ISTFA™ 2018: Conference Proceedings from the 44th
International Symposium for Testing and Failure Analysis
October 28–November 1, 2018, Phoenix, Arizona, USA
DOI: 10.31399/asm.cp.istfa2018p0051
An Overview of Risk-Based EEE Counterfeit Part Detection
Based on SAE AS6171
Michael H. Azarian
CALCE, University of Maryland, College Park, MD USA
mazarian@umd.edu
Abstract
As counterfeiting techniques and processes grow in
sophistication, the methods needed to detect these parts must
keep pace. This has the unfortunate effect of raising the costs
associated with managing this risk. In order to ensure that the
resources devoted to counterfeit detection are commensurate
with the potential effects and likelihood of counterfeit part
usage in a particular application, a risk based methodology has
been adopted for testing of electrical, electronic, and
electromechanical (EEE) parts by the SAE AS6171 set of
standards. This paper provides an overview of the risk
assessment methodology employed within AS6171 to
determine the testing that should be utilized to manage the risk
associated with the use of a part. A scenario is constructed as
a case study to illustrate how multiple solutions exist to
address the risk for a particular situation, and the choice of
any specific test plan can be made on the basis of practical
considerations, such as cost, time, or the availability of
particular test equipment.
Introduction
Counterfeit electrical, electronic, and electromechanical (EEE)
parts have found their way into a wide array of end products,
ranging from high value/high reliability products such as
military systems and medical devices, to high volume
products including computer systems, consumer electronics,
automobiles, and industrial equipment [1][2]. The best defense
against the introduction of counterfeit parts into products is
avoidance, which requires good management of the supply
chain. Parts should only be obtained from an original
component manufacturer (OCM) or an authorized supplier.
Unfortunately, this is not always possible once parts enter
obsolescence. Occasionally, even parts obtained from
authorized distributors have been found to be counterfeit,
most likely due to intermingling of returns with those obtained
from an OCM.
The second line of defense against counterfeit parts is
detection, which consists of inspection and testing of parts
prior to use. Ideally, this should only be necessary when parts
have been obtained from sources other than the OCM or an
authorized supplier. Combined with counterfeit avoidance
procedures, this strategy is generally sufficient to prevent the
vast majority of counterfeit parts from entering use.
Exceptions may arise when a chain of custody has been
Downloaded from http://dl.asminternational.org/istfa/proceedings-pdf/ISTFA2018/81009/51/416755/istfa2018p0051.pdf
by Robert FABRE
Copyright © 2018 ASM International®
All rights reserved
www.asminternational.org
unknowingly compromised, such as through carelessness as
described above, or through a malicious act on the part of a
manufacturer [3], distributor, or nation-state.
In some organizations, counterfeit part detection has consisted
for many years of little more than the usual incoming quality
inspection process, relying heavily on visual inspection and
lot sampling. This is generally inadequate [4] except in cases
where counterfeits consist of a uniform lot of poorly disguised
recycled or remarked parts. In general, the effectiveness of
counterfeit detection is dependent on the diversity of features
evaluated, the thoroughness with which the population of
parts is assessed, and the level of training of the personnel. As
counterfeiting techniques grow in sophistication, the methods
needed to detect these parts must keep pace. This has the
unfortunate effect of raising the costs associated with
minimizing the risk.
In order to ensure that the time and money invested in
counterfeit detection are commensurate with the potential
effects and likelihood of counterfeit part usage in a particular
application, a risk based methodology is advantageous. Such
an approach was required of most U.S. government defense
contractors upon the issuance of Defense Federal Acquisition
Regulation Supplement (DFARS) Clause 252.246-7007:
“Contractor Counterfeit Electronic Part Detection and
Avoidance System” in 2014 [5]. Among the twelve system
criteria specified in this regulation are risk-based policies and
procedures for such detection-related activities as: inspection
and testing of electronic parts, including criteria for
acceptance and rejection; methodologies to identify suspect
counterfeit parts; and training of personnel. The basis for the
selection of tests and inspections is the combined risk
associated with three elements [5]:
1. The probability that the part received is counterfeit;
2. The probability of detecting a counterfeit part with an
inspection or test; and
3. The potential negative impact of installing a
counterfeit part.
Sadly, instead of providing the offsetting considerations (such
as increased cost and delays associated with testing) to be
balanced against the negative consequences listed above, this
DFARS clause stipulates that the risk-based tests and
inspections “shall be based on minimizing risk to the
Government.” The goal of minimum risk would suggest that
any and all possible counterfeit detection and prevention
measures are called for, and it would thus effectively negate
the benefits of a risk-based approach. Fortunately, since the
proposed DFARS rule had already been made public earlier in
 the year, in April 2013 the DoD published Instruction 4140.67
that provides clarification of its policies with regard to the
concept of risk-based counterfeit detection, applicable to both
materiel and electronic parts. In Enclosure 2, section 8d of
that document [6], anti-counterfeiting measures are required to
balance the risk represented by counterfeit goods against the
impact to readiness and cost of the measures.
This requirement for a risk-based counterfeit detection
approach that balances the negative risks with the costs of the
detection activities is thus at the heart of the U.S. defense
department policy for counterfeit prevention, and has provided
the impetus for the development of formalized and quantified
methodologies that can be applied more broadly to a wide
range of industries. Recently, comprehensive and detailed
risk-based testing methodologies have been proposed [7] [8],
which have been adopted as the basis for testing of EEE parts
by the SAE AS6171 set of standards.
Risk-based Approach to Counterfeit Part
Detection
SAE AS6171 is a family of standards that seeks to standardize
practices for the detection of counterfeit EEE parts. The
General Requirements document, AS6171A [9], contains
requirements for all the main elements of a test plan, such as
part sampling, handling of parts, interpretation of results,
laboratory facilities, personnel training, reporting of results,
and data retention. As shown in Figure 1, this is accompanied
by a number of slash sheets, of which there are currently a
total of eleven. AS6171/1 [10] provides a method for a risk-
based selection of a sequence of counterfeit detection tests,
and for the evaluation of metrics that characterize the
effectiveness of a test sequence in detecting counterfeit parts.
Additional AS6171 documents specify requirements
governing specific test methods, such as visual inspection,
electrical testing, and a variety of other analytical and
inspection methods. These standards address the detection of
a variety of counterfeit part types (see Table 1), ranging from
common recycled or remarked parts to potentially
sophisticated clones. One category of counterfeit parts that is
not currently within scope of AS6171 is tampered parts,
although that is expected to change with future revisions and
releases of new documents.
AS6171A
General Requirements: Includes
Risk Level Calculation
AS6171/1 AS6171/2-11
Suspect/Counterfeit Test Techniques for
Suspect/Counterfeit
Evaluation Method:
Counterfeit Defect and EEE Parts Detection:
Type Coverage Specific Test Methods
Figure 1: Organization of SAE AS6171.
Downloaded from http://dl.asminternational.org/istfa/proceedings-pdf/ISTFA2018/81009/51/416755/istfa2018p0051.pdf
by Robert FABRE
Table 1: List of counterfeit EEE part types. Tampered parts
are not included in the scope of AS6171A.
Recycled
Remarked
Overproduced
Out-of-spec/Defective
Forged Documentation
Cloned
Tampered
The development of a test plan for a particular application and
part starts with the assignment of a risk level to that part, upon
which the specific sequence of tests is based that is used to
mitigate the assigned risk. The risk tier level is obtained from
a score that is calculated from factors associated with the part,
the supplier, and the product in which the part will be used (as
illustrated in Figure 2 and described in greater detail in the
following section). Parts with a higher risk tier level require
more extensive testing than those representing a lower risk.
RC=Risk of
RS=Risk of
Component
Supplier
(Part)
Adjusted Risk
Score and Risk
Tier Level
RP=Risk of Risk
Product Adjustment
(Application) Factors
Figure 2: Factors used to calculate an adjusted risk score and
risk tier level for a specific part in a given application.
Each test sequence can be quantified in terms of its coverage
of the various indicators of counterfeiting. It is this aspect of
AS6171 that distinguishes it from prior standards [11] [12],
and allows the tailoring of the test plan to the amount of risk
that is associated with the use of a particular part in a given
application. These indicators are referred to as counterfeit
defects, and include such features as damaged terminations,
ghost markings, missing bond wires, die passivation damage,
and out-of-specification electrical parameters.
AS6171/1 defines nearly seventy defects in all, and provides a
means for calculating the confidence of detecting each defect
using any combination of AS6171 test methods. The risk tier
level establishes the target confidence of detection, which the
overall counterfeit defect coverage (CDC) across all defects
must exceed for a test sequence to meet the requirements of
 the standard. By establishing a minimum threshold for the fictitious scenario is offered as a case study. A multilayer
CDC, the standard ensures that the resources dedicated to ceramic capacitor (MLCC) is used as a filter capacitor in an
testing are neither inadequate nor excessive. This allows engine control module (ECM) for an automobile. Due to part
lower risk parts to incur lower costs and delays compared to shortages, the MLCCs have been purchased from a domestic
those with higher risk. online parts broker that is not an authorized distributor. The
broker is AS9100 compliant and has not been cited in any
In addition to the calculation of the CDC, AS6171/1 also alerts or non-conformance reports. Although the modules are
provides a means to identify those individual defects which tested after assembly, it is well known that faulty MLCCs can
are either not detected by the test sequence (not-covered exhibit electrical shorts that have a long incubation time prior
defects, NCD) or whose confidence of detection is below the to their appearance. The circuit is designed to have
target (under-covered defects, UCD). The sequence of steps redundancy in the noise filtering function achieved by placing
used to select a risk-based test sequence and calculate the the MLCCs in parallel with electrolytic capacitors, but a
metrics indicative of its effectiveness in detecting a potential failure characterized by high leakage current or a short will
counterfeit part is illustrated in Figure 3. cause the ECM to fail. A failure of the module can cause the
vehicle to stall or fail to start.
Determine risk tier level from
AS6171 risk model, and associated Following the procedures and considerations in AS6171A, the
target confidence of detection
risk factors were calculated as follows:
• RP (product risk) = Critical (50), since failure of the
product (ECM) could cause loss of the system’s
Select test sequence appropriate to risk tier level (vehicle’s) function, and could result in substantial
and part type (Can use SAE CDC Tool Software, economic impact due to warranty or liability claims.
Tables in AS6171A, or custom test sequence) • RC (component risk) = Catastrophic (70), since failure of
the component (the MLCC) will result in failure of the
product (ECM).
Establish confidence level matrix of • RS (supplier risk) = Moderate/Low (30), since the
defect detection by selected tests supplier is certified to AS9100 and has not been flagged
for non-compliances or problems.
Calculate overall confidence level of
The unadjusted risk score is RP + RC + RS = 150, which
detection for each defect using test sequence
corresponds to a moderate risk tier level.

Identify Not-Covered Defects (NCD) and Product risk is adjusted for product testing and unlike
Under-Covered Defects (UCD) redundancy (MLCC redundant with a different type of
capacitor) as follows:
• Product level test adjustment = 50/100 (raw score) or -10
Calculate the overall Counterfeit (normalized score), since ECM testing could reveal
Defect Coverage (CDC) obvious MLCC failures but not those that take time in the
field to develop.
• Unlike redundancy adjustment = 50/100 (raw score) or
Verify that the CDC exceeds the
-10 (normalized score), since the redundant capacitor
target confidence of detection
could compensate somewhat for capacitance drift but not
associated with the risk tier level for a short circuit in the MLCC.

Figure 3: Diagram showing sequence of steps used to select a The only component risk adjustment factor, applied if the part
risk-based test sequence and calculate metrics indicative of its cannot be readily tested through product-level testing, was not
effectiveness in detecting a potential counterfeit part. considered applicable.

Finally, the counterfeit type coverage (CTC) is quantified by
associating defects with each type of counterfeit part, and
calculating the overall coverage for each type by the test
sequence.
Case Study
To illustrate the risk-based determination of a counterfeit
detection test sequence based on AS6171, the following
Similarly, the only supplier risk adjustment factor, applied if
the supplier is located in a high-risk part of the world, was not
used.
Finally, an additional risk adjustment factor was applied to
account for the lack of availability of the part, which makes it
more likely that a counterfeit part would be purchased:
• Part availability adjustment = 60/100 (raw score) or +12
(normalized score), since the part is in short supply but
not obsolete.

Downloaded from http://dl.asminternational.org/istfa/proceedings-pdf/ISTFA2018/81009/51/416755/istfa2018p0051.pdf

by Robert FABRE
 leakage current, and dielectric withstand voltage over
Total adjustments (normalized) = (-10) + (-10) + (12) = -8 temperature is more likely than ambient temperature testing to
Adjusted risk score = 150 – 8 = 142, which still corresponds reveal deficiencies due to structural or compositional
to a moderate risk tier level. anomalies.

Based on the determination of the risk tier level as moderate, a Table 2: Comparison of four alternative test sequences,
combination of counterfeit detection tests, known as a test including their CDC values, corresponding to the simple,
sequence, can be selected that will achieve the overall target passive part in the moderate risk scenario of the case study.
confidence of defect coverage (CDC) of at least 65%. Two Sequences 1 and 2 were obtained from Section 3.4 of SAE
candidate test sequences are offered in Section 3.4 of AS6171A, Sequence 3 was obtained from the SAE CDC Tool
AS6171A for passive parts representing a moderate risk tier using the default inputs, and Sequence 4 was a custom set of
level. Alternatively, one may use the SAE CDC Tool tests evaluated using the SAE CDC Tool. (Note: EVI =
(available at no charge by registering at External Visual Inspection; XRF = X-ray Fluorescence
http://cdctool.sae.org/), executing the dynamic assessment for Spectroscopy; DDPA = Delid/Decapsulation Physical
a simple passive part with moderate risk tier level. Finally, Analysis; and SEM = Scanning Electron Microscopy)
one may use either the custom assessment option in the SAE
CDC Tool or perform the calculations based on SAE Sequence 1 Sequence 2 Sequence 3 Sequence 4
AS6171/1, to combine various tests by trial and error until the (Sec. 3.4) (Sec. 3.4) (Dynamic) (Custom)
target CDC is achieved. These four alternative test sequences CDC = CDC = CDC = CDC =
are compared in Table 2. 66.29% 71.32% 66.3% 65.33%
EVI EVI EVI EVI
The results of this comparison demonstrate that, for most (General) (General) (General) (General)
situations, multiple solutions exist to address the risk. A EVI EVI EVI EVI
specific test sequence can be selected on the basis of practical (Detailed) (Detailed) (Detailed) (Detailed)
considerations, such as costs associated with the testing, time
Radiological EVI, EVI, Part EVI, Part
expended to complete testing, or factors associated with
2D Remarking Dimensions Dimensions
convenience or logistics, such as the local availability of
Electrical,
particular test equipment. The exception to this is the critical
Value, EVI, Radiological
risk tier level, since its target confidence of detection is so
Ambient Resurfacing 2D EVI, SEM
high that there remains little latitude to omit any tests.
Electrical,
For the case study, it is evident that Sequence 2, which was Key Electrical, XRF,
obtained from Table 7 in Section 3.4 of AS6171A, is not Parameters, EVI, Part Value, Material
suitable. MLCCs are typically unmarked, surface mount Ambient Dimensions Ambient Composition
devices that do not possess leads or plastic encapsulated XRF, Lead Raman DDPA,
surfaces. Sequence 1 or 3 would therefore be more Finish Spectroscopy Internal
appropriate, and both contain considerably fewer tests than Electrical,
Sequence 2. Sequence 3 contains the greater diversity of tests Key
since it includes Raman spectroscopy. Nevertheless, XRF, Parameters,
Sequence 1 and 3 provide nearly identical counterfeit defect Material Over
coverage. If either electrical parameter testing or Raman Composition Temperature
spectroscopy were not as readily available as the other tests, DDPA,
then one or the other Sequences may be favored. Internal
Radiological
Sequence 4 was a custom test plan developed with attention to 2D
the specific characteristics of MLCCs and how they are likely Electrical,
to manifest counterfeiting. Whereas radiological imaging may Value,
not provide much insight into internal defects for these Ambient
relatively small components, and is not even particularly good
at detecting cracks, a combination of external inspection by Future Directions
scanning electron microscopy (SEM) and cross-sectioning by
delid/decapsulation physical analysis (DDPA) could reveal
With the publication of the AS6171 set of standards in
flex cracks, handling or thermal damage, evidence of
October 2016, a standard for risk-based counterfeit detection
recycling, contamination, delamination, voiding, or other
became available to fulfill a keenly felt industry and
structural defects. Material composition analysis by XRF is a
government need. Since that time, it has been adopted by the
sensitive means of detecting minor additions to the ceramic
U.S. Defense Logistics Agency (DLA) Land and Maritime for
dielectric that are essential to their stability over temperature
use by the Department of Defense [14]. Other organizations
and time but may not be present in counterfeit parts [4][13].
have adopted the standard or, in some cases, based their own
Finally, measurement of parameters such as capacitance,

Downloaded from http://dl.asminternational.org/istfa/proceedings-pdf/ISTFA2018/81009/51/416755/istfa2018p0051.pdf

by Robert FABRE
 processes on the principles contained within it [15]. expected use, and likely failure modes and mechanisms can be
Nonetheless, more work remains to be accomplished in the particularly advantageous, as it allows a more informed
domain of standards-based counterfeit detection. In the years approach to selecting and customizing testing. There is room
since those initial test methods were drafted techniques for for further refinements and additions to AS6171, but it
producing counterfeit EEE parts have continued to grow in provides the most comprehensive and quantitative means for
sophistication [16]. Thus, the G-19A committee of SAE has planning and performing counterfeit EEE part detection based
been working to draft new AS6171 slash sheets in order to on a balanced consideration of both risks and costs.
incorporate additional test methods into its risk-based
methodology. Pending completion and approval by the
standards body, these additional test methods are anticipated Acknowledgments
to include techniques for compositional analysis, imaging,
characterization of material properties, and evaluation of part
packaging. In the longer term, further benefits to counterfeit The author would like to acknowledge his indebtedness to the
detection effectiveness are likely to be gained through members of the SAE G-19A committee. He would also like
application of machine learning techniques to data. to thank the over 100 companies that support the Center for
Additional work is also needed in refining test procedures and Advanced Life Cycle Engineering (CALCE) consortium at the
data analysis when an exemplar (a known-authentic part) is University of Maryland, College Park.
not available.
References
There is also an effort within the G-19A committee to add
tampered parts to the scope of AS6171. Since tampered EEE [1] Pecht, M. and Tiku, S., “Bogus: Electronic
parts can involve subtle hardware modifications on the die Manufacturing and Consumers Confront a Rising Tide of
level, or even in software or firmware, often with malicious Counterfeit Electronics,” Vol. 43 (2006), pp. 37-46.
intent [2][16], this will require the inclusion of defects specific [2] Guin, U., et al., “Counterfeit Integrated Circuits: A Rising
to tampering and new, specialized test methods. Threat in the Global Semiconductor Supply Chain,”
Proceedings of the IEEE, Vol. 102, No. 8 (2014), pp.
While the risk-based testing methodologies described in this 1207-1228.
paper are a significant step forward in counterfeit detection, [3] Miyamoto, I., A Systems Dynamics Approach to
the methods used to quantify risk and to evaluate effectiveness Understanding the Long-Term Effects of a Counterfeit-
of test sequences require additional development. Risk Risk Avoidance Strategy, Ph. D. Dissertation, George
analysis algorithms are needed that are more comprehensive Washington University, May 21, 2017.
in their recognition of the varied threats to the supply chain [4] Sood, B., Das, D., and Pecht, M., “Screening for
[3] [17]. The present CDC model would benefit from a Counterfeit Electronic Parts,” J. Mater. Sci.: Mater.
statistical approach that accounts for interactions and Electron., Vol. 22 (2011), pp. 1511–1522.
correlations between test methods, co-variance between [5] Code of Federal Regulations, Federal Acquisition
defects, and explicit incorporation of sampling statistics in the Regulations System, title 48, sec. 252.246-7007, May 6,
defect coverage calculation. The underlying confidence 2014 (revised Aug. 2, 2016).
matrices, which have so far been developed by consensus [6] “DOD Counterfeit Prevention Policy,” Department of
among subject matter experts, would benefit from a database Defense Instruction Number 4140.67, Apr. 26, 2013
generated by systematic, round-robin testing structured around (revised Oct. 25, 2017).
a statistical design of experiments involving a variety of [7] Guin U., DiMase D., and Tehranipoor M., “A
counterfeit types and part types, and blinded, randomized Comprehensive Framework for Counterfeit Defect
sequencing of tests. Coverage Analysis and Detection Assessment,” J
Electronic Testing, Vol. 30, No. 1 (2014), pp. 25-40.
[8] Collier, Z. A., et al., “A Semi-Quantitative Risk
Conclusions Assessment Standard for Counterfeit Electronics
Detection,” SAE International Journal of Aerospace, Vol.
A risk-based counterfeit detection approach is one that 7, No. 1 (2014), pp.171-181.
balances the negative effects of the use of a counterfeit part in [9] SAE International, ‘‘Test Methods Standard; General
an application with the costs associated with the detection Requirements, Suspect/Counterfeit, Electrical, Electronic,
activities. The AS6171 set of standards provides a method for and Electromechanical Parts,’’ SAE AS6171A, 2018.
a risk-based selection of a sequence of counterfeit detection Available at: https://saemobilus.sae.org/content/as6171a.
tests, and for the evaluation of metrics that characterize the [10] SAE International, ‘‘Suspect/Counterfeit Test Evaluation
effectiveness of a test sequence in detecting counterfeit EEE Method,’’ SAE AS6171/1, 2016. Available at:
parts. This approach can produce multiple acceptable test https://saemobilus.sae.org/content/as6171/1.
sequences with similar effectiveness, allowing one to select [11] Independent Distributors of Electronics Association
the sequence with the least impact on resources and (IDEA), “Acceptability of Electronic Components
production schedule. Knowledge of a part’s construction, Distributed in the Open Market,” IDEA-STD-1010-B,

Downloaded from http://dl.asminternational.org/istfa/proceedings-pdf/ISTFA2018/81009/51/416755/istfa2018p0051.pdf

by Robert FABRE
 2011. Available at: http://www.idofea.org/products/118-
idea-std-1010b
[12] SAE International, “Fraudulent/Counterfeit Electronic
Parts: Avoidance, Detection, Mitigation, and
Disposition—Distributors,” SAE AS6081, 2012.
Available at: https://saemobilus.sae.org/content/as6081.
[13] Azarian, M., “Analysis of Counterfeit Ceramic
Capacitors,” CALCE Symposium on Avoiding, Detecting,
and Preventing Counterfeit Electronic Parts, College
Park, MD, November 2007.
[14] Defense Logistics Agency, “Adoption Notice, SAE
AS6171,” Available at:
https://landandmaritimeapps.dla.mil/Downloads/MilSpec/
Docs/SAE/saeas6171.pdf.
[15] Battelle, “Counterfeit Electronic Part Detection and
Avoidance Control (CEPDAC) Plan,” November 2017,
Available at: https://www.battelle.org/docs/default-
source/doing-business/suppliers/counterfeit-plan-
2017.pdf?sfvrsn=5b28b588_4.
[16] Guin U., DiMase D., and Tehranipoor M., “Counterfeit
Integrated Circuits: Detection, Avoidance, and the
Challenges Ahead,” J Electronic Testing, Vol. 30, No. 1
(2014), pp. 9-23.
[17] DiMase, D., et al., “Traceability and Risk Analysis
Strategies for Addressing Counterfeit Electronics in
Supply Chains for Complex Systems,” Risk Analysis, Vol.
36, No. 10 (2016), pp. 1834-1843.

Downloaded from http://dl.asminternational.org/istfa/proceedings-pdf/ISTFA2018/81009/51/416755/istfa2018p0051.pdf

by Robert FABRE