Huang: IRIS (Infra-Red, in situ) Project Updates

For now it looks like overkill, but if the technology is sufficiently cheap and simple ("commodified"), it will be possible to integrate it into supply chains without huge additional costs, increasing trustworthiness all over the place. There might be other applications (defect detection maybe) which we're not even thinking of right now. So there's at least a chance it makes the world better.

On top, even if that does not work out, Andrew gets to have a whole lot of fun, so why not give him a chance and see? People have gotten more funding for much worse proposals, this one is genuinely interesting.

This isn't anything like the kind of sophisticated malicious supply chain attack people are hypothesizing about here. That would be ridiculously expensive and this really wouldn't do much about it. This is more about countering straightforward types of fraud which are pretty universal in the electronics industry.

There's a lot of hands a chip has to go through from fab, dicing, bonding, packaging, reeling, wholesalers and the final seller. Each of these steps is (sub-)contracted out to the lowest bidder. All of them run on very thin margins and have a huge incentive to "cut" their supply with some fakes. This isn't exactly difficult: Someone comes in after hours and loads the wrong file into the laser engraver and runs it for an hour. You grab a handfull of cheap chips from one of your production lines and toss them into a more expensive one. You bribe someone at a factory into giving you cheap chips with the wrong label and mix them into your distribution. You buy some salvaged/desoldered used chips and give them some new markings.

If they're sly, they'll pick some similar chips, or maybe different grades/bins of the same chip. But often times they don't even bother with that and just use completely unrelated or non-functional chips. If they keep the amount of fakes below, say, 1%, all you'll notice is a slight increase in boards failing QC, which you'll probably blame on something else.

This isn't just an issue with buying sketchy stuff off of aliexpress. The percentage there will be higher, but you're almost guaranteed to get some amount of fakes even from the most reputable sellers.

That detailed information would allow those "hobbyist" level hardware hackers to know more about the low-level implementation of those components, learn more about chip design, make cool pictures, have fun, etc . . .

In the hands of a sufficiently motivated and skilled hardware hacker, these scanning techniques *may* allow for independent verification/validation of actual hardware against specs, within certain constraints - limited imaging resolution, limited information about the components, etc. Over time, relatively widespread use of this technique could build up a library of "well known" components, which could then give "hobbyist" level hardware hackers something to compare against the chips they've just received in the mail - a small but not insignificant improvement in supply chain reliability, particularly if it becomes common enough that manufacturing and shipping counterfeit or malicious components becomes noticeably more risky. Though on its own IRIS wouldn't be enough to protect against explicitly malicious components, it would at least raise the bar enough that those malicious components would have to be actively hiding rather than simply relying on obscurity.

And finally, in cases where the design of the chip is open (or where the designer is sufficiently open), it *might* make it possible to use current manufacturers and supply chains to build truly independently verifiable components, which could then be used to build a trust root which was genuinely under the control of the user, rather than any current "trusted platforms" which rely ultimately on trusting a vendor. That would (assuming it works at all, let alone works in a practical end-user verifiable way) require the chips to be designed and shipped with the capacity to self-test such that any "trojan" elements would need to be implemented in a way that would be detectable using IRIS - so that the combination of self-testing against the design and physical inspection via IRIS would independently validate the actual hardware that you're running. Again, assuming it works the way that Huang (and others) are hoping.

But all of that is independent of any particular threat model - it's a toolset that can be *applied to* addressing threat models. The most basic use case (the hobbyist modifying a cheap digital camera and looking at chips illuminated by an IR LED) could be usefully applied to basic supply chain assurance, since it could probably detect counterfeit parts easily and fairly reliably; the most specialised use case might be applicable in the case of a completely untrusted supply chain, one where you could send your design to a fab and get parts back, but couldn't trust anything at all - you'd then need to validate the hardware from the ground up, but that would be /possible/ with this technique available; a wide range of other use cases surely exist in between those extremes.