1. 10

  2. 7

    A summary of some of what I found during my research. Interestingly, the hardware engineer that taught me a lot about subversion based on his own experience doing and countering it showed up again on Schneier’s blog. I told him to prove his identity with an example of analog subversion. His reply has nice examples of how easy it is to slip something through with no hope of verifying that stuff with any simple or cheap method:


    I mean, it’s estimated there’s only around 2,000 engineers world-wide that understand analog enough for high-end ASIC’s. It’s also a black art among the rest with all kinds of tricks going back decades. So, even the nodes you can review might have tricks built into them a talented attacker can use to extract keys. We’ve been seeing mini-examples of that with side channel work on things like power analysis.

    1. 2

      Wow, this is fascinating stuff and something I don’t see discussed nearly enough. Thanks for sharing your research!

      I am hoping for mini-fabs (if I’m using that term correctly) so that we can decentralize chip design and manufacturing. Everyone should be able to print their CPUs locally. Any hope of that anytime soon?

      1. 2

        Mapper is a company you want to watch here.

        (For values of “everyone” and “locally” in the “couple millions of euro’s” range, IIRC.)

        1. 1

          That would probably be this:


          Thanks for the tip! That looks nice. Especially if they can pull off 10 wafers per hour low cost at 45nm. The technical details are also a good example of why this stuff might be mind-bogglingly hard to verify as I just wrote in the other comment here. So many tech together from MEMS to ASIC’s to X-Rays to make this stuff work.

        2. 2

          It’s ridiculously hard science and tech. The amount of money, labor, and PhD’s that go into each process node or set of advances is mind-boggling. They have patents on most of it. The barrier to entry is high. The simplest setup is tech that directly writes the chip onto the wafers without steppers or anything. eASIC uses eBeam Workstations for that sort of thing. Their prototyping runs… a loss leader so numbers might be off… is $50-60k for around 50 chips. The machines themselves are very expensive. Only so many companies that make machines that can do stuff like this.

          There was a fab in Europe I have in my bookmarks somewhere that operated solely with such machines. Gave rapid, turn-around time. Went out of business I think. Tough market. However, shows that groups (eg Universities or businesses) could partner together to invest in local companies doing that with specific gear. The trick is then that the supplier of thing printing or thing verifying the chips might be subverted or malicious. Tech is so complex it might be too hard to verify that’s not the case.

          So, it’s an open, expensive, and complex problem if you want chips that are efficient. Playing shell games hiding what equipment and fabs are in use for each run was a temporary solution I came up with. Also, doing a high-performance, massive FPGA that we map other stuff on. It gets periodically checked by ChipWorks and other firms.