Fighting the Fakes: Algorithmic Security Combats Counterfeit
Source: Tom Bush

Battery counterfeiting is increasingly becoming a global problem. The ubiquity of portable devices, from everyday electronics, such as smartphones and digital cameras, to more specialized equipment such as medical, industrial and security apparatus, has resulted in the growth of this copycat market. Improvements in global logistics have made these batteries readily available at the click of a button. Here, Tom Bush, electronics engineer at Accutronics, explores the world of counterfeits and looks at algorithmic security, a new method being used to fight the fakes.

The question is not whether you own any counterfeits, but how many. Recent estimates by the research organization IHS, show that over 10 percent of all electronics in the global supply chain are counterfeits. From entirely cloned products, to devices with subpar internal components, counterfeiting costs the electronics industry around $100 billion in product sales and is showing no signs of slowing down.

So why the rise? Demand in recent years has exploded with the mass popularization of portable electronic devices. In a post-PC era, tablets and smartphones have become the norm. Original equipment manufacturers (OEMs) now cater to the consumer taste for devices with varying screen sizes, higher power requirements, lower weight and ever-thinning dimensions.

This growth has not been limited to the consumer market either. Critical areas of the defense and security industry demand high quality, accurate batteries for portable communications, night vision goggles and rugged computers. Equally, the medical and healthcare industry, as a result of the spike in global population, has experienced a drive in demand for portable products. From ventilators and X-Ray machines to endoscopy recorders and remote patient-monitoring units, these devices often use backup batteries to substitute mains power, which is especially useful in developing countries.

Driven by the sheer variety in the marketplace, traditional battery development has moved from standardized, off-the-shelf battery designs, to more fragmented, nearly bespoke design cycles. This new system has prospered in the era of advanced supply chain management and Web 2.0. Highly efficient distribution channels paired with a highly transparent communication process means that the shipped-unit cost is minimized.

Although intended to improve the dissemination of legitimate products, this same system has been exploited for the proliferation of counterfeit batteries. Readily available online at the click of a button, these highly convincing copies of genuine units can be purchased by consumers, medical professionals and military officials at a fraction of the cost. This is possibly traced to the lack of necessary testing and component quality-control measures.

However, anyone thinking of grabbing a bargain would be advised to swiftly dismiss the notion. In order to maximize profits, manufacturers of counterfeit batteries usually take a variety of shortcuts to undercut genuine OEMs on price. Although Lithium-ion (Li-ion) batteries provide some of the highest commercially available energy densities, the cells in these batteries must be protected to prevent them from becoming volatile.

The safe production of authorized batteries includes the use of protection circuits to safeguard against over-charging, over-discharging and over-current. Circuit breakers and safety vents are used to ensure that these mini powerhouses maintain ongoing stability during harsh usage. It is precisely the lack of these safety measures that makes counterfeit batteries so dangerous, giving rise to incidents such as battery swelling and even fire or explosion in extreme cases.

Many organizations have sought to tackle these copycat batteries using a range of measures. In 2003, after more than 5 million counterfeit batteries were seized throughout the EU, Nokia announced that it was rolling out hologram labels, similar to those found on paper money. Comparably, Kodak developed a traceless system of invisible ink labelling. Governmental clampdowns at customs entry and exit points have also attempted to curb the tide.

Battery counterfeiting is becoming a global problem. The ubiquity of portable devices has resulted in the growth of a copycat market. A new method, coined as algorithmic security, is being used to fight the fakes.Battery counterfeiting is becoming a global problem. The ubiquity of portable devices has resulted in the growth of a copycat market. A new method, coined as algorithmic security, is being used to fight the fakes.While these measures address the front end of counterfeiting, they do little to provide a compelling deterrent to the initial manufacturing stage. It is for this reason that companies such as UK based Accutronics have worked closely with OEMs to tackle this problem head on. Initially developed in the USA, algorithmic security uses advanced computer cryptography to ensure that only authorized batteries can be used in any given device.

The secure hashing algorithm, SHA-1, developed by the US National Security Agency (NSA), works with any piece of plaintext, that is, any unformatted alphanumeric text. This 'message' is fed into SHA-1, which begins to break down the decimal data into binary data. The hashing function of the algorithm then maps these bits of data to a standard length of 32-bits long. This is called a “word”. Each word is then assigned to its equivalent hexadecimal character. In this way, a message of any length, put into SHA-1, results in a standard 40 digit (160-bit) output message, called the 'message digest'.

The unique quality of using SHA-1 is that even a single character difference in the initial message will result in a completely different message digest. Due to the hashing nature of the algorithm, it is impossible to produce the same digest from two different messages and the process cannot be reversed to reveal the plaintext.

So how is SHA-1 used in securing batteries? The battery manufacturer starts by randomly generating a 20 digit authorization key. This is the message. During battery assembly, this key is written to the flash memory of the integrated circuit (IC) using SHA-1. The IC forms part of the battery's fuel gauge. Once this part is sealed, it is no longer read/write accessible and so becomes permanently contained.

OEM customers are given a copy of the authorization key, which is held by the host device. Each time a battery is attached to the host device, the host sends a unique challenge to the battery to perform a calculation on the key stored within it, using the SHA-1 algorithm. Both the battery and the host proceed to perform the calculation within 100ms, logging the results in the system management bus (SMBus) of the battery. The host device then compares the two digests and reports on whether the battery is authorized or fake.

Depending on the application, OEMs can choose what action to take when a fake battery is detected. The device could present a simple pop-up alert on screen, it could redirect to a website, report back to the OEM, or even be programmed to power-down if a fake battery is detected. The level of severity is for the OEM to decide; powering down may be appropriate for consumer devices, but may prove unethical for a life support ventilator in medical applications, where a fake battery is preferable to no battery at all.

As well as eliminating counterfeit batteries, algorithmic security also has traceability benefits for OEMs and vendors. Batteries from each supplier can be assigned with different sets of keys. The host device can be programmed to work with only an authorized list of keys. By doing this, faulty batches can be identified easily and quality can be maintained.

As with any system, it is only as strong as its weakest link. While SHA-1 is almost unbreakable, human error plays a big part in completing the security circle. If authorisation keys are leaked or stolen, it may compromise the current circulation of authorized batteries.

To date, battery technology has advanced slowly. Algorithmic security is the first viable weapon for the industry to clean up counterfeits. An improved awareness of the risks posed by fake batteries, along with an improved infrastructure and collaboration on promoting algorithmic security, could give the industry a fighting chance at finishing the fakes.