Event

Do we really know what chips are inside our devices? To a first order, the answer is “no”. We can read the label printed on the chip's package, but most of us have no way to determine if the silicon actually matches what’s on the label.

This lack of transparency has lead to much hand-wringing about the safety of our global supply chains, as chips zig-zag the globe on their way to our doorstep: each stop is an opportunity for bad actors to inject malicious hardware, and those of us without access to million-dollar analytical gear have no way of detecting this.

IRIS (Infra-Red, in situ) is a technique I have been developing that aims to democratize the inspection of silicon. It turns out that for a select but fairly common type of chip - those in chip-scale packages - a simple modification to an off the shelf microscope camera can enable the visualization of micron-scale features within – without requiring any nasty chemicals or desoldering chips. I will also show how the basic everyday technique can be combined with a Jubilee 3D motion platform to create detailed, full-chip images.

This talk will cover the basic theory behind the technique, and frame it in the context of several hypothetical threat scenarios that highlight its strengths and limitations. It is important to understand that IRIS is not a panacea for chip verification, but it is a significant step forward in improving transparency. I will also discuss its potential as a new tool for system designers who are serious about enabling user-level hardware verification.

Finally, time permitting and equipment cooperating, I would like to share the simple pleasure of being able to take a peek inside the chips of some common mobile phone motherboards with a live demo.