The RayV Lite is a low-cost, open-source laser fault injection platform that uses inexpensive IR-leaking lasers to perform hardware attacks typically thought feasible only by well-resourced adversaries. It enables transistor-level fault injection and infrared-based visualization through silicon, lowering the barrier to advanced hardware security research. #RayVLite #LaserFaultInjection #IRISImaging
Keypoints
- The RayV Lite platform enables low-cost laser fault injection using off-the-shelf green laser pointers that emit significant infrared radiation capable of penetrating silicon.
- Infrared photons at 1064 nm can reach transistors through the silicon backside, allowing fault injection without expensive and complex top-side decapsulation.
- The platform supports Infrared In-Situ Imaging (IRIS) to visualize transistor activity and confirm glitch locations using IR transparency.
- Low-power lasers can trigger faults by extending exposure time and synchronizing with device clock cycles, achieving similar effects to high-power pulsed lasers.
- RayV Lite targets primarily legacy and mid-tier microcontrollers in DIP and SOIC packages for realistic and accessible testing scenarios.
- Precise timing control is achieved using a programmable FPGA clock to deliver laser pulses aligned with microcontroller instruction cycles.
- This approach democratizes advanced laser fault injection techniques, significantly lowering the cost and technical barrier for physical layer hardware security research.
MITRE Techniques
- [T1609] Data from Local System – Fault injection disrupts memory inputs and control registers causing errors during instruction fetch and memory operations (“bit-flips in control registers, skipped instructions in boot sequences, and changes in memory I/O during clocked operations”).
- [T1485] Data Destruction – Induced faults cause bit flips or skipped instructions that can alter normal processing of device instructions (“faults… induce bit flips, skipped instructions, or change logic states during memory or instruction processing”).
- [T1608] Hardware Additions – Use of external laser fault injection hardware targeting transistor-level activity through IR penetration (“RayV Lite is a low-cost laser fault injection platform built using open-source hardware and inexpensive IR-leaking lasers”).
Indicators of Compromise
- [File Name] laser device and positioning components – green laser pointer, OpenFlexure hardware platform used to build RayV Lite.
- [Package Type] typical target microcontrollers – DIP and SOIC packages used in testing to enable backside IR laser fault injection.