Dormant Curse: TSVs Give Entry to Trojan Chips
When John Ellis discovered a security flaw and got a less-than-prompt response to his warnings, he decided to write a novel about it. The result is Ellis’s first thriller, Dormant Curse, with a great plot based on the unlikely subject of 3D TSV packaging.
Ellis, a mechanical engineer by training, spent a dozen years at Sandia National Laboratory working on national security programs, and another decade as a SEMI staffer managing standards programs. Several years ago he realized that the 3D stacks of chips connected by through silicon vias (TSVs) represented a security risk. Packaging houses, many of which are based in China, could surreptitiously add a Trojan chip that could wreak havoc in cellphones, tablets, or military systems.
That scenario is plausible enough in the real world. In the hands of a creative story teller, it serves as the platform for a page-turning cyberterrorism novel that starts with a secretive Chinese “Zhongua Nine” cult leader, who is seeking revenge against Japan for the murder of his family during World War II. The cult’s plot brings in Chinese president Li Zhuang as a co-conspirator out to grab oil resources, drags Iran along as the not-very-bright victim, and forces the U.S. president to make some on-the-spot military decisions.
Any good system requires a mix of hardware and software, and Dormant Curse is no exception. The hardware component is the 3D stack of ICs used by smartphones and tablets, with a Trojan chip slipped in at a Chinese assembly and test facility. The software component is equally imaginative: secret Unicode signals transmitted to the Trojan chips in ways that readers may find equally believable. It is a brilliant combination, worthy of the smart phone/social networking generation.
And in this era of real-world China-based hackers allegedly attacking U.S. government and corporate Web sites, China’s involvement in a cyber terrorism plot takes on more plausibility than it might have five years ago.
The story enfolds with two National Transportation Safety Board (NTSB) agents unraveling the cause of a multi-pronged attack on commercial airplanes downed by the terrorists. They ferret out the bad guys gradually: “We noticed a lot of fried smartphones and iPads onboard, too. I’m not talking just heated and melted, either; these devices were on fire and started fires.” “That’s consistent with an EMP, but that oxygen bottle is not…and neither is the fact that the plane’s electronics were intact enough to land,” Greg said, thinking out loud. “An EMP would have taken them out as well.”
There are plenty of twists, ranging from Iran playing the role of China’s fall guy to the U.S. president giving up the fight in a whimpish hour of helplessness.
Here’s the Iranian “Great Leader” as he challenges our fictional president: “Likely you have surmised from your spies and satellites that an incursion of protective forces into Iraq is imminent. We insist you do not interfere in our religious or political affairs. Likewise, we insist that you do not interfere in China’s current activities in the East China Sea. Failure to stand down your troops in either location will result in another attack, similar to the one you experienced in Atlanta this very morning…”
Along with several hours of beach-reading entertainment, Dormant Curse provided some moments for high-tech thought. I kept thinking, “Just how far-fetched is this story, anyway?”
I sent an e-mail to Ellis, who responded by sending links to real-world episodes of compromised chips in military systems which have been mysteriously altered to allow “back door” entry by enemies.
And Ellis wrote that the U.S. intelligence community’s version of DARPA (iARPA) has a program underway to make our chips more secure, though it does not address the issue of 3D chips just yet. In fact, Ellis’ frustration at the slow pace of government action provided him with motivation to write Dormant Curse.
A great plot supporting a fast-paced action story seems destined to make it to Hollywood and the silver screen someday. I’ll wager Hollywood gets there before our Department of Homeland Security program does.
Whatever you think of the chances that TSV-connected chips could provide major security risks, Dormant Curse stands on familiar ground: “How do the good guys stop the bad guys before our world comes crashing down on us?” Where is Agent 007 when we need him?