Guardians of the Microchip

At the size of only a few nanometers, a semiconductor chip doesn’t appear threatening. Also called a microchip, this small integrated circuit is the powerhouse behind every technology at our fingertips. From our home computers to national supercomputers, millions of microchips are the gatekeepers of our secrets.

It’s this importance that makes microchips extremely vulnerable to hackers and espionage, says Assistant Professor of Electrical and Computer Engineering Shahin Tajik.

“The problem nowadays with our microelectronic supply chain is that it is globalized,” Tajik says. “Maybe the design is done in California, but the fabrication is done in Taiwan, and the assembly of all these components might be happening in China. There are a lot of opportunities for malicious actors to tamper with the design, fabrication, or assembly of the chips.”

“For me, it’s like seeing through the silicon,” Ganji says, referring to the protective measures embedded at the hardware level of computing devices. “[Studying] the breaking of the security is not just about protection of the design itself, but also about guarding the user’s privacy.”

AlphaNov and Phemos-X are the first microscopes of their kind in the Northeast and some of only a few across the country at academic institutions. “Typically, these microscopes are used by the semi-conductor industry for detecting defects in chips,” says Bogdan Vernescu, vice president and vice provost for research and innovation, “but our talented cybersecurity researchers are able to use them to gain more insights.

“The strength of the [cybersecurity] group is the way they are organized,” Vernescu says, describing expertise in software cybersecurity, cloud security, and chips security. “[The] group is able to understand cybersecurity in its entirety, not just a little piece. That’s our strength.”

It’s this multilayer experience that Tajik also believes contributed to WPI’s having been awarded the microscopes. “They saw our research, they saw our records, and they saw the possibility for workforce development,” he says.

WPI has been pursuing cybersecurity research since the mid-’90s. And while cutting-edge equipment like these microscopes plays a large role in advancing cybersecurity research, Vernescu says that it’s not possible without first having a capable team of researchers. “The instruments are helping, but it is the expertise that you need,” he says. “It’s a unique set of skills.”

At their heart, Tajik says these microscopes are not much different from the standard microscope you might use in a high school biology class, apart from the fact that these microscopes use light the human eye cannot see. In the electromagnetic spectrum of light, the human eye is able to see only a small section that falls between wavelengths of roughly 380 to 750 nanometers.

To study chips, AlphaNov and Phemos-X instead deploy cameras and optics in the near infrared spectrum (wavelengths larger than 900 nm) to observe transistors’ activities. To make these precise observations, the microscopes are operated under extremely cold conditions of -94F (-70C).

While both AlphaNov and Phemos-X use infrared lasers to study chips, the objective of studies done by using each laser is slightly different. Tajik, Ganji, and other cybersecurity researchers at WPI, make use of both microscopes, but Ganji explains that AlphaNov is uniquely beneficial in her work. It is used to inject “glitches” in the semiconductors to detect where faults and vulnerabilities exist in the hardware. This works by sending flashes of laser light at the hardware to disrupt the chip’s transistors. By interrupting the chip’s function, these laser fault injections can circumvent security and privacy protocols or even reveal users’ data being processed on the chip.

Ganji says that these types of vulnerabilities can be dangerous not only for computers holding state secrets but for the everyday user as well. By injecting a fault into a user’s phone or wearables for healthcare, a hacker could gain access to the user’s systems or even sensitive information stored on them, revealing, for example, private health records.  “These attacks are becoming more relevant because these devices are everywhere,” she says.

Where Ganji’s work focuses on finding potential vulnerabilities in chips, Tajik’s work instead looks for tampering that may already be present in a chip from further down the supply chain. Phemos-X can observe electrical signals emitted by the chip down to a single transistor to look for signs of hardware Trojans, counterfeit or recycled components being passed off as new, and vulnerability to data leakage.

Tajik says that these attacks can take place throughout the lifecycle of a chip—from its initial design, to its fabrication, and even after it’s reached the end user inside a piece of technology.

“This microscope not only enables us to check for tampering or counterfeiting,” he says, “but also helps us to do offensive research, such as launching attacks against the chips in WPI labs to see if they can break the security. If yes, then there’s a vulnerability [and] we have to think how to fix it.”

In the first few years of working with these microscopes, Ganji says that her team has already made important discoveries that could impact the future of chip safety.

To answer the question of whether circuits like these can truly keep information secure, she used AlphaNov for photon emission analysis. Not only did the team, which included Tajik as a co-author, find that it was not yet possible to create a truly secure chip that didn’t leak information, but they also found that this information could be accessed in a cost-effective way using off-the-shelf algorithms.

“Even if we try our best to secure the chip,” Ganji says, “it’s still possible to extract enough information to do piracy or to implement the IP on other chips and sell it.”

In a second paper accepted to be published later this year, Ganji investigated how machine learning in edge devices participating in secure multi-party computation—such as cell phones communicating with the cloud—creates vulnerabilities for hackers to exploit. In secure multiparty computation, two or more devices interact to perform some computation without disclosing any information sent by each device during the process. These types of systems can be very sensitive, she says, because they may communicate information such as a patient’s health data or private financial information.

Using AlphaNov, Ganji and her team conducted a laser fault injection attack on these multiparty computation systems and found their security solutions unable to protect the IP of machine learning modules embedded in edge devices, which can eventually lead to users’ privacy violation.

“It is possible to read out the secret IPs completely,” she says. “The system is not protected at all.”

Tajik says that the microscopes have created an opportunity for collaboration with other institutions around the country, including researchers at the University of Massachusetts Amherst. With the UMass Amherst team, Tajik collaborated on a paper published at the International Test Conference to investigate the security of an emerging semiconductor technology called “chiplets.”

Compared to standard chips, chiplets are like Lego pieces that can be connected in different ways to create complex chip designs in a cheaper, democratized way. Chiplets have captured the attention of the semiconductor industry in recent years, but Tajik says the findings of his new paper may dampen their excitement. Using probing techniques with Phemos-X, Tajik and the team found that it was actually very easy to eavesdrop on information contained in chiplets.

“There are, unfortunately, no solutions now to this problem,” he says. “An adversary can intercept all bits of information that are moving between chiplets.”

Across these different papers, Tajik and Ganji show clearly that there’s a large gap between theoretical chip security and real-world security.

One important way to address this gap in semiconductor safety, says Tajik, is to focus on developing a new cybersecurity workforce capable of tackling these problems. And there’s never been a better time for it.

In 2022, the Biden-Harris administration signed into law the CHIPS and Science Act to support investment into domestic semiconductor research and production. Instead of the globalized and vulnerable supply chain that currently threatens the safety of chips, the CHIPS Act is focusing on bringing more steps of the supply chain to the U.S.

“Because of the CHIPS Act and a lot of activities happening in the U.S. [as a result], there’s a very huge demand for engineers,” Tajik says. “But, unfortunately, we don’t have enough.”

To help prepare WPI students to meet these demands, he says the cybersecurity group is working to teach students how to think about these problems and to expose them to hands-on research with advanced instruments like AlphaNov and Phemos-X. This is happening across both graduate and undergraduate levels, he says, noting undergraduate student Kyle Mitard ’24 recently placed second for WPI’s overall Major Qualifying Project awards and first in the video presentation category for his work “Vulnerability Analysis of Security ICs Against Laser Fault Injection.”

Since then, Tajik says that Mitard has decided to stay at WPI for a PhD studying semiconductor security and is currently collaborating with Draper Laboratories using Phemos-X.

Tajik and Ganji both offer virtual graduate classes on these topics that conclude with an in-person experience with the microscopes. In Ganji’s class, graduate students learn the basics of hardware security trends and the meaning of hardware security adversaries. Because of its subject matter, she says that this course attracts undergraduate students as well.

“I have had many senior undergraduate students come to my graduate class and even do some introductory research into hardware security,” Ganji says.

Tajik offers a more advanced, complementary course that explores the analysis side of hardware security. In both courses, he says that the hands-on experience with AlphaNov and Phemos-X is what really stands out.

“The students get firsthand experience on these machines,” Tajik says. “Hopefully in the future, we can even enable remote access to these instruments for students who are attending the class virtually.”

Having the opportunity to provide students access and training on these cutting-edge instruments is something close to their hearts, Ganji says. Through students’ access to these microscopes, they will be prepared not only for academic research in hardware security but for careers in the semiconductor industry.

And fortunately for them, Ganji and Tajik say there will be work in semiconductor security for a long time to come.

“Cybersecurity is described as a game of cat and mouse,” Ganji says. “The more systems become available, the more advanced adversaries will become. This is a research topic that one can pursue forever.”