traceability is made even more difficult by the vast amount of data generated by a semiconductor and its ecosystem over its lifecycle. With blockchain technology’s potential benefits, help is on the way.

Architecture concept for a trusted supply chain solution

The benefits of blockchain technology

Blockchain functions as a digital ledger hosted by a decentralized peer–to–peer (P2P) network that keeps a digital record of transactions as discrete blocks that are cryptographically linked as a chain of information. Thanks to the decentralized P2P network, the risks associated with storing data in a data center or on a server don’t apply to blockchain as there are no failure points to be exploited.

When a new block is added to the blockchain, it’s linked to the previous block so that the chain is never broken, and each block is permanently recorded. Changes must be approved by all network participants, which makes blockchain tamper proof, as well as extremely secure and accurate as a data repository.

Blockchain technology also brings many strong capabilities to IC traceability and security:

  • Provides gate–to–gate traceability of all data, IC components, materials, and logistics.
  • Makes stored data immutable for uncompromised security and data integrity.
  • Facilitates the formation of secure supply chain networks that manufacturers can trust, while using data to identify non–conforming vendors.
  • Protects against counterfeiting; each product is registered on a blockchain registry with a unique ID and key attributes to ensure originality.
  • Ensures protection for IP.
  • Provides government agencies access to mission critical semiconductor and electronics information, while ensuring that components are safe, trustworthy, and reliable.
  • Ensures uncompromised support for forensic processes used in root cause analysis.

The adoption of these blockchain innovations can help bring us into a future that is far more secure.

What needs to happen next to unleash blockchain’s potential?

The first companies that embark upon this journey will be laying the groundwork for standards going forward. As always, being the first may be a bit daunting, but also rewarding in that influencing the future of blockchain in the most positive direction will benefit them as leaders in the industry.

Ultimately, it will be beneficial for a broad representation of global IT stakeholders and standards organizations to work toward establishing blockchain benchmarks that communicate and clarify expectations across the industry. Standards will go a long way to help ensure consistency and success with reliable use cases.

Once blockchain data communications standards for interoperability across the entire supply chain are in place, each industry will need to come together to establish rules of the road for its specific domain. Industry segments such as medical devices, electronics and semiconductors, aerospace, automotive, IoT and others will likely form their own blockchain networks with the OEMs, fabs, suppliers, contract manufacturers and product design collaborators who comprise their supply chain. Each network will likely be supported by unique industry algorithms and protocols.

Clearly, much work is ahead for the global community of IT stakeholders. The job of establishing standards and procedures will require a major effort and considerable investment, but the cost of not making this effort to restore trust would be far greater.

Once key stakeholders in each industry can fully access their own blockchain network to verify data and device integrity, the tide will turn, the erosion of trust will subside, and a new era of trusted traceability will begin — for all of us.

This article was originally published on EE Times.

 

Subscribe to Newsletter

Leave a comment