Neil Oliver of Accutronics explores the world of counterfeits and looks at algorithmic security as a new method used to erradicate the fakes.
Battery counterfeiting is increasingly becoming a global problem. The ubiquity of portable devices, from everyday electronics, such as smartphones and digital cameras, to more specialised equipment such as medical, industrial and security apparatus, has resulted in the growth of this copycat market. Improvements in global logistics have made these batteries readily available at the click of a button.
The question is not whether you own any counterfeits, but how many. Recent estimates by the research organisation IHS, show that over ten percent of all electronics in the global supply chain are counterfeits. From entirely cloned products, to devices with sub-par internal components, counterfeiting costs the electronics industry around $100bn in product sales and is showing no signs of slowing down.
Why the rise?
Demand in recent years has exploded with the mass popularisation of portable electronic devices. In a post-PC era, tablets and smartphones have become the norm. Original Equipment Manufacturers (OEMs) now cater to the consumer taste for devices with varying screen sizes, higher power requirements, lower weight and ever-thinning dimensions.
This growth has not been limited to the consumer market either. Critical areas of the defence and security industry demand high quality, accurate batteries for portable communications, night vision goggles and rugged computers. Equally, the medical and healthcare industry, as a result of the spike in global population, has experienced a drive in demand for portable products. From ventilators and X-ray machines to endoscopy recorders and remote patient monitoring units, these devices often use backup batteries to substitute mains power, which is especially useful in developing countries.
Driven by the sheer variety in the marketplace, traditional battery development has moved from standardised, off-the-shelf battery designs, to more fragmented, nearly bespoke design cycles. This new system has prospered in the era of advanced supply chain management and Web 2.0. Highly efficient distribution channels paired with a highly transparent communication process means that the shipped unit cost is minimised.
Although intended to improve the dissemination of legitimate products, this same system has been exploited for the proliferation of counterfeit batteries. Readily available online at the click of a button, these highly convincing copies of genuine units can be purchased by consumers, medical professionals and military officials at a fraction of the cost. This is possibly traced to the lack of necessary testing and component quality control measures.
However, anyone thinking of grabbing a bargain would be advised to swiftly dismiss the notion. In order to maximise profits, manufacturers of counterfeit batteries usually take a variety of shortcuts to undercut genuine OEMs on price. Although Lithium-ion (Li-ion) batteries provide some of the highest commercially available energy densities, the cells in these batteries must be protected to prevent them from becoming volatile.
The safe production of authorised batteries includes the use of protection circuits to safeguard against over-charging, over-discharging and over-current. Circuit breakers and safety vents are used to ensure that these mini-powerhouses maintain ongoing stability during harsh usage. It is precisely the lack of these safety measures that makes counterfeit batteries so dangerous, giving rise to incidents such as battery swelling and even fire or explosion in extreme cases.
Many organisations have sought to tackle these copycat batteries using a range of measures. In 2003, after more than five million counterfeit batteries were seized throughout the EU, Nokia announced that it was rolling-out hologram labels, similar to those found on paper money. Comparably, Kodak developed a traceless system of invisible ink labelling. Governmental clampdowns at customs entry and exit points, have also attempted to curb the tide.
Detering the counterfeiters
Whilst these measures address the front end of counterfeiting, they do little to provide a compelling deterrent to the initial manufacturing stage. It is for this reason that companies such as UK-based Accutronics, have worked closely with OEMs to tackle this problem head on. Initially developed in the US, algorithmic security uses advanced computer cryptography to ensure that only authorised batteries can be used in any given device.
The secure hashing algorithm, SHA-1, developed by the US National Security Agency (NSA), works with any piece of plain text, that is, any unformatted alphanumeric text. This ‘message’ is fed into SHA-1, which begins to break down the decimal data into binary data. The hashing function of the algorithm then maps these bits of data to a standard length of 32-bits long. This is called a ‘word’. Each word is then assigned to its equivalent hexadecimal character. In this way, a message of any length, put into SHA-1, results in a standard 40 digit (160-bit) output message, called the ‘message digest’.
The unique quality of using SHA-1 is that even a single character difference in the initial message will result in a completely different message digest. Due to the hashing nature of the algorithm, it is impossible to produce the same digest from two different messages and the process cannot be reversed to reveal the plain text.
So, how is SHA-1 used in securing batteries? The battery manufacturer starts by randomly generating a 20 digit authorisation key. This is the message. During battery assembly, this key is written to the flash memory of the Integrated Circuit (IC) using SHA-1. The IC forms part of the battery’s fuel gauge. Once this part is sealed, it is no longer read/write accessible and so becomes permanently contained.
OEM customers are given a copy of the authorisation key, which is held by the host device. Each time a battery is attached to the host device, the host sends a unique challenge to the battery to perform a calculation on the key stored within it, using the SHA-1 algorithm. Both the battery and the host proceed to perform the calculation within 100ms, logging the results in the System Management Bus (SMBus) of the battery. The host device then compares the two digests and reports on whether the battery is authorised or fake.
Depending on the application, OEMs can choose what action to take when a fake battery is detected. The device could present a simple pop-up alert on screen, it could redirect to a website, report back to the OEM, or even be programmed to power-down if a fake battery is detected. The level of severity is for the OEM to decide - powering down may be appropriate for consumer devices, but may prove unethical for a life support ventilator in medical applications, where a fake battery is preferable to no battery at all.
As well as eliminating counterfeit batteries, algorithmic security also has traceability benefits for OEMs and vendors. Batteries from each supplier can be assigned with different sets of keys. The host device can be programmed to work with only an authorised list of keys. By doing this, faulty batches can be identified easily and quality can be maintained.
As with any system, it is only as strong as its weakest link. Whilst SHA-1 is almost unbreakable, human error plays a big part in completing the security circle. If authorisation keys are leaked or stolen, it may compromise the current circulation of authorised batteries.
To date, battery technology has advanced slowly. Algorithmic security is the first viable weapon for the industry to clean up counterfeits. An awareness of the risks posed by fake batteries, along with an improved infrastructure and collaboration on promoting algorithmic security, could give the industry a fighting chance at finishing the fakes.