With increasingly tight export controls and growing concerns about artificial intelligence (AI) chip smuggling and counterfeiting, the supervision of the chip supply chain is facing a major change. Traditionally, tracking wafers requires employees to physically monitor the production process and follow sealed boxes all the way to their destination, but this approach is costly and prone to drawbacks, making it difficult to count millions of wafers at each stage of the supply chain. So, industry experts point out, why send people to maintain supply chains when technology can do a better job? The answer to this transition is complex and potentially politically sensitive, but the technology continues to evolve and improve.
Three Cores of Chip Positioning and Tracking
Market participants pointed out that there are currently several mature and higher-granularity technical methods for tracking the location of chips from manufacturing to their final destination:
1. Global Positioning Service (GPS) TechnologyBuilt the GPS function into the chip or multi-die package to track every movement. However, the technology can be invasive, susceptible to spoofing, and consume precious chip resources, so while adversaries don't like it, customers aren't always happy either.
2. Ping signal technologyLocate by sending a signal to the chip and returning to the tracking site. This technology has been used for data sovereignty purposes to pinpoint locations by measuring the round-trip time of pings from servers with known locations. For example, triangulation can be performed by measuring ping response times to three Google servers around the world. However, in private data centers, IP addresses can be easily spoofed, so authenticated network connections and secure processors must be added to ensure the reliability of location information.
3. GeofencingThis is a step further technology that not only verifies the approximate position of the die, but also limits or disables the behavior of the die within and outside set boundaries.
In addition, there are local verification (Local Verification) technologies, such as relying on pinging neighboring systems through digital watermarking on the chip. If a system is moved away from another system, it will know about it. This is a less invasive method that does not require precise GPS tracking to confirm whether systems sold to a specific region have been moved elsewhere.
Policy goals and technical challenges, cost, privacy and security are all difficult issuesThe advantage of location verification technology is that it can reduce trade-offs, allowing more chips to be shipped to semi-trusted countries, while ensuring that these chips are not transferred to hostile countries. Technical experts pointed out that with verification technology, it is possible to "have the cake and eat it too." But in fact, the wafer transfer problem does exist. A report suggests that AI chips shipped from Malaysia and Singapore have been passed on to Chinese startups. Although the Bureau of Industry and Security of the U.S. Department of Commerce is responsible for formulating export controls for advanced AI chips, there is almost no way to locate the chip once it leaves the shipping port, and currently relies more on the honor-based system.
However, a single approach cannot fit all situations. Solutions will vary widely based on location accuracy requirements, power consumption required to ensure the information is correct, performance and cost. In particular, embedding these tracking technologies can significantly increase chip costs. Infineon's experience, for example, shows that adding location tracking to a microcontroller can turn a $2 microcontroller into a $5 microcontroller because of minimum order quantities and higher machine usage fees. In addition, to achieve real-time tracking, radio or network technology needs to be embedded in the device, which will drive up power consumption, reduce battery life, require bulky software, and can be easily defeated by interested parties.
In addition, geofencing has caused greater security controversy. The ability to remotely power down the chip could create new security vulnerabilities and potentially allow untrusted actors to access and exploit this functionality. As a result, geofencing proposals remain controversial, while location verification is considered more feasible in the short term.
Market-driven alternatives and policiesSome companies choose to use different methods to ensure chip security. For example, Infineon uses security mechanisms built into the chip to protect devices through the entire supply chain by implanting encryption keys at the factory source. After receiving the device, the end user (OEM) must go online to obtain the certificate code (CSR) and pass the "entrance exam" to verify the non-volatile memory before taking over the Root of Trust and loading new keys and policies.
As for that, the US government has considered location verification as part of its AI and semiconductor security strategy. The relevant provisions are included in the CHIP Security Act. Burga said the AI action plan clearly calls on governments to further explore location verification. This is in line with the policy trend of the U.S. authorities to support U.S. technology exports while addressing national security issues. Experts believe that location verification is a "low-lift intervention" that can significantly improve the ability to control the whereabouts of chips in the short term, while serving the goals of export control and export promotion.
It is worth noting that the scope of supply chain considerations also extends to the end of life stage of the data center. If security assets, such as encryption keys, could be extracted from scrapped chips, it would theoretically be possible to trick a CPU or GPU into having a completely different life cycle. But despite privacy concerns, the public's perception of location services as intrusive is tied to the identity of the person asking. However, due to tightening export controls and national security needs, chip location verification technology is accelerating to become a standard equipment for supply chain supervision.