The global nature of supply chains is creating trust issues among everyday users. Although our research community has yielded an impressive arsenal of tools for inspecting silicon chips, the research is rarely translated into techniques that can be practically applied to everday problems in the supply chain. Thus, the state of practice in supply chain security (i.e. carefully comparing fonts and logos on chip packages) is far behind the state of art in reverse engineering and failure analysis research.

This talk proposes threat levels for supply chain attacks, and contextualizes them against a backside infrared imaging technique dubbed IRIS (InfraRed, In-situ), which prioritizes accessibility over fidelity.

In this context, we observe that defending against the most advanced adversaries will always demand the most advanced analytical techinques. However, the broader question of trust in supply chains may benefit from translating our research into relatively simple, low-cost techniques that can be deployed at scale to screen for a broad range of simple yet effective hardware attacks.