Feature left bracketright bracket Current Issue

Guardians of the Microchip

WPI researchers use world-class microscopes to detect cybersecurity threats in semiconductors.

An image of one of the two infrared light-based, non-invasive microscopes used to study the security of microchips

At the size of only a few nanometers, a semiconductor chip doesn’t appear threatening. Also called a microchip, this small integrated circuit is the powerhouse behind every technology at our fingertips. From our home computers to national supercomputers, millions of microchips are the gatekeepers of our secrets.

It’s this importance that makes microchips extremely vulnerable to hackers and espionage, says Assistant Professor of Electrical and Computer Engineering Shahin Tajik.

“The problem nowadays with our microelectronic supply chain is that it is globalized,” Tajik says. “Maybe the design is done in California, but the fabrication is done in Taiwan, and the assembly of all these components might be happening in China. There are a lot of opportunities for malicious actors to tamper with the design, fabrication, or assembly of the chips.”

Tajik is one of several faculty at WPI, including Assistant Professor of Electrical and Computer Engineering Fatemeh Ganji, specializing in hardware security threats to microchips. To detect tampering and vulnerability in microchips, researchers must be able to look at the chip in extremely high resolutions. However, traditional methods of achieving this resolution rely on physical probing, which ultimately destroys the chip.

To improve this process, Tajik and Ganji received grants from the National Science Foundation and the Commonwealth of Massachusetts in 2021 and 2022 to purchase two infrared light-based, non-invasive microscopes—AlphaNov and Hamamatsu Phemos-X—to study the security of chips. One microscope now sits tucked away inside the Vernam Lab in Atwater Kent, the other in Unity Hall.

Fatemah Ganji and Shahin Tajik

Fatemeh Ganji and Shahin Tajik

“For me, it’s like seeing through the silicon,” Ganji says, referring to the protective measures embedded at the hardware level of computing devices. “[Studying] the breaking of the security is not just about protection of the design itself, but also about guarding the user’s privacy.”

Hacking a Microchip

AlphaNov and Phemos-X are the first microscopes of their kind in the Northeast and some of only a few across the country at academic institutions. “Typically, these microscopes are used by the semi-conductor industry for detecting defects in chips,” says Bogdan Vernescu, vice president and vice provost for research and innovation, “but our talented cybersecurity researchers are able to use them to gain more insights.

“The strength of the [cybersecurity] group is the way they are organized,” Vernescu says, describing expertise in software cybersecurity, cloud security, and chips security. “[The] group is able to understand cybersecurity in its entirety, not just a little piece. That’s our strength.”

It’s this multilayer experience that Tajik also believes contributed to WPI’s having been awarded the microscopes. “They saw our research, they saw our records, and they saw the possibility for workforce development,” he says.

WPI has been pursuing cybersecurity research since the mid-’90s. And while cutting-edge equipment like these microscopes plays a large role in advancing cybersecurity research, Vernescu says that it’s not possible without first having a capable team of researchers. “The instruments are helping, but it is the expertise that you need,” he says. “It’s a unique set of skills.”

At their heart, Tajik says these microscopes are not much different from the standard microscope you might use in a high school biology class, apart from the fact that these microscopes use light the human eye cannot see. In the electromagnetic spectrum of light, the human eye is able to see only a small section that falls between wavelengths of roughly 380 to 750 nanometers.

This microscope not only enables us to check for tampering or counterfeiting but also helps us to do offensive research, such as launching attacks against the chips in WPI labs to see if they can break the security.

Shahin Tajik


To study chips, AlphaNov and Phemos-X instead deploy cameras and optics in the near infrared spectrum (wavelengths larger than 900 nm) to observe transistors’ activities. To make these precise observations, the microscopes are operated under extremely cold conditions of -94F (-70C).

While both AlphaNov and Phemos-X use infrared lasers to study chips, the objective of studies done by using each laser is slightly different. Tajik, Ganji, and other cybersecurity researchers at WPI, make use of both microscopes, but Ganji explains that AlphaNov is uniquely beneficial in her work. It is used to inject “glitches” in the semiconductors to detect where faults and vulnerabilities exist in the hardware. This works by sending flashes of laser light at the hardware to disrupt the chip’s transistors. By interrupting the chip’s function, these laser fault injections can circumvent security and privacy protocols or even reveal users’ data being processed on the chip.

Ganji says that these types of vulnerabilities can be dangerous not only for computers holding state secrets but for the everyday user as well. By injecting a fault into a user’s phone or wearables for healthcare, a hacker could gain access to the user’s systems or even sensitive information stored on them, revealing, for example, private health records.  “These attacks are becoming more relevant because these devices are everywhere,” she says.

Where Ganji’s work focuses on finding potential vulnerabilities in chips, Tajik’s work instead looks for tampering that may already be present in a chip from further down the supply chain. Phemos-X can observe electrical signals emitted by the chip down to a single transistor to look for signs of hardware Trojans, counterfeit or recycled components being passed off as new, and vulnerability to data leakage.

Tajik says that these attacks can take place throughout the lifecycle of a chip—from its initial design, to its fabrication, and even after it’s reached the end user inside a piece of technology.

“This microscope not only enables us to check for tampering or counterfeiting,” he says, “but also helps us to do offensive research, such as launching attacks against the chips in WPI labs to see if they can break the security. If yes, then there’s a vulnerability [and] we have to think how to fix it.”

Ganji and Tajik using the Phemos-X microscope

Research Strides

In the first few years of working with these microscopes, Ganji says that her team has already made important discoveries that could impact the future of chip safety.

In a paper published this summer in IACR Transactions on Cryptographic Hardware and Embedded Systems, Ganji was a lead researcher investigating how to protect integrated circuits from IP piracy. She and her team analyzed programmable circuits that can provide various functions and play a role in many applications, such as privacy-preserving AI. Part of this work includes determining whether it is possible to protect chips from attacks that read through the silicon and reveal hidden secrets—such as the architecture of AI accelerators.

“Existing theoretical findings suggest making such circuits completely unknown to you as a user so that in the case when a user acts maliciously, it’s not possible to understand how the circuit is running,” Ganji says.

To answer the question of whether circuits like these can truly keep information secure, she used AlphaNov for photon emission analysis. Not only did the team, which included Tajik as a co-author, find that it was not yet possible to create a truly secure chip that didn’t leak information, but they also found that this information could be accessed in a cost-effective way using off-the-shelf algorithms.

“Even if we try our best to secure the chip,” Ganji says, “it’s still possible to extract enough information to do piracy or to implement the IP on other chips and sell it.”

Even if we try our best to secure the chip, it’s still possible to extract enough information to do piracy or to implement the IP on other chips and sell it.

Fatemeh Ganji


In a second paper accepted to be published later this year, Ganji investigated how machine learning in edge devices participating in secure multi-party computation—such as cell phones communicating with the cloud—creates vulnerabilities for hackers to exploit. In secure multiparty computation, two or more devices interact to perform some computation without disclosing any information sent by each device during the process. These types of systems can be very sensitive, she says, because they may communicate information such as a patient’s health data or private financial information.

Using AlphaNov, Ganji and her team conducted a laser fault injection attack on these multiparty computation systems and found their security solutions unable to protect the IP of machine learning modules embedded in edge devices, which can eventually lead to users’ privacy violation.

“It is possible to read out the secret IPs completely,” she says. “The system is not protected at all.”

Tajik says that the microscopes have created an opportunity for collaboration with other institutions around the country, including researchers at the University of Massachusetts Amherst. With the UMass Amherst team, Tajik collaborated on a paper published at the International Test Conference to investigate the security of an emerging semiconductor technology called “chiplets.”

Compared to standard chips, chiplets are like Lego pieces that can be connected in different ways to create complex chip designs in a cheaper, democratized way. Chiplets have captured the attention of the semiconductor industry in recent years, but Tajik says the findings of his new paper may dampen their excitement. Using probing techniques with Phemos-X, Tajik and the team found that it was actually very easy to eavesdrop on information contained in chiplets.

“There are, unfortunately, no solutions now to this problem,” he says. “An adversary can intercept all bits of information that are moving between chiplets.”

Across these different papers, Tajik and Ganji show clearly that there’s a large gap between theoretical chip security and real-world security.

Training the Next Generation

One important way to address this gap in semiconductor safety, says Tajik, is to focus on developing a new cybersecurity workforce capable of tackling these problems. And there’s never been a better time for it.

In 2022, the Biden-Harris administration signed into law the CHIPS and Science Act to support investment into domestic semiconductor research and production. Instead of the globalized and vulnerable supply chain that currently threatens the safety of chips, the CHIPS Act is focusing on bringing more steps of the supply chain to the U.S.

“Because of the CHIPS Act and a lot of activities happening in the U.S. [as a result], there’s a very huge demand for engineers,” Tajik says. “But, unfortunately, we don’t have enough.”

To help prepare WPI students to meet these demands, he says the cybersecurity group is working to teach students how to think about these problems and to expose them to hands-on research with advanced instruments like AlphaNov and Phemos-X. This is happening across both graduate and undergraduate levels, he says, noting undergraduate student Kyle Mitard ’24 recently placed second for WPI’s overall Major Qualifying Project awards and first in the video presentation category for his work “Vulnerability Analysis of Security ICs Against Laser Fault Injection.”

Cybersecurity is described as a game of cat and mouse. The more systems become available, the more advanced adversaries will become.

Fatemeh Ganji


Since then, Tajik says that Mitard has decided to stay at WPI for a PhD studying semiconductor security and is currently collaborating with Draper Laboratories using Phemos-X.

Tajik and Ganji both offer virtual graduate classes on these topics that conclude with an in-person experience with the microscopes. In Ganji’s class, graduate students learn the basics of hardware security trends and the meaning of hardware security adversaries. Because of its subject matter, she says that this course attracts undergraduate students as well.

“I have had many senior undergraduate students come to my graduate class and even do some introductory research into hardware security,” Ganji says.

Tajik offers a more advanced, complementary course that explores the analysis side of hardware security. In both courses, he says that the hands-on experience with AlphaNov and Phemos-X is what really stands out.

“The students get firsthand experience on these machines,” Tajik says. “Hopefully in the future, we can even enable remote access to these instruments for students who are attending the class virtually.”

Having the opportunity to provide students access and training on these cutting-edge instruments is something close to their hearts, Ganji says. Through students’ access to these microscopes, they will be prepared not only for academic research in hardware security but for careers in the semiconductor industry.

And fortunately for them, Ganji and Tajik say there will be work in semiconductor security for a long time to come.

“Cybersecurity is described as a game of cat and mouse,” Ganji says. “The more systems become available, the more advanced adversaries will become. This is a research topic that one can pursue forever.”

Reader Comments

1 Comments

  1. P
    Peter Rontea

    Congratulations to the dedicated researchers at Worcester Polytechnic Institute (WPI), led by Dr. Shahin Tajik and Ms. Fatemeh Ganji, for their groundbreaking work in semiconductor security. Utilizing sophisticated infrared microscope technologies, they are setting new standards in detecting cybersecurity threats within the semiconductor industry. Their innovative approach not only addresses vital vulnerabilities that affect privacy and data integrity but also bridges the gap between theoretical research and practical applications. By doing so, they are paving the way for a new generation of cybersecurity experts, equipping them with the knowledge and skills necessary to tackle complex challenges in both the academic world and industry. WPI’s commitment to excellence and innovation in this field is commendable, and their contributions are invaluable in protecting sensitive information globally.

Post a Comment

Your email address will not be published. Please fill in all required fields marked *

When posting a comment, you are stating that you have viewed and agree to the posting guidelines.

All comments will be reviewed prior to posting and any comments that violate these guidelines will not be posted.

Other Stories

Safe Space

Safe Space

As a human factors system engineer, Celena Dopart '12 hasn’t just studied what’s “out there” in space—she’s helping humans explore space firsthand.

Read Story
Protecting Endangered Cultures Ted Hein

Protecting Endangered Cultures

With discarded laptops from corporate America, Ted Hein ’88 helps preserve indigenous cultures in Latin America, while narrowing the digital divide.

Read Story
Combining a Passion for Robotics with an Entrepreneurial Spirit Antonio Marzoratti and Ivan Zou

Combining a Passion for Robotics with an Entrepreneurial Spirit

Antonio Marzoratti ’27 and Ivan Zou '27 are on a mission to translate their love of robotics into marketable products that will make a difference in people’s lives.

Read Story
Click on this switch to toggle between day and night modes.