Special Session: Physical Attacks through the Chip Backside: Threats, Challenges, and Opportunities

This paper reviews the evolution of a powerful class of physical attacks against integrated circuits (ICs), developed initially for performing failure analysis (FA) from the IC backside. Over the last two decades, several publications have demonstrated the effectiveness of these techniques in bypassing the IC protection schemes and extracting the stored assets inside secure ICs. In this work, we take a fresh look at such hardware attacks from three different perspectives. First, we will discuss the potential threat of the attacks against modern technologies and demystify a set of wrong beliefs about the attacks’ complexity. Second, we review some technical challenges of such attacks from a law enforcement agency’s perspective for unraveling crimes and preventing further crimes by criminals involved. Finally, we give an insight into the future development of FA tools and the opportunities for designing effective countermeasures against attacks through the chip backside.

[1]  Jean-Pierre Seifert,et al.  Automatic Extraction of Secrets from the Transistor Jungle using Laser-Assisted Side-Channel Attacks , 2021, USENIX Security Symposium.

[2]  Fatemeh Ganji,et al.  Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model , 2020, 2021 IEEE Symposium on Security and Privacy (SP).

[3]  Aurelien Vasselle,et al.  Laser-Induced Fault Injection on Smartphone Bypassing the Secure Boot-Extended Version , 2020, IEEE Transactions on Computers.

[4]  Heiko Lohrke,et al.  Evaluation of Low-Cost Thermal Laser Stimulation for Data Extraction and Key Readout , 2019, Journal of Hardware and Systems Security.

[5]  Victor Montilla,et al.  LLFI: Lateral Laser Fault Injection Attack , 2019, 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[6]  J. Huening,et al.  Electron Beam Probing of Active Advanced FinFET Circuit with Fin Level Resolution , 2018, ISTFA 2018: Conference Proceedings from the 44th International Symposium for Testing and Failure Analysis.

[7]  Francisco Serra-Graells,et al.  Large-Area Automated Layout Extraction Methodology for Full-IC Reverse Engineering , 2018, Journal of Hardware and Systems Security.

[8]  Tuba Kiyan Comparative Assessment of Optical Techniques for Semi-Invasive SRAM Data Read-out on an MSP430 Microcontroller , 2018 .

[9]  Haoting Shen,et al.  Nanopyramid: An Optical Scrambler Against Backside Probing Attacks , 2018, ISTFA 2018: Conference Proceedings from the 44th International Symposium for Testing and Failure Analysis.

[10]  Christian Boit,et al.  Assessment of a Chip Backside Protection , 2018, J. Hardw. Syst. Secur..

[11]  Giorgio Di Natale,et al.  Laser Fault Injection at the CMOS 28 nm Technology Node: an Analysis of the Fault Model , 2018, 2018 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[12]  Christian Boit,et al.  IC security and quality improvement by protection of chip backside against hardware attacks , 2018, Microelectron. Reliab..

[13]  Jean-Pierre Seifert,et al.  Key Extraction using Thermal Laser Stimulation: A Case Study on Xilinx Ultrascale FPGAs , 2018, IACR Cryptol. ePrint Arch..

[14]  Jean-Pierre Seifert,et al.  On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs , 2017, CCS.

[15]  Jean-Pierre Seifert,et al.  PUFMon: Security monitoring of FPGAs using physically unclonable functions , 2017, 2017 IEEE 23rd International Symposium on On-Line Testing and Robust System Design (IOLTS).

[16]  Philipp Scholz Contactless Fault Isolation for FinFET Technologies with Visible Light and GaP SIL , 2016 .

[17]  Jean-Pierre Seifert,et al.  No Place to Hide: Contactless Probing of Secret Data on FPGAs , 2016, CHES.

[18]  C. Boit,et al.  From IC debug to hardware security risk: The power of backside access and optical interaction , 2016, 2016 IEEE 23rd International Symposium on the Physical and Failure Analysis of Integrated Circuits (IPFA).

[19]  H. H. Yap,et al.  Improvement of top-down delayering techniques on advanced technology nodes , 2016, 2016 IEEE 23rd International Symposium on the Physical and Failure Analysis of Integrated Circuits (IPFA).

[20]  Martin von Haartman,et al.  Optical Fault Isolation and Nanoprobing Techniques for the 10nm Technology Node and Beyond , 2015 .

[21]  Jean-Pierre Seifert,et al.  Laser Fault Attack on Physically Unclonable Functions , 2015, 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[22]  Robert Chivas,et al.  Visible Light LVP on Bulk Silicon Devices , 2015 .

[23]  Heiko Lohrke,et al.  Contactless visible light probing for nanoscale ICs through 10 μm bulk silicon , 2015 .

[24]  Ali Keshavarzi,et al.  Directions in future of SRAM with QDR-WideIO for high performance networking applications and beyond , 2014, Proceedings of the IEEE 2014 Custom Integrated Circuits Conference.

[25]  Jean-Pierre Seifert,et al.  Physical Characterization of Arbiter PUFs , 2014, IACR Cryptol. ePrint Arch..

[26]  Dinesh Maheshwari 6.1 memory and system architecture for 400Gb/s networking and beyond , 2014, 2014 IEEE International Solid-State Circuits Conference Digest of Technical Papers (ISSCC).

[27]  Jean-Pierre Seifert,et al.  Breaking and entering through the silicon , 2013, CCS.

[28]  Jean-Pierre Seifert,et al.  Invasive PUF Analysis , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[29]  Jean-Pierre Seifert,et al.  Simple photonic emission analysis of AES , 2013, Journal of Cryptographic Engineering.

[30]  Jean-Pierre Seifert,et al.  Functional integrated circuit analysis , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[31]  Craig B. Arnold,et al.  Fundamentals of Laser-Material Interaction and Application to Multiscale Surface Modification , 2010 .

[32]  Martin A. Green,et al.  Self-consistent optical parameters of intrinsic silicon at 300 K including temperature coefficients , 2008 .

[33]  C. Boit,et al.  Quantitative Investigation of Laser Beam Modulation in Electrically Active Devices as Used in Laser Voltage Probing , 2007, IEEE Transactions on Device and Materials Reliability.

[34]  C. Boit,et al.  Systematic Characterization of Integrated Circuit Standard Components as Stimulated by Scanning Laser Beam , 2007, IEEE Transactions on Device and Materials Reliability.

[35]  C. Boit,et al.  Functional IC analysis through chip backside with nano scale resolution - E-beam probing in FIB trenches to STI level , 2007, 2007 14th International Symposium on the Physical and Failure Analysis of Integrated Circuits.

[36]  R.C. Baumann,et al.  Radiation-induced soft errors in advanced semiconductor technologies , 2005, IEEE Transactions on Device and Materials Reliability.

[37]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[38]  Horst Zimmermann Basics of Optical Emission and Absorption , 2000 .

[39]  D. Knebel,et al.  Non-Invasive Backside Failure Analysis of Integrated Circuits by Time-Dependent Light Emission: Picosecond Imaging Circuit Analysis , 1998 .

[40]  Mario Paniccia,et al.  Novel optical probing technique for flip chip packaged microprocessors , 1998, Proceedings International Test Conference 1998 (IEEE Cat. No.98CH36270).

[41]  L. Hahn,et al.  The application of advanced techniques for complex focused-ion-beam device modification , 1996, Proceedings of the 7th European Symposium on Reliability of Electron Devices, Failure Physics and Analysis.

[42]  Christian Boit,et al.  Quantitative emission microscopy , 1992 .

[43]  R. Soref,et al.  Electrooptical effects in silicon , 1987 .

[44]  K. Heinrich,et al.  Quantitative electron probe microanalysis: Fluorescence correction uncertainty , 1968 .