In early 2023, a mechanic at a Portuguese airline discovered something a little unusual while performing maintenance on a jet engine. A replacement damper designed to quiet mechanical vibrations was already showing signs of wear — despite the maintenance log showing the component had just recently been installed. The airline started digging into the issue and came to an alarming conclusion: The documentation provided with the replacement part had been faked — the part was a counterfeit. The discovery set off a wave that would ripple through the airline industry over the coming months, in which dozens of airlines, including all major U.S. carriers, discovered they had aircraft in the skies flying with counterfeit parts. Professor of Electrical and Computer Engineering Hafiz Malik says the airline scandal is hardly an isolated incident. This particular problem ended up being traced back to a shady supplier in London, but Malik says there are countless others in both the black and gray markets fueling a lucrative worldwide trade in counterfeit electronic components. Indeed, though it’s difficult to estimate, analysts think the market for things like knock-off batteries, motors, sensors and printed circuit boards is likely in the hundreds of billions of dollars. The dubious, subpar components are not just a costly headache for companies and consumers. They’re also a huge safety and cybersecurity issue for all stakeholders. “No one wants to fly in an airplane or drive a car that has counterfeit parts,” Malik says. “But the problem is so widespread that many of us probably have no choice.”
Moreover, Malik contends the old ways of countering counterfeit components are largely outdated. “Today, making counterfeit electronic parts is super easy compared to the old days,” he says. “With 3D printing and generative AI, you can recreate some parts almost to perfection. And serial numbers, or logos stamped on the parts, forget about it — those can be easily forged.” Even newer security features, like holograms, can be replicated now, says Malik. So he and a frequent collaborator, Associate Professor of Electrical and Computer Engineering Alireza Mohammadi, are working on a new system that could radically transform the transportation industry’s counterfeiting defenses. Rather than attaching something external to a component, like a serial number, stamp or hologram, the two researchers are attempting to harness the power of “digital fingerprints” that originate from within the components themselves. The core idea is that electronic devices, by their nature, create electrical outputs. And by closely analyzing these signals for, say, unique patterns of distortion that are particular to a device, they could tell if something is an authentic part or a knock-off, because the counterfeit would create a different electronic fingerprint. Malik says the digital fingerprints could then be easily verified by comparing them to a cloud-based library, maintained by the manufacturer.
In addition, Mohammadi, as co-PI on the project, will be working on a complementary defense system that focuses on the coding that controls electronic components. “Let’s say you have a malicious actor, and instead of using a counterfeit electronic control unit, or ECU, they actually reprogram the authentic part in a very smart fashion. Here, the electronic fingerprinting would not work,” Mohammadi explains. However, Mohammadi says the new programming would ultimately show itself in some kind of altered functionality of the vehicle, like, for example, steering or braking systems that aren’t performing exactly as expected. If a manufacturer or technician detected these kinds of performance anomalies, and they couldn’t be traced back to an obvious source, it would clue them in to start checking the code, which could be verified using a cloud-based database. In fact, this approach could even be useful for detecting more routine benign errors, like corrupted code.
Interestingly, this new approach to threat detection could also serve as a highly efficient diagnostic tool. Right now, Malik says when a vehicle comes in for maintenance and a technician runs computer diagnostics to try to identify the problem for baseline models, it takes an average of 90 minutes to zero in on the actual issue. With their more sophisticated electronic fingerprinting system in the loop, Malik says it could help technicians quickly identify which components are malfunctioning. “We’re hoping to shrink the diagnostic time from 90 minutes to less than 30 minutes. That’s a very big deal in today’s world, where maintenance of large fleets of delivery vehicles for, say, Amazon, UPS or FedEx, is essential to their profitability,” Malik says. Another perk of the digital fingerprinting system: The fingerpointing between parts suppliers and OEMs that sometimes happens when something isn’t behaving as expected could be avoided — since the electronic fingerprints would help establish a benchmark for expected performance of electronic systems. In fact, though their research for this project will focus on components for the transportation sector, they say their anti-counterfeiting measures could ultimately be useful in any industry that uses electronic parts.
The two researchers have three years to work on the project, which is supported by a $1 million grant from the National Science Foundation — the second largest NSF award in UM-Dearborn history. But Mohammadi and Malik say the runway for this particular research has been even longer. Several related grants, including an incubator grant from the UM-Dearborn Office of Research, helped support related work that ultimately culminated in their current project. And the original idea was spawned way back in 2019, when Malik bumped into Mohammadi in a Canton coffee shop and asked if he could pick his brain about an idea he was kicking around. “Alireza immediately started diagramming his ideas about control theory on a napkin, and everything just kind of grew from there. I hope we still have the napkin,” Malik says.
In all likelihood, the napkin is long gone. But the two researchers are hopeful a much larger legacy for this work lies ahead.
###
Story by Lou Blouin. The researchers would like to acknowledge several awards in the lineage of this project, including “SaTC: CORE: Small: Linking2Source: Security of In-Vehicle Networks via Source Identification,” sponsored by the NSF through Award #2035770; “I-Corps: Physics-based Automotive Cybersecurity,” sponsored by the NSF through Award #2317368; and “Cyber-Physical Security of Industrial Robotic System,’’ sponsored by the UM-Dearborn Office of Research.