美国供应链的假冒IC(双语音频)
High-Tech Scam Artists: Counterfeit ICs
高科技专业骗子:假冒IC
几十年来,电子行业一直受到假冒 IC 的困扰,但由于供应链混乱且许多零件供应短缺,这个问题正变得普遍存在。什么是“假冒”IC,问题有多大,企业如何防范被蒙骗?
本期音频节目是《国际电子商情》姐妹刊EPS News 的编辑Barb Jorgensen与佛罗里达大学的网络安全专家 Domenic Forte的对话。
The twin disasters of the trade war and the COVID pandemic have rattled supply chains all around the globe, leading to supply shortages that have left many manufacturers desperate for parts. And as they say, “Desperate times call for… desperadoes.”
BRIAN SANTO:贸易战和 COVID大流行的双重灾难已经扰乱了全球供应链,导致供应短缺,使许多制造商迫切需要零件。正如他们所说,“绝望的时代催生了......亡命之徒。
Okay, nobody says that. I just made that up. But it happens to be true! Scam artists have been selling counterfeit ICs and printed circuit boards for almost as long as the electronics industry has been around, but counterfeiting seems to be accelerating as shortages persist.
好吧,没人这么说。我只是编出来的。但它恰好是真的!几乎只要电子行业存在,骗子就一直在销售假冒 IC 和印刷电路板,但随着短缺的持续存在,假冒行为似乎正在加速。
Computer chips are not like money, where counterfeiters print fake bills. It’s relatively easy to gain access to a printing press. It is way harder to get access to a modern fabrication facility, which makes it nearly impossible to churn out fake chips. So what does IC counterfeiting actually look like, how can you detect it, and what can you do about it?
计算机芯片不像钱,造假者打印假钞。使用印刷机相对容易。进入现代制造设施要困难得多,这使得生产假芯片几乎是不可能的。那么 IC 仿冒实际上是什么样子的,如何检测它,以及如何处理它?
Our guest this week is Domenic Forte, a professor at the University of Florida who is an expert in cybersecurity in general, and in counterfeiting in particular. We’ll also hear from my colleague Barbara Jorgensen, editor of EPS News, and an expert in electronics procurement.
本周我们的嘉宾是佛罗里达大学教授 Domenic Forte,他是一般网络安全方面的专家,尤其是假冒方面的专家。我们还将听取我的同事、EPS News 编辑、电子产品采购专家 Barbara Jorgensen 的意见。
We hear estimates that IC counterfeiting costs the industry billions of dollars a year, but reporting of the crime is spotty, so nobody really knows exactly how big the total losses might be.
我们听说 IC 造假每年给该行业造成数十亿美元的损失,但犯罪报告参差不齐,因此没有人真正知道总损失可能有多大。
Now, the dollar losses are bad enough, but it’s the non-monetary consequences that are potentially the much bigger problem, and it’s not possible to put a price tag on them. If a counterfeit chip ends up causing a smart doorbell to fail, well, that’s aggravating, and if enough fail, that might end up having a material effect on the manufacturer’s business. But should a substandard chip end up in a motor vehicle, a failure could be fatal! Further, should a counterfeit chip end up in a weapons system, the result could be catastrophic!
现在,金钱的损失已经够糟糕了,但可能是更大的问题是非货币后果,而且不可能已价格衡量。如果假冒芯片最终导致智能门铃出现故障,那会很严重,如果出现足够多的故障,最终可能会对制造商的业务产生重大影响。但是如果一个不合格的芯片最终出现在汽车中,故障可能是致命的! 此外,如果假冒芯片最终进入武器系统,结果可能是灾难性的!
And we know for a fact that happens.
我们知道这是真实发生的事件。
The Semiconductor Industry Association issued a report on the subject back in 2019 in which it cited two recent examples of prosecutions: one against one man selling fake chips that ended up some unnamed Air Force system (the details were classified); another man was convicted of selling counterfeit ICs that were heading for use in nuclear submarines.
半导体行业协会早在 2019 年就发布了一份关于该主题的报告,其中引用了最近的两个起诉例子:一个是针对销售假芯片的男子,该假芯片最终进入了一些未命名的空军系统(细节已保密); 另一名男子因销售用于核潜艇的假冒集成电路而被判有罪。
That SIA report was more than two years ago, and those who follow the subject of counterfeit ICs report the problem seems to be just getting worse, given the supply chain disruptions that have been going on for two years now and which are still nowhere near being solved.
SIA 的那份报告是两年多以前的事了,那些关注假冒 IC 的人报告说,鉴于供应链中断已经持续了两年,而且还远未解决,问题似乎正在变得更糟 解决了。
So we have questions! What is counterfeiting exactly, and how should a company go about preparing itself against being scammed?
所以我们有问题!究竟什么是假冒产品,公司应该如何做好准备以防被骗?
To answer those questions, we invited an expert.
为了回答这些问题,我们邀请了一位专家。
DOMENIC FORTE: I’m profession Domenic Forte. I’m an associate professor and the Steven A. Yatauro Faculty Fellow at the Electrical and Computer Engineering Department at University of Florida. I’ve been there for about six years now. And I’m also affiliated with the Florida Institute for Cyber Security Research, or we call it FICS Research, at the University as well.
DOMENIC FORTE:我是Domenic Forte,佛罗里达大学电气与计算机工程系的副教授和 Steven A. Yatauro 教员。我已经在那里呆了大约六年了。我也隶属于佛罗里达大学网络安全研究所,或者我们称之为 FICS 研究所。
BRIAN SANTO: Alright, so you have been examining the issue of counterfeiting for at least a couple of years, perhaps longer, right?
BRIAN SANTO:好的,所以你研究假冒问题至少几年了,也许更久,对吧?
DOMENIC FORTE: Nearly 10 years we’ve been looking at this, yeah. So looking at the problem, looking at all kinds of solutions.
DOMENIC FORTE:近 10 年来,我们一直在研究这个。着手难题,看各种解决方案。
BRIAN SANTO: So let’s talk at the highest level. You’ve got a 10-year perspective. Can we ask you to give us kind of a historical perspective of the counterfeiting phenomenon? We can go into the particulars about what counterfeiting is in a moment. But first, I’d like to get a sense of: Was it a huge problem from the beginning? Is it something that slowly accelerated? Give us a historical view of the phenomenon of counterfeiting ICs.
BRIAN SANTO:所以让我们谈谈最高级别。你有一个 10 年的视野。我们能否请您给我们提供一种关于假冒现象的历史视角?我们可以马上详细了解什么是假冒。但首先,我想了解一下:这从一开始就是一个大问题吗?是慢慢加速的东西吗?让我们对假冒IC现象有一个历史的看法。
DOMENIC FORTE: Sure. So back when I started in the area, I did look into some older documents from all kinds of government agencies. Department of Energy, for example. And I do remember them seeing pointing to counterfeit parts as early as the 80s. I expect that it was a problem then. And like you said, it kind of got worse and worse over time, because it wasn’t dealt with.
DOMENIC FORTE: 好的。当我开始涉足该地区时,我确实查看了来自各种政府机构的一些旧文件。以能源部为例。我确实记得他们早在 80 年代就看到了假冒零件。我预计那是一个问题。就像你说的,随着时间的推移,情况变得越来越糟,因为它没有得到处理。
And when I began as a professor, around 2013, just before that, in 2012, there was a lot of talk in the US government. There was the Senate Armed Services Committee report, which was highlighting all of these counterfeits: what risks they pose to military systems, and how many suspected counterfeits had been found to be sold to the Department of Defense in 2009 and 2010. So it was a very hot topic then. There were a couple of laws and things that were passed. And, yeah, that kind of cooled the area down slightly. But, you know, in my opinion, it hasn’t necessarily solved the problem yet. And there’s still more to go. And this pandemic-induced chip shortage that we’re experiencing now is just one example of that.
当我在 2013 年左右开始担任教授时,就在此之前,也就是 2012 年,美国政府有很多讨论。参议院军事委员会的报告强调了所有这些假冒产品:它们对军事系统构成什么风险,以及在 2009 年和 2010 年发现有多少可疑的假冒产品卖给了国防部。所以这是一个那时非常热门的话题。有几项法律通过了。这样使该话题稍微冷却了一些。但是,你知道,在我看来,它还不一定能解决问题。还有更多工作要做。而我们现在正在经历的这种由疫情引起的芯片短缺只是其中一个例子。
BRIAN SANTO: Right. I imagine that the trade war, which has also disrupted supply lines, has had an effect as well.
BRIAN SANTO: 对。贸易战也产生了影响了供应链。
DOMENIC FORTE: Yeah, my understanding is that materials that are needed for semiconductor chips — as you mentioned, the trade war — that impacts it, as well as the fact that we haven’t been able to produce as many chips, which leaves a void that counterfeiters are going to try to fill.
DOMENIC FORTE:是的,我的理解是,半导体芯片所需的材料——正如你提到的,贸易战——会影响它,以及我们无法生产尽可能多的芯片这一事实,这就留下了一个造假者试图填补的空白。
BRIAN SANTO: Have you found any suggestion that the way business is conducted, and how it has evolved over the years, has left any openings for counterfeiting? And I’m thinking particularly of how some of the biggest companies sell directly to their biggest customers, and then rely on distributors to take care of a lot of the smaller customers. And then you layer shortages on top of that, it seems like the industry has created for itself a couple more places where a counterfeiter can weasel into the process. Is that a reasonable view of what’s been going on?
BRIAN SANTO:您有没有发现任何迹象表明商业运作方式以及多年来的发展方式为假冒留下了任何漏洞? 我特别在想一些最大的公司如何直接向他们的最大客户销售,然后依靠分销商来照顾很多小客户。然后你把短缺放在最重要的地方,似乎这个行业为自己创造了更多的地方,造假者可以在这个过程中偷偷摸摸。这是对正在发生的事情的合理看法吗?
DOMENIC FORTE: Yeah, and in fact, of course, I guess you could say one of the biggest victims of this is usually the Department of Defense and other military contractors, right? Because they are in the grand scheme of things, smaller groups, as you mentioned.
DOMENIC FORTE:是的,事实上,当然,我想你可以说最大的受害者之一通常是国防部和其他军事承包商,对吧?正如你所提到的,因为它们处于宏伟的计划中,较小的群体。
They’re not the big fish anymore. That’s again something that’s happened gradually over the last 30 or 40 years as we’ve been consuming a lot more electronics commercially. So they become the victims in this. And them in particular, they have systems that, again, we know: planes, trains, vehicles that last decades, right? And the electronics that’s needed to support and maintain them, you have to go to the distributors to get it now. And it does put them at risk.
他们不再是大鱼了。这又是过去 30 或 40 年逐渐发生的事情,因为我们在商业上消费了更多的电子产品。所以他们成为了这件事的受害者。尤其是他们,他们拥有我们知道的系统:飞机、火车、车辆可以使用几十年,对吧?而支持和维护它们所需的电子设备,你现在必须去分销商那里才能买到。这确实使他们处于危险之中。
BRIAN SANTO: And some of those things aren’t being made anymore. So it’s an interesting business trying to sell to the DOD a chip from a weapons system from 35 years ago. That’s what, the LSI era?
BRIAN SANTO:有些东西已经不再生产了。因此,尝试向国防部出售 35 年前武器系统的芯片是一项有趣的业务。那是什么,LSI时代?
DOMENIC FORTE: Yeah, yeah.
BRIAN SANTO: Those aren’t even made anymore in many cases, right?
BRIAN SANTO:在很多情况下,这些甚至都不再生产了,对吧?
DOMENIC FORTE: Yeah, that’s the obsolescence problem. And there are a couple of very small companies that are tasked with either getting designs from the old manufacturer or perhaps reverse engineering the design and remanufacturing those, but I think those are very few and far between. So like you said, you really just have to go to the distributors. And sometimes you’re putting yourself at risk.
DOMENIC FORTE:是的,这就是过时问题。有几家非常小的公司的任务是从老制造商那里获取设计,或者可能对设计进行逆向工程并重新制造,但我认为这些公司很少而且相差甚远。所以就像你说的,你真的只需要去找分销商。有时你会把自己置于危险之中。
BRIAN SANTO: Anything else about the business that opens up opportunities for counterfeiters that I haven’t asked about, before we move on to what some of the instances of counterfeiting are?
BRIAN SANTO:在我们继续讨论一些假冒实例之前,还有其它什么事为造假者打开了机会?
DOMENIC FORTE: Well, the other one, yes; there’s one more. And that’s the fact that in the last 20 years, maybe 30 years, particularly in the US, we’ve moved to a horizontal business model in the semiconductor industry, where most chips are designed by one party. And they may actually be designed by multiple parties. And then in offshore foundry, most of the time, which is a third party, is actually manufacturing for them.
DOMENIC FORTE:嗯,另一个,是的。还有一个。这就是事实,在过去的 20 年,也许是 30 年,尤其是在美国,我们已经转向了半导体行业的横向商业模式,其中大多数芯片都是由一方设计的。它们实际上可能是由多方设计的。然后在离岸代工中,大部分实际上是第三方为他们制造的。
So the fact that we’ve had this globalization has also opened up the doors, because the design itself is being shared with third parties. And it could leak in various ways. It’s not necessarily, for example, the foundry’s fault, but could be a rogue employee, could be a state-level attacker, all these kinds of things can also leak IP, which could result in counterfeits being produced.
因此,我们已经拥有这种全球化的事实也打开了大门,因为设计本身正在与第三方共享。它可能以各种方式泄漏。不一定是代工厂的问题,但可能是流氓员工,可能是国家级攻击者,所有这些东西也可能泄漏IP,从而导致生产假冒产品。
BRIAN SANTO: Am I to infer from that that there are fabs out there that deliberately produce counterfeit parts?
BRIAN SANTO:我是否可以从中推断出存在故意生产假冒零件的晶圆厂?
DOMENIC FORTE: I don’t know if that’s proven. I think they could also be victims in this. So if the IP leaks somehow, they may produce counterfeits unknowingly, because they’re given the same design, and it’s not their responsibility to check if it’s the same as somebody else’s. Right?
DOMENIC FORTE:我不知道这是否得到证实。我认为他们也可能成为这方面的受害者。因此,如果 IP 以某种方式泄露,他们可能会在不知不觉中生产出仿冒品,因为它们的设计相同,而检查与其他人的设计是否相同不是他们的责任。 对吧?
BRIAN SANTO: Right.
DOMENIC FORTE: So around and around we go here.
DOMENIC FORTE: 所以我们绕着绕绕到这里。
BRIAN SANTO: Well, so that might be suspected and yet to be proved. But the phenomenon of the fabless design company and the globalization of manufacturing is interesting. And I didn’t want to go off on a… I have a deep love of tangents. If you’ve got IP that can be intercepted, not necessarily counterfeiting.
BRIAN SANTO:嗯,所以这可能会被怀疑,但尚未得到证实。但无晶圆设计公司和制造业全球化的现象很有趣。而且我不想继续……我对tangents有着深深的热爱。如果你有可以被拦截的IP,不一定是伪造的。
But is there any suspicion that designs have been modified in such a way that people might put in something… the software analogy would be malware. Is there any suspicion that anybody plugs in a little extra circuitry that allows them to access a chip after it hits the market?
但是,是否有人怀疑,设计已用被某种方式进行了修改……例如恶意软件。是否有人怀疑有人插入了一些额外的电路,允许他们在芯片上市后访问它?
DOMENIC FORTE: Yeah, that’s been suspected as well, since about 2006 or so. The most recent example, though, which is probably the closest we’ve ever gotten to having evidence of it (although this is still not evidence, it’s still a ghost story) is the Bloomberg big hack article from, what was it? Late 2018 I believe. This actually didn’t occur at the chip level necessarily. It was more at the printed circuit board or system level.
DOMENIC FORTE: 是的,从2006年左右开始,人们就开始怀疑这一点。然而,最近的一个例子,可能是我们得到的最近的证据(虽然这仍然不是证据,它仍然是一个捕风捉影的故事)是来自彭博社的大黑客文章,它是什么?我相信是2018年末。这实际上并不一定发生在芯片层面。它更多的是在印刷电路板或系统级别。
But this article alleged that they had, I think it was probably about a dozen folks who were telling them that Supermicro motherboards had been intentionally modified at the manufacturing source with a small component that looked like a signal coupler. It just had basically two pins. And it was right by a component in the system which would allow you to remotely take over this server. So you could bypass the OS, you could change the BIOS, do all this kind of stuff.
但是这篇文章声称他们有,我想大概有十几个人告诉他们,Supermicro 主板在制造源头被故意修改了一个看起来像信号耦合器的小组件。它基本上只有两个引脚。系统中的一个组件是正确的,它允许您远程接管该服务器。所以你可以绕过操作系统,你可以改变 BIOS,做所有这些事情。
And what was alleged in the article was that many companies were impacted, apparently. And two of them that they listed were Apple and Amazon, which are two of the most profitable companies in the world. And both of them denied it. They said it didn’t happen. But, you know, what are they going to do? There’s no way they would ever admit that it did happen. Because, again, if your servers are compromised, how much private information could be leaked? What else could be done? Nobody would ever admit that.
文章中声称的是,许多公司显然受到了影响。他们列出的其中两家是苹果和亚马逊,它们是世界上最赚钱的两家公司。而且两家公司都否认了。他们说这没有发生。但是,你知道,他们要做什么?他们永远不会承认它确实发生了。因为,再一次,如果您的服务器遭到入侵,有多少私人信息可能会被泄露?还能做什么?没有人会承认这一点。
BRIAN SANTO: Interesting. And just to make this point, I’ve been asking you about chips, and ICs through most of this conversation. The phenomenon doesn’t end there. It’s chips and boards as well.
BRIAN SANTO:有趣。为了说明这一点,我一直在向您询问有关芯片和 IC 的大部分对话。现象并没有就此结束。它也是芯片和电路板。
DOMENIC FORTE: Yeah. And at the board level, it, it consists of making a counterfeit of the board itself, but also replacing components on that board with counterfeits and so on. And of course, making modifications, like you mentioned.
DOMENIC FORTE: 是的。在电路板级别,它包括制造电路板本身的假冒产品,以及用假冒产品替换电路板上的组件等。当然,就像你提到的那样,进行修改。
BRIAN SANTO: Okay, so that does get us naturally into the conversation of what constitutes counterfeiting. And again, let’s talk about ICs just to keep the conversation from getting too far wide-ranging. What are some of the instances of counterfeiting? Are there different ways to counterfeit a chip?
BRIAN SANTO:好的,这确实让我们自然而然地进入了关于什么是假冒的对话。 再说一次,让我们谈谈 IC 只是为了避免话题过于广泛。造假的例子有哪些? 有不同的方法来伪造芯片吗?
DOMENIC FORTE: Yes. So let me start by just discussing a chip in general. So a chip is essentially a piece of silicon. And the silicon is responsible for the processing, computing and storage, if it’s memory. And that piece of silicon is encased in a plastic or ceramic package. So this is, you know, that black material that you would typically see on what we call a chip. And that protects the chip. And then on that package, we typically have some kind of markings. They could be denoting where it was manufactured, what country; it could also have laser engraved markings with the company’s logo, the IP owner’s logo; and other information such as the part type, lot number, you know, again, things that designate its origin and what it’s supposed to do. So that’s what our starting point is.
DOMENIC FORTE: 是的。 因此,让我先从一般性的讨论开始。所以芯片本质上是一块硅。硅负责处理、计算和存储,如果它是内存的话。那块硅片被包裹在塑料或陶瓷封装中。这就是,你知道的,你通常会在我们所说的芯片上看到的黑色材料。这可以保护芯片。然后在那个封装上,我们通常有某种标记。他们可以表示它是在哪里制造的,是哪个国家的;它还可以带有带有公司徽标、知识产权所有者徽标的激光雕刻标记;以及其他信息,例如零件类型、批号,您再次知道指定其来源和应该做什么的事情。所以这就是我们的出发点。
And then when you get into the type of counterfeits, there are taxonomies out there that classify it as seven different types. But I’ll boil it down probably to four main types, which I think are the most prominent. There are two that are part of this class, which are chips and components that are already in circulation.
然后当你进入假冒的类型时,那里有分类法将其分为七种不同的类型。但我可能会归结为四种主要类型,我认为这是最突出的。有两个属于此类,它们是已经在流通的芯片和组件。
So the first of this type is chips that have been taken off of old systems, and their package may be slightly refurbished, their pins may be refurbished. And they’ve probably been remarked, which means the markings that were on the package were changed to fraudulently make it look like it’s new. And we call these as recycled-type counterfeits.
所以这种类型的第一种是从旧系统上取下来的芯片,它们的封装可能会稍微翻新,它们的引脚可能会翻新。他们可能已经被打标了,这意味着包装上的标记被更改,从而使它看起来像新的一样。我们称这些为回收型仿冒品。
Recycled because they’re previously used. And then they’re resold into the supply chain as if they’re new. So the people who are buying it think that they’re new, but they’re not.
回收,因为它们以前被使用过。然后它们被转售到供应链中,就好像它们是新的一样。所以购买它的人认为他们是新的,但他们不是。
And the danger with these is, of course, that, like humans, these chips age over time and with use, and they’re more prone to failure due to a) their use and b) the harvesting process itself, which may have exposed it to harmful conditions like high temperatures and water and things like this.
当然,这些芯片的危险在于,就像人类一样,这些芯片会随着时间和使用而老化,并且由于 a) 它们用过了和 b) 获取过程本身——这使得它们更容易发生故障,因为过程中可能已经暴露在有害环境下,例如高温和水等的影响。
The second part of this class of chips that are already in circulation is what’s known as the re-marked chip. So this is often done to increase a component’s grade. So for example, a commercial chip, its package may be changed to make it fraudulently appear as if it’s military or aerospace grade. And the difference in these chips is that the military and aerospace are more expensive, because they’re supposed to function in harsher conditions and harsher environments. So a counterfeiter, if they change the grade of this commercial chip and increase it artificially, they could sell it for more than they paid for it. And the person who’s getting it is getting a product that may be harmful; it may not stand up in the environments it needs to.
已经流通的这类芯片的第二部分是所谓的重新标记芯片。因此,通常这样做是为了提高组件的等级。例如,一个商业芯片,它的封装可能会被改变,使它看起来像是军用或航空级的。这些芯片的不同之处在于军事和航空航天更昂贵,因为它们应该在更恶劣的条件和更恶劣的环境中运行。所以一个造假者,如果他们改变这个商业芯片的等级,人为地增加它,他们可以卖得比买的价格高。得到它的人正在得到一种可能有害的产品;它可能无法在它需要的环境中工作。
And the other two types are defective and out-of-spec chips. So these are chips that could fail post-manufacturing tests, and they’re supposed to be destroyed by the manufacturer. But maybe they’re not properly disposed of, or maybe they’re, again, stolen by some kind of insider. They end up getting packaged and actually appear in the supply chain.
其他两种类型是有缺陷和不合规格的芯片。所以这些芯片可能无法通过制造后的测试,它们应该被制造商销毁。但也许它们没有得到妥善处理,或者它们再次被某种内部人员偷走。它们最终被封装好并实际出现在供应链中。
So there’s actually been evidence of this long back, where there was a manufacturing step off the chip’s failure, which was to put an ink dot on it. And that would mean that it failed tests and it should be destroyed. But people later found when they de-packaged ships, they found some pieces of silicon that actually had that marking. So they were somehow getting in the market.
实际操作中有类似证据,很久以前,在芯片制造步骤中,会给发现故障的芯片上面放一个墨点。这意味着它没有通过测试,应该被销毁。但后来人们在拆封装时,发现了一些封装内有这个标记的硅片。所以他们以某种方式进入了市场。
And then the last one that I’ll mention is just, you know, the typical thing you think as a counterfeit: a copy or a clone or a knockoff design. And this could include a real replica, it can include knockoff, and it could even include one that’s been modified intentionally or tampered, like we discussed earlier.
然后我要提到的最后一个就是,你知道的,你认为是仿冒品的典型东西:复制品、克隆品或仿冒设计。这可能包括一个真正的复制品,它可以包括仿冒品,甚至可以包括故意修改或篡改的复制品,就像我们之前讨论的那样。
Let me go into just slightly more detail on some anecdotes about what I’ve heard about recycled chips.
让我稍微详细地谈谈我听说过的关于回收芯片的一些轶事。
BRIAN SANTO: Sure.
DOMENIC FORTE: So I’ve heard that the conditions from where they remove these chips from their previous systems are not always very good. So again, they might heat up the board that it’s on, they might bang the board to get the chip off. I’ve heard stories that they wash the chips in the streets, either in rivers or in streets. I mean, clearly stuff that you should not be exposing your chip to.
DOMENIC FORTE:所以我听说他们从以前的系统中移除这些芯片的条件并不总是很好。再说一次,他们可能会加热它所在的电路板,他们可能会敲击电路板以使芯片脱落。我听说过他们在街上洗芯片的故事,无论是在河里还是在街上。 我的意思是,显然是你不应该将芯片暴露的环境。
BRIAN SANTO: Clearly!
DOMENIC FORTE: Yeah. The hermetic seals are probably broken, the package is probably cracked, there’s probably all kinds of humidity issues, all kinds of things. So this just adds, again, to the fact that these are already used chips, but they’re probably also damaged.
DOMENIC FORTE:是的。密封可能坏了,包装可能裂了,可能有各种各样的湿度问题,各种各样的问题。因此,这再次增加了这些已经使用过的芯片的事实,但它们可能也已损坏。
BRIAN SANTO: It just sounds amazing that a bunch of people could go dumpster diving, wash these things in the street, and then be sophisticated enough to put somebody else’s logo on the package.
BRIAN SANTO:一群人可以去垃圾箱潜水,在街上洗这些东西,然后足够复杂,可以在封装上贴上别人的标志,这听起来很神奇。
DOMENIC FORTE: Yeah! So there are a list of trusted and authorized distributors that the original chip manufacturers encourage their folks to go to, and the government also specifies by law that defense contractors should use these channels. But again, you could get desperate if there’s a chip shortage, if there’s a component that you can see that’s really cheap on eBay. Again, it may slip through the cracks.
DOMENIC FORTE:是的! 因此,有一份原始芯片制造商鼓励他们的人去的受信任和授权的分销商名单,政府还通过法律规定国防承包商应该使用这些渠道。但同样,如果芯片短缺,如果你可以在 eBay 上看到非常便宜的组件,你可能会感到绝望。同样,它可能会从裂缝中溜走。
BRIAN SANTO: Oh, wow! I was gonna ask you about that later. But to be honest, I just can’t let that go. That level of desperation, where a company is willing to actually send out a potentially faulty product, possibly a potentially dangerous product, just because they feel compelled to get it out the door. That’s not encouraging if you want to minimize the use of counterfeit products!
BRIAN SANTO: 哦,哇! 我以后会问你的。但说实话,我就是放不下。 那种绝望的程度,一家公司愿意实际发送一个潜在的有缺陷的产品,可能是一个潜在的危险产品,只是因为他们觉得有必要把它拿出来。如果您想最大限度地减少假冒产品的使用,那可不令人鼓舞!
DOMENIC FORTE: Yeah, definitely. So I would suspect that your large companies are definitely not going through unauthorized channels. Like, for example, your vehicle manufacturers. They’re waiting it out. They’re not buying anything that they shouldn’t be buying.
DOMENIC FORTE:是的,当然。 所以我怀疑你们的大公司肯定不会通过未经授权的渠道。例如,您的汽车制造商。他们正在等待芯片。他们不会买任何他们不应该买的东西。
BRIAN SANTO: I hear that some companies are actually shipping… Tesla was reported to be shipping certain models that simply don’t have certain ICs, and they’re being overt about it because they’re simply not to be had.
BRIAN SANTO:我听说有些公司实际上正在发货……据报道,特斯拉正在发货的某些型号根本没有某些 IC,而且他们对此很公开,因为它们根本就没有。
DOMENIC FORTE: Right. I think those guys, the game video games industry, I mean, every one of the big companies that has something to lose, they’re not going to do anything fraudulent for sure. But I think the small companies are definitely more susceptible here.
DOMENIC FORTE: 对。我认为那些家伙,游戏视频游戏行业,我的意思是,每一家有损失的大公司,他们肯定不会做任何欺诈行为。但我认为小公司在这里肯定更容易受到影响。
BRIAN SANTO: Often it’s a matter of survival in some cases. Yeah?
BRIAN SANTO:在某些情况下,这通常是生存问题。是吧?
DOMENIC FORTE: Yes. There are stories about people going to jail, like the companies that are actually doing the false distribution. Sometimes they just take your order, but they actually don’t send you anything. Sometimes they’re actively going and trying to find products that are old and are used and refurbishing them. They find evidence of that. And again, these people go to jail.
DOMENIC FORTE: 是的。我听说过人们入狱的故事,比如实际上在进行虚假分销的公司。有时他们只是接受您的订单,但实际上他们并没有向您发送任何东西。有时他们会积极地寻找旧的、使用过的产品并对其进行翻新。他们找到了证据。再一次,这些人进了监狱。
Back several years ago, I remember seeing on the news there was a lawsuit. Xilinx was suing somebody claiming that they were doing that, and actually doing other things as well, to sell counterfeits, basically to Xilinx customers.
回到几年前,我记得在新闻上看到有一场官司。 Xilinx 起诉某人,声称他们正在这样做,并且实际上也在做其他事情,主要是向 Xilinx 客户销售假冒产品。
BRIAN SANTO: There are regulations in place where defense contractors are supposed to be going to approved vendors, and they’re still getting taken. I’m sure the numbers aren’t reliable because the reporting isn’t thorough, but I saw one estimate one time that said 5% of all chips that the US military receives might be fraudulent counterfeited somehow.
BRIAN SANTO:有规定国防承包商应该去经批准的供应商,他们仍然被采取。 我确信这些数字不可靠,因为报告不彻底,但我曾经看到一个估计,称美国军方收到的所有芯片中有 5% 可能以某种方式被伪造。
DOMENIC FORTE: Just to mention what the US government has done. So in 2012, there was a National Defense Authorization Act. And I think, if I recall, it had two major implications. They made it so that the US contractors who were supplying parts to the government (or even equipment that was using chips) to the government, it was their responsibility to check into the parts. And they would I think be liable if anything happened. They would have to rework the system, and I guess perhaps pay for damages. So that was one thing.
DOMENIC FORTE:仅提及美国政府所做的事情。所以在2012年,就有了国防授权法。我认为,如果我记得的话,它有两个主要含义。他们这样做是为了让那些向政府供应零件(甚至是使用芯片的设备)的美国承包商有责任检查这些零件。如果发生任何事情,我认为他们会承担责任。他们将不得不重新设计系统,我想也许会支付损害赔偿金。所以这是一回事。
And the second thing is that if a contractor became aware or had reason to suspect that a component was counterfeited, they had to report it to the government, specifically the Government Industry Data Exchange program, or GIDA. Now, again, by law, they were supposed to do that. But I couldn’t say whether or not everybody follows that or not.
第二件事是,如果承包商意识到或有理由怀疑某个组件是假冒的,他们必须向政府报告,特别是政府行业数据交换计划或 GIDA。现在,再一次,根据法律,他们应该这样做。但我不能说是否每个人都遵循这一点。
BRIAN SANTO: Well, I guess this is a good point to bring up something you and I discussed in our discussion earlier, before recording. Reporting is somewhat problematic. And my analogy was 20 years ago, when network and computer hacking began to get really profoundly serious and large companies began to get hacked and people’s privacy — their credit cards and whatnot– it became obvious were targets. It was difficult to get companies to report the fact that they had been hacked. Because it was a) embarrassing and b) perhaps even foolhardy to let people know, Hey, our system was vulnerable. We’re still working on getting it secure. But if we’re still working on getting it secure, that means we’re still vulnerable.
BRIAN SANTO:嗯,我想这是一个很好的观点,可以在录制之前提出你和我在之前讨论中讨论的内容。报告有些问题。我的类比是 20 年前,当网络和计算机黑客开始变得非常严重,大公司开始受到黑客攻击,人们的隐私——他们的信用卡等等——很明显成为目标。很难让公司报告他们被黑客入侵的事实。因为它 a) 令人尴尬 b) 让人们知道可能甚至是鲁莽的,嘿,我们的系统很脆弱。 我们仍在努力确保它的安全。但是,如果我们仍在努力确保它的安全,那意味着我们仍然很脆弱。
So there are reasons why a company might not want to report if they’ve been hacked. And I would imagine there are reasons that a company or an organization might not want to report that they’ve been subjected to counterfeit, to some counterfeit scam.
因此,如果公司被黑客入侵,公司可能不想报告是有原因的。 而且我想有一些原因,公司或组织可能不想报告他们受到假冒,受到假冒骗局的影响。
DOMENIC FORTE: Yeah. So we go back to the Bloomberg big hack article, and Supermicro was a victim there in two ways. If at the manufacturing source, their systems were modified, they were a victim. They were also a victim of the article. The article basically tanked their stock. And I’m not sure if they’ve completely recovered yet. And it’s been two or three years.
DOMENIC FORTE: 是的。所以我们回到 Bloomberg 的大黑客文章,Supermicro 在两个方面成为了受害者。如果在制造源头,他们的系统被修改,他们就是受害者。他们也是这篇文章的受害者。这篇文章基本上让他们的股票大跌。而且我不确定他们是否已经完全康复。而且已经两三年了。
So yeah, nobody wants to admit that there’s a problem. And even if you were to admit that you want to maybe add a new feature to your or your chip that is an anti-counterfeit technology, they might also be a little hesitant to do that, too. Because it’s like they’re admitting that there’s a problem that’s been there for a while and they haven’t taken care of it.
所以,是的,没有人愿意承认存在问题。即使您承认您可能想在您的或您的芯片中添加一项新功能,即一种防伪技术,他们也可能会有点犹豫。因为这就像他们承认有一个问题已经存在了一段时间并且他们没有解决它。
BRIAN SANTO: Right. I would like to move on and talk about some of the techniques, practices and technology that are available to companies to counteract counterfeiting. There’s a YouTube video that I saw of a presentation that you did where you were talking about work that you and your students and your colleagues were doing on one of these technological methods.
BRIAN SANTO: 对。我想继续谈谈公司可以用来打击假冒的一些技术、实践和技术。我在 YouTube上看到了一个演示文稿,你在其中谈论了你和你的学生以及你的同事在其中一种技术方法上所做的工作。
Can I ask you to give us a quick review of what methods are available? First, what techniques a company should apply. What are some best practices that you can put into place in your purchasing process that would help inoculate you against this? And then I’d like to ask you to go ahead and talk about some of the actual tools that are available for examining parts that are coming in for whether or not they’re counterfeit or legitimate.
我可以请您快速回顾一下可用的方法吗?首先,公司应该应用什么技术。您可以在购买过程中采取哪些最佳实践来帮助您预防这种情况?然后我想请您继续讨论一些可用于检查进入的零件是否是假冒或合法的实际工具。
DOMENIC FORTE: Sure, sure. So I’ll start with probably the most prevalent and well-studied area. In fact, the one that has standards actually already around it. And that’s in the area of physical and electrical inspection of parts. So there again are these standards that give you a series of tests that you should apply to a part specifically to detect types of defects that occur in counterfeit parts. So like I mentioned earlier, some of these defects could be external, they could be on the package. These tests would, for example, physically inspect using microscopes, using x-ray, using other imaging techniques to try to find these defects.
DOMENIC FORTE: 当然,当然。所以我将从最流行和研究最充分的领域开始。 事实上,有标准的那个实际上已经在它周围了。那是在零件的物理和电气检查领域。因此,这些标准再次为您提供了一系列测试,您应该将这些测试专门应用于零件,以检测假冒零件中出现的缺陷类型。所以就像我之前提到的,其中一些缺陷可能是外部的,它们可能在包装上。例如,这些测试将使用显微镜进行物理检查,使用 X 射线,使用其他成像技术来尝试发现这些缺陷。
And typically, this would be done by a subject matter expert. So a person who has experience in this area, is trained to detect these defects. So anybody who’s making purchases, especially getting these defense contractors, what they will do is they will make a purchase, and they will send a batch of these chips to a test lab who’s certified to run these kinds of tests. And they will pay for a series of these tests, maybe a subset of them, and they’ll get a report back from them about whether or not these suspect chips are legitimate or whether or not they’re suspect, counterfeit. And that’s probably the main and most well-studied approach.
通常,这将由主题专家完成。因此,在这方面有经验的人接受了检测这些缺陷的培训。因此,任何购买的人,尤其是这些国防承包商,他们要做的就是购买,并将一批这些芯片发送到经过认证可以进行此类测试的测试实验室。他们将支付一系列这些测试的费用,也许是其中的一部分,他们会从他们那里得到一份报告,说明这些可疑芯片是否是合法的,或者它们是否是可疑的,假冒的。这可能是主要的也是研究最充分的方法。
I highlighted mostly the physical, but there are also some very basic electrical tests that people do as well. And these are covered in the standards.
我主要强调了物理测试,但也有一些人们也会做的非常基本的电气测试。这些都包含在标准中。
And then in terms of other tools and things, we have commercially available solutions. So besides the inspection by labs, there’s a couple of companies that have come up with a kind of a, like, an all-in-one kind of system to detect counterfeits. Battelle is one of them. Battelle has this technology called Barricade. It’s this small like electrical system with a socket, and you basically plug your chip into the socket. It can take chips of varying sizes. And the system basically exercises it, gives the chip some kind of stimulus, and according to the chip type, it compares it to a set of measurements from an authentic chip of that type. And based on the measurements, it tries to use machine learning and classification methods to discern if it’s counterfeit or authentic.
然后在其他工具和事物方面,我们有商业可用的解决方案。因此,除了实验室检查之外,还有几家公司提出了一种类似的一体化系统来检测假冒产品。Battelle就是其中之一。 Battelle 拥有一项名为 Barricade 的技术。 这是一个带有插座的小型电气系统,您基本上将芯片插入插座。它可以容纳不同大小的芯片。系统基本上会对其进行练习,给芯片某种刺激,然后根据芯片类型,将其与来自该类型真实芯片的一组测量值进行比较。并根据测量结果,尝试使用机器学习和分类方法来辨别它是假冒的还是正宗的。
Now, the only limitation in this case, compared to the inspection tests, is that you do need a set of authentic measurements from a known good chip. And for those chips that, again, are obsolete or nobody took these measurements to begin with, you wouldn’t have any point of reference to do it.
现在,与检查测试相比,这种情况下的唯一限制是您确实需要来自已知良好芯片的一组真实测量。对于那些再次过时或没有人开始进行这些测量的芯片,你将没有任何参考点来做这件事。
The inspection by test labs, though, is a little different. Because the defects that they detect are very generic, they’re very well known. Things like scratches, burned markings, re-surfacing. Those are very generic things. So those are easy to find.
但是,测试实验室的检查略有不同。因为他们检测到的缺陷非常普遍,所以众所周知。诸如划痕,烧伤标记,重新铺面之类的东西。这些都是非常通用的东西。所以这些很容易找到。
And then the other things that have mostly been developed out of research, out of academia, but haven’t been adopted yet, are twofold. There have been targeted tests that have been developed that are a little bit less generic. And in some cases, they don’t require a set of authentic measurements to work. So that’s one area that myself and others have worked extensively on.
然后其他大部分是在研究、学术界开发但尚未被采用的东西是双重的。已经开发了一些不太通用的有针对性的测试。在某些情况下,它们不需要一组真实的测量值即可工作。所以这是我和其他人广泛研究的一个领域。
So as an example, for the recycled chips, in order to take those types of counterfeits, what you have to do is kind of get a measure of how much the chip has been used or how much it’s been aged. So there are tests that you could run that they typically do during a lot of manufacturing anyway called burn-in tests, where they perform accelerated aging on the part to see how it will withstand aging. How long it will last in say, two or three years. You could run a test like that, and you can compare the before and after.
举个例子,对于回收的芯片,为了采取这些类型的假冒产品,你需要做的是衡量芯片的使用量或老化程度。因此,您可以运行一些测试,这些测试通常在许多制造过程中进行,称为老化测试,它们在部件上执行加速老化,以查看它如何承受老化。能持续多久,比如两三年。你可以运行一个这样的测试,你可以比较之前和之后。
So if the chip doesn’t change a whole lot, it means it’s actually probably previously used, because the aging process itself tends to kind of slow down and saturate over time. That could be an indicator that you’re working with a counterfeit. And again, it doesn’t necessarily require a reference. You’re actually using the chip itself as a reference for itself. So the before burn-in and after burn-in, you’re comparing those two.
因此,如果芯片没有发生太大变化,这意味着它实际上可能是以前使用过的,因为老化过程本身往往会随着时间的推移而减慢和饱和。这可能表明您正在使用假冒产品。同样,它不一定需要参考。您实际上是在使用芯片本身作为自己的参考。因此,老化前和老化后,您是在比较这两者。
And besides these tests, again, there have been tests developed for all kinds of chips. FPGAs, all kinds of memories: SRAM, DRAM flash, system on chip, analog chips, and so on. But the alternative to this — and this is where there has been a lot of research as well — is in developing anti-counterfeit sensors or primitives. So these are things that you have to add to new chips. So you add them to the chips that are being manufactured today and designed today, and they pay off much further down the line. Because a lot of today’s chips become tomorrow’s counterfeits. If a company is willing to invest and add these sensors or primitives to their chip, they could get ahead of the problem later.
除了这些测试之外,还有针对各种芯片的测试。FPGA、各种存储器:SRAM、DRAM闪存、片上系统、模拟芯片等。但替代方案——这也是有大量研究的地方——是开发防伪传感器或原语。所以这些是你必须添加到新芯片中的东西。因此,您将它们添加到今天正在制造和设计的芯片中,它们会在未来获得更多回报。因为今天的很多芯片都变成了明天的赝品。如果一家公司愿意投资并将这些传感器或原语添加到他们的芯片中,他们可以在以后解决问题。
BRIAN SANTO: What kind of premium would adding this type of sensor or circuitry to a chip represent?
BRIAN SANTO:将这种类型的传感器或电路添加到芯片中意味着什么样的溢价?
DOMENIC FORTE: Personally, I think that they’re mostly inexpensive, but it depends. It’s a case-by-case dependence. So for a chip that itself is only worth pennies, like maybe a very simple analog component, this may be this may be very expensive to add to that. But if we’re talking about a processor or an FPGA, I think this is less than a fraction of a penny to probably add some of these sensors. And that’s in terms of silicon area and things like that.
DOMENIC FORTE:就个人而言,我认为它们大多不贵,但这取决于具体个案。 所以对于一个本身只值几美分的芯片,比如一个非常简单的模拟组件,这可能是非常昂贵的。但是,如果我们谈论的是处理器或 FPGA,我认为添加这些传感器可能还不到一分钱。这是在硅面积等方面。
But the silicon area is probably only one part of the cost. The other part of the cost is really in taking measurements of it periodically. So after its manufactured, taking a measurement from the sensor, and then as it’s moving through the supply chain, taking measurements. You may also want to take measurements for a system that’s in the field as well.
但硅面积可能只是成本的一部分。成本的另一部分实际上是定期对其进行测量。因此,在制造完成后,从传感器进行测量,然后在它通过供应链时进行测量。您可能还想对现场系统进行测量。
So there’s additional time and cost and resources to collect that data, store it and maybe provide a service where you can analyze that data and get a response about whether or not this is anomalous or not.
因此,需要额外的时间、成本和资源来收集、存储数据并提供服务,您可以在其中分析数据并获得有关这是否异常的响应。
BRIAN SANTO: Yeah. Interesting. So, the tests and techniques that exist today, there’s going to be at least some cost and some time penalty associated with them. Again, I imagine that it makes a difference case by case. But is there any rule of thumb or sense of exactly… would it be days, weeks, months that this might add?
BRIAN SANTO: 是的。有趣的。因此,今天存在的测试和技术至少会产生一些成本和一些时间损失。同样,我想这会因情况而异。但是有没有任何经验法则或确切的感觉……这可能会增加几天、几周、几个月?
DOMENIC FORTE: Oh, no, no, no, I think it’s a very short amount of time. In fact, like I mentioned with burn-in, those types of tests are done anyway, typically, after manufacturing, so you’d just be asking them to measure the sensor. And again, if it’s designed in a certain way that it’s easily accessible, it shouldn’t take much time.
DOMENIC FORTE:哦,不,不,不,我认为这是很短的时间。事实上,就像我提到的老化一样,这些类型的测试无论如何都会完成,通常是在制造之后,所以你只是要求他们测量传感器。再说一次,如果它以某种易于访问的方式设计,那么它应该不会花费太多时间。
Now, when a chip or a system is moving through the supply chain, in order to test every chip on a PCB, that may require additional infrastructure that I think could be designed and added to boards. And we could build standards and protocols around that.
现在,当芯片或系统在供应链中移动时,为了测试 PCB 上的每个芯片,这可能需要额外的基础设施,我认为这些基础设施可以设计并添加到电路板上。我们可以围绕它建立标准和协议。
So for example, if you were to purchase a printed circuit board, there should be a chip on there that kind of gets the information from all those chips on the board, securely sends it to a database or cloud for you, and then there’s a service — again, in the cloud — that’s verifying this information and telling you that this board and all of its chips are okay. That doesn’t exist today. But there’s no reason to believe that it couldn’t.
例如,如果你要购买一块印刷电路板,上面应该有一个芯片,可以从板上的所有芯片中获取信息,为你安全地将其发送到数据库或云中,然后有一个服务 - 再次,在云中 - 验证此信息并告诉您该板及其所有芯片都可以。这在今天不存在。但没有理由相信它不能。
And again, it would require an investment, but I don’t think it’s that significant compared to the cost of counterfeits. Which, by the way, we haven’t really mentioned, but it’s estimated to be in the range of 7.5 billion each year. This is according to a semiconductor industry association.
再说一次,这需要投资,但与假冒产品的成本相比,我认为这并不重要。顺便说一句,我们还没有真正提到,但估计每年在 75 亿左右。这是根据半导体行业协会的说法。
BRIAN SANTO: Wow! That’s sobering. Interesting! New techniques that are in development. Are there other techniques that might be being created now or could be created soon that would help counteract the counterfeiting problem?
BRIAN SANTO: 哇! 这是发人深省的。有趣的!正在开发的新技术。是否有其他可能正在创造或可能很快创造出来的技术来帮助抵制假冒问题?
DOMENIC FORTE: Yeah, yeah. So there’s been some research by a couple of groups, also funded by a few agencies, towards building that cloud environment, like especially with blockchain. So blockchain will give you this capability where it could be decentralized. So all types of companies can contribute to it. And it’s a record that is untamperable that it creates. So that’s a technology that people are investing in.
DOMENIC FORTE: 是的,是的。因此,几个小组(也由一些机构资助)进行了一些研究,以构建云环境,尤其是区块链。所以区块链会给你这种去中心化的能力。所以所有类型的公司都可以为它做出贡献。它创造了一个不可篡改的记录。所以这是人们正在投资的一项技术。
There’s a technology that I developed in my group. The patent was published recently, although I don’t think it’s approved yet. And it’s based on using the low-dropout regulator, which is in a lot of chips, even some analog chips. It’s called an LDL. And again, it’s responsible for power regulation. We found that we could use it to detect recycled chips, because it actually degrades when the chip is being used. And it’s unavoidable to not age this part, because if the chip is being powered and it’s being used, it’s using a power regulator. So we’ve developed a set of tests that can use that.
我在小组中开发了一项技术。该专利是最近公布的,虽然我认为它还没有被批准。它基于使用低压差稳压器,这种稳压器存在于很多芯片中,甚至是一些模拟芯片中。它被称为LDL。再次,它负责功率调节。我们发现我们可以用它来检测回收的芯片,因为在使用芯片时它实际上会退化。并且这部分不能老化是不可避免的,因为如果芯片正在供电并且正在使用,它正在使用电源调节器。 所以我们开发了一套可以使用它的测试。
And again, it’s almost like a universal technique, because this component is available in a lot of chips. And we’re also right now creating a version where you could modify an existing LDL in your design and add it to new designs to make this technology even better, even more accurate.
再说一次,它几乎就像一种通用技术,因为这个组件在很多芯片中都可用。我们现在也在创建一个版本,您可以在其中修改设计中现有的 LDL 并将其添加到新设计中,以使这项技术变得更好、更准确。
BRIAN SANTO: Nice! Okay, cool! I have asked about every question I can think of to ask about this phenomenon. What haven’t I asked about that’s interesting or of note?
BRIAN SANTO: 太好了!我已经询问了我能想到的所有关于这种现象的问题。 我没有问什么有趣或值得注意的事情?
DOMENIC FORTE: There’s one other thing I wanted to mention. It’s what I alluded to when we first started, and it’s that the US government did some things to try to crack down things in 2012, especially with the National Defense Authorization Act, but that was pushed on the equipment manufacturers. But I think that the chip manufacturers need to do their part, too. Which means they should try to adopt a lot of these sensors and techniques. And there could be a variety of reasons to hopefully help motivate them to do that.
DOMENIC FORTE:我还想提一件事。这是我刚开始时提到的,是美国政府在2012年做了一些事情试图打击事情,特别是通过国防授权法案,但这是强加给设备制造商的。但我认为芯片制造商也需要尽自己的一份力量。这意味着他们应该尝试大量采用这些传感器和技术。可能有多种原因可以帮助激励他们这样做。
One of which is that some of these technologies are not only useful for anti-counterfeit, but they could have all their other purposes as well. So for example, those aging sensors, or odometers, that I mentioned, they can be used to detect recycled chips, but they could also be used for preventive maintenance. So if you’re monitoring a system over time, and you realize that this chip has been used quite a bit, you may know that it’s going to be in need of replacement very soon. And rather than the whole system coming down because of this one chip, you could avoid the downtime.
其中之一是其中一些技术不仅可用于防伪,而且还可以用于其他所有目的。例如,我提到的那些老化的传感器或里程表,它们可以用来检测回收的芯片,但它们也可以用于预防性维护。因此,如果您随着时间的推移监控系统,并且意识到该芯片已经使用了很多次,您可能知道它很快就会需要更换。而不是整个系统因为这个芯片而崩溃,您可以避免停机时间。
And so the company gets a benefit for that. And the company that’s using the chip gets a benefit, and the manufacturer will look better as well, if they actually offer this feature. So that’s one example.
因此,公司因此而受益。使用该芯片的公司会从中受益,如果制造商真的提供此功能,他们也会看起来更好。这是一个例子。
And then the other example, as a motivator for the chip manufacturers, is that we’re all consumers of electronics, even them. So they’re purchasing monitors and PCs and all kinds of electronics themselves. Even though they’re claiming that you should go to authorized distributors, they may be purchasing things that they don’t know where it’s from, or they may be getting things from places they don’t know. And it affects their own business, and it affects them personally because, as we discussed, this could affect their own families, if this is placed in a car or a plane that, you know, their family’s on, their own safety is at risk.
然后另一个例子,作为芯片制造商的动力,我们都是电子产品的消费者,甚至是他们。所以他们自己购买显示器、个人电脑和各种电子产品。即使他们声称您应该去找授权经销商,但他们可能会购买他们不知道来自哪里的东西,或者他们可能会从他们不知道的地方获取东西。它影响到他们自己的生意,也影响到他们个人,因为正如我们所讨论的,这可能会影响到他们自己的家人,如果把它放在汽车或飞机上,你知道,他们的家人在上面,他们自己的安全就会受到威胁 .
So really for the good of the ecosystem, I hope that the chip manufacturers will take it a little bit more seriously as well. I would suspect that it would be difficult to, again, for the government to enforce having these sensors in things. But there are examples where it has been done.
所以真的为了生态系统的利益,我希望芯片制造商也能更加认真地对待它。我怀疑政府很难再次强制在事物中安装这些传感器。但是有一些例子已经完成了。
Our vehicles have to contain odometers by law. And there’s even some countries that have odometer databases. So when you sell a car, the odometer value goes into that database to make sure that nobody’s turning it backwards. So if we do this for cars, I can’t see why we can’t do it for electronics. And electronics are being used more and more in the last few decades. They’re ubiquitous today. And some of them are in our homes and our IoT devices, all these kinds of things. It seems like the next natural step to me to take this more seriously.
根据法律,我们的车辆必须包含里程表。甚至有些国家拥有里程表数据库。 因此,当您出售汽车时,里程表值会进入该数据库,以确保没有人将其倒转。所以如果我们为汽车做这件事,我不明白为什么我们不能为电子产品做这件事。 在过去的几十年里,电子产品的使用越来越多。它们今天无处不在。其中一些在我们的家中和我们的物联网设备中,所有这些东西。对我来说,更认真地对待这似乎是下一个自然步骤。
BRIAN SANTO: I’m sorry for laughing, to laugh for crying. After losing $5 billion per year, and probably being aware of horror stories after 20, 30, 40 years of counterfeiting. It’s probably 40 years too late. But it would be nice to start, wouldn’t it?
BRIAN SANTO:我为笑而抱歉。在每年损失 50 亿美元之后,并且可能在 20、30、40 年的假冒之后意识到恐怖故事。可能为时已晚 40 年。 但是开始会很好,不是吗?
DOMENIC FORTE: Yeah, yeah. People always talk about how it takes time for policy to catch up to the technology. And I think that’s understandable. But in this case, again, the problem has been around for maybe 30 or 40 years. It’s really time for the policy to catch up!
DOMENIC FORTE: 是的,是的。人们总是谈论政策如何赶上技术需要时间。我认为这是可以理解的。但在这种情况下,同样,问题已经存在了 30 或 40 年。政策真的到了该跟上的时候了!
BRIAN SANTO: Yeah. Domenic Forte, thank you so much for being on the show.
BRIAN SANTO:是的。Domenic Forte,非常感谢你参加这个节目。
DOMENIC FORTE: Thanks again for inviting me. This is a topic near and dear to me.
DOMENIC FORTE: 再次感谢您邀请我。这是一个对我来说很熟悉的话题。
BRIAN SANTO: That was Domenic Forte from the University of Florida.
BRIAN SANTO:以上是佛罗里达大学的 Domenic Forte。
Our next guest is Barbara Jorgensen from our sister publication, EPS News. Barb is one of the most knowledgeable reporters in the industry when it comes to matters of electronics distribution and procurement, and in fact, I prepped for my discussion with Domenic Forte by reading some of her coverage.
我们的下一位嘉宾是来自我们姊妹刊物 EPS News 的 Barbara Jorgensen。 在电子产品分销和采购方面,Barb 是业内知识最渊博的记者之一,事实上,我通过阅读她的一些报道为与 Domenic Forte 的讨论做好了准备。
I asked Barb to describe how the market tries to minimize the problem. Part of my question was about blockchain techniques and the extent to which they’re being used in addressing the issue.
我请Barb描述市场如何试图将问题最小化。我的部分问题是关于区块链技术以及它们在多大程度上被用于解决这个问题。
BARBARA JORGENSEN: There are a number of ways that you can lower the risk of procuring bad chips in the first place. And the authorized distribution channel has been fighting this for as long as there have been counterfeit parts. They differentiate themselves from the open market, or something that’s called the gray market, where chips that are not used can be resold sometimes pennies on the dollar. But if they’re in high demand, they can be sold at a premium. And this includes a lot of the end-of-life chips and the older chips that you and the professor were talking about. They’re hard to get, they’re hard to find. And if you find them, you’re willing to pay top dollar for them.
BARBARA JORGENSEN:首先,您可以通过多种方式降低购买劣质芯片的风险。只要有假冒零件,授权的分销渠道就一直在与此作斗争。他们将自己与公开市场或称为灰色市场的东西区分开来,在这些市场中,未使用的芯片有时可以以美元的价格转售。但如果它们的需求量很大,它们可以高价出售。这包括你和教授谈论的许多报废芯片和旧芯片。他们很难得到,很难找到。如果你找到它们,你愿意为它们支付高价。
But the point is that authorized distribution buys factory direct. Brand owners such as Intel, AMD, Murata, really any component vendor, basically audits their distributors to make sure that they are handling their products correctly, they’re storing their products correctly, and that they have access to all of the information that the vendor can supply them in terms of who made the chip, where it was made. And they can kind of drill down to some really granular information such as the lot number, what factory it came from, who the packaging partner was, who the assembly partner was.
但关键是授权分销是直接购买工厂。英特尔、AMD、村田等品牌所有者,实际上是任何组件供应商,基本上都会审核他们的分销商,以确保他们正确处理他们的产品,他们正确存储他们的产品,并且他们可以访问所有信息供应商可以根据谁制造芯片、在哪里制造来向他们提供这些信息。他们可以深入了解一些非常精细的信息,例如批号、来自哪个工厂、包装合作伙伴是谁、组装合作伙伴是谁。
Authorization is kind of the gold standard for the procurement side. This is kind of how I back into blockchain. Blockchain basically lets everybody in the chain know that this particular player has undergone a lot of these same things. If you’re Intel, and you’ve got three or four different partners before you actually sell that packaged chip, those partners will be part of the blockchain. So if you’re a user and you want to trace the stuff back, a blockchain will automatically give you the information that this person has been vetted, or this company has been vetted, that this is part of the supply chain. And you don’t have to really trace or research every single partner that the chip passes through.
授权是采购方面的黄金标准。这就是我回到区块链的一种方式。区块链基本上让链中的每个人都知道这个特定的参与者经历了很多同样的事情。如果您是英特尔,并且在您实际销售该封装芯片之前已经拥有三四个不同的合作伙伴,那么这些合作伙伴将成为区块链的一部分。因此,如果您是用户并且想要追溯这些东西,区块链将自动为您提供此人已经过审查或这家公司已经过审查的信息,这是供应链的一部分。而且您不必真正追踪或研究芯片通过的每个合作伙伴。
You can start with the materials supplier. So there’s a lot of steps, and all of these steps do increase the risk of something going wrong or something being interjected into the chip. I don’t know how much downloading of malware goes on. I think the supply chain has that pretty well tightened up. But I think my original point was that the traceability is really important. And an authorized distributor will have all of that information directly from the chip factory. And that will be retained, whether it’s electronically, or in some cases, paperwork. But all of that information will follow the chip to the end user.
您可以从材料供应商开始。所以有很多步骤,所有这些步骤确实增加了出错或插入芯片的风险。我不知道下载了多少恶意软件。我认为供应链已经收紧了。 但我认为我最初的观点是可追溯性非常重要。授权经销商将直接从芯片工厂获得所有这些信息。这将被保留,无论是电子方式,还是在某些情况下,文书工作。但所有这些信息都将跟随芯片传递给最终用户。
So really, although distributors do buy and sell among themselves, an authorized distributor will buy from the factory, it will buy from other authorized distributors, or it may obtain product that it sold, that the distributor sold to an end user that the end user no longer wants. And again, that traceability is going to be there, and it’s going to be demonstrated. That really lowers the risk of procuring a bad chip in the first place.
确实,尽管经销商之间确实进行买卖,但授权经销商将从工厂购买,从其他授权经销商处购买,或者它可能会获得其销售的产品,即经销商出售给最终用户的最终用户不再想要。再一次,这种可追溯性将在那里,并将被证明。这确实降低了首先获得不良芯片的风险。
BRIAN SANTO: It’s clear that there are situations where there’s a demand for chips and the supply isn’t there. What recourse do people have other than to go to the gray market?
BRIAN SANTO:很明显,有些情况下对芯片有需求而供应却没有。除了去灰色市场,人们还有什么办法?
BARBARA JORGENSEN: There are distributors that aren’t authorized, that do buy and sell product, and many of them have the same standards as the authorized distributors. They will only buy product that’s in unopened boxes, and that the traceability data is intact and retrievable. Or in the case of paperwork. Many of them will actually perform lot tests on chips. If you invest in a thousand chips and notice that they’re in short supply, first of all, you’re going to charge a lot more than you usually do for them. But secondly, it definitely behooves you to make sure that you’re selling what you advertise.
BARBARA JORGENSEN:有些经销商是未经授权的,他们买卖产品,其中许多与授权经销商的标准相同。他们只会购买未开封且可追溯性数据完整且可检索的产品。或者在文书工作的情况下。他们中的许多人实际上会对芯片进行批量测试。如果您投资一千个芯片并注意到它们供不应求,首先,您将收取比平时多得多的费用。但其次,你绝对有必要确保你正在销售你所宣传的东西。
The other kind of player is kind of the Wild, Wild West of the chip market. These are basically opportunists. And yes, they will take damaged product; they will reclaim product from scrapped printed circuit boards; they will re-mark products that are in circulation, but they don’t perform to the standards of the chip that you’re looking for. And they will advertise, We have these things. They basically won’t give you a lot of information, and they won’t give you what you’re looking for. It’s basically just a straight-out purchase. And if you’re not as involved in the supply chain as I am, or really a lot of industries are, you might be tempted to buy from them without really knowing the traceability and how important that is. And that’s another way to make sure that you’re getting what they’re what they’re selling.
另一种玩家是芯片市场的狂野西部。这些基本上都是机会主义者。是的,他们会拿走损坏的产品;他们将从报废的印刷电路板上回收产品;他们会重新标记流通中的产品,但它们的性能不符合您正在寻找的芯片标准。他们会做广告,我们有货。他们基本上不会给你很多信息,也不会给你你想要的东西。这基本上只是直接购买。如果你不像我那样参与供应链,或者很多行业都参与其中,你可能会在不知道可追溯性及其重要性的情况下从他们那里购买。这是另一种确保你得到他们所卖的东西的方法。
So going to the gray market is tempting. There are players with very high standards. And basically have built a reputation on that. But there are the opportunists that will set up a shop, a storefront, and then disappear once they’ve been paid. Or they will send you substandard product.
所以去灰色市场很诱人。有非常高标准的厂商。基本上已经建立了声誉。但是有些机会主义者会开一家商店,一个店面,然后一旦他们得到报酬就消失了。 否则他们会寄给你不合格的产品。
One of the anecdotes I remember from a long time covering this is one such counterfeiter spelled Malaysia wrong on the box. That’s how they identify counterfeit chips. It can be really just stupid chip tricks, as I call them, but it can be that basic. They be that obvious, but you kind of need to know to ask for the traceability, for the information. And I’m not sure that that’s top of mind with everybody who’s looking for a chip who has a production line at a standstill, and sees the availability of the chip. And it’s very, very tempting.
我记得很长一段时间以来的轶事之一是一个这样的造假者在盒子上拼错了马来西亚。这就是他们识别假冒芯片的方式。正如我所说的那样,它实际上可能只是愚蠢的芯片技巧,但它可以是基本的。它们是如此明显,但您需要知道以要求可追溯性和信息。而且我不确定这是否是每个正在寻找生产线处于停顿状态的人,看到有芯片可用时首要考虑因素。这非常非常诱人。
BRIAN SANTO: The Semiconductor Industry Association had some recommendations for how to combat counterfeiting in its white paper, which we link to on this podcast episode’s web page. Our guest, Dominic Forte had some recommendations, too. I asked Barb what she thought the industry could do. And she agreed with Forte on one thing:
BRIAN SANTO:半导体行业协会在其白皮书中就如何打击假冒提出了一些建议,我们在本播客集的网页上链接到这些建议。我们的客人 Dominic Forte 也提出了一些建议。我问Barb她认为这个行业可以做什么。她同意 Forte 的一件事:
BARBARA JORGENSEN: Chip makers, and frankly all component manufacturers, can do more. Clearly they are focused on their own product. So the brand owners such as Intel and AMD, the passive and connector guys, they will be able to identify their product one way or another. The problem with that is, if you’re a distributor, let’s say, and you carry literally hundreds of products, you have to really trace every single product that you sell. The hope and desire would be some sort of standard by which the electronics industry can normalize, through the identification and checking system. Because you have to remember: With a lot of these, it’s not just the identification that you get. You need something to read it. So it might be software, it might be equipment, Imagine doing that hundreds and hundreds and hundreds of times. So it does add up.
BARBARA JORGENSEN:芯片制造商,坦率地说,所有组件制造商都可以做得更多。显然,他们专注于自己的产品。因此,英特尔和 AMD 等品牌所有者、无源和连接器厂商,他们将能够以一种或另一种方式识别他们的产品。这样做的问题是,假设您是分销商,并且您携带数百种产品,您必须真正追踪您销售的每一件产品。希望和愿望将成为电子行业可以通过识别和检查系统标准化的某种标准。因为你必须记住:有很多这样的,你得到的不仅仅是身份证明。你需要一些东西来阅读它。所以它可能是软件,也可能是设备,想象一下这样做成百上千次。所以它确实加起来了。
Understandably, the brand owners are most concerned with tracing their own chips, for a lot of reasons, including liability. There is less effort put toward just some kind of standard process by which you have your quality assurance. And blockchain may be one way to achieve that. So you kind of get your stamp of approval prior to purchasing the product. But for now, you really have to trust who you buy from, especially if you’re buying from a distributor.
可以理解的是,品牌所有者最关心追踪自己的芯片,原因有很多,包括责任。 只需通过某种标准流程来保证质量,就不需要付出多少努力。区块链可能是实现这一目标的一种方式。因此,您可以在购买产品之前获得您的批准印章。但就目前而言,你真的必须相信你从谁那里购买,特别是如果你是从经销商那里购买的。
BRIAN SANTO: The counterfeiting problem has been dragging on for decades. Domenic Forte quoted an SIA estimate that the counterfeiting problem is costing the industry $7.5 billion dollars a year. The semiconductor industry now seems to be far more focused on supply side issues, however: adding capacity and figuring out where to add that capacity. And that’s understandable. But again, fraud and waste isn’t the point.
BRIAN SANTO:假冒问题已经拖了几十年。Domenic Forte 引用了 SIA 的估计,假冒问题每年给该行业造成 75 亿美元的损失。然而,半导体行业现在似乎更关注供应方面的问题:增加产能并弄清楚在哪里增加产能。这是可以理解的。但同样,欺诈和浪费并不是重点。
We keep risking the possibility that some counterfeit chips will end up causing accidents or even fatalities. Wouldn’t it be better to address the problem now before tragedy occurs?
我们一直在冒一些假冒芯片最终导致事故甚至死亡的风险。在悲剧发生之前解决问题不是更好吗?
We would like to thank our guests today, Domenic Forte from the University of Florida and Barbara Jorgensen, editor of EPS News.
我们今天要感谢我们的客人,来自佛罗里达大学的 Domenic Forte 和 EPS News 的编辑 Barbara Jorgensen。
That wraps up this episode of the weekly briefing. Thank you for listening.
这一集到此结束。 谢谢你的聆听。
责编:Elaine