Backside Security Assessment of Modern SoCs

A System-on-chip (SoC) accommodates differentsecurity-sensitive modules and information, collectively knownas assets. Protecting the assets from a malicious entity is thekey objective of the security architecture of the SoC. On theother hand, optical debugging and diagnosis based physicalinspection methods are widely used for defects and failureslocalization in silicon implementation. Transparency of silicon tonear-infrared (NIR) light is used for optical debugging purposes, e.g., photon emission analysis, laser-voltage probing/imaging, laser stimulation. The mentioned above semi-/non-invasive opticalapproaches allow run-time monitoring of the transistor througha silicon substrate, i.e., chip backside. Besides, to facilitate thefailure analysis, no protection scheme is implemented at theSoC backside. Therefore, an attacker can effortlessly track andextract the chip assets by optically attacking the security-sensitivemodules. Thus, the silicon substrate appears as the new "back-door" for SoC security. Though different countermeasures havebeen proposed, none proved to be impeccable against differentclasses of optical attacks. Therefore, to identify the attack surfacefor optical attacks, we surveyed the security threat imposed byvarious optical attacks. Based on the capability and chip designasset availability, we have also classified the potential adversariesto exploit the semi-invasive optical techniques. Finally, we turnedour focus about the threat of optical attacks in the existingand emerging smaller technology nodes and concluded withsuggestions for future research direction.

[1]  Mark Mohammad Tehranipoor,et al.  Security vulnerability analysis of design-for-test exploits for asset protection in SoCs , 2017, 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC).

[3]  Haoting Shen,et al.  Nanopyramid: An Optical Scrambler Against Backside Probing Attacks , 2018, ISTFA 2018: Conference Proceedings from the 44th International Symposium for Testing and Failure Analysis.

[4]  B. Goldberg,et al.  Integrated Circuit Super-Resolution Failure Analysis with Solid Immersion Lenses , 2014 .

[5]  Waleed Khalil,et al.  Defense-in-Depth: A Recipe for Logic Locking to Prevail , 2019, Integr..

[6]  Mark Mohammad Tehranipoor,et al.  Physical Inspection & Attacks: New Frontier in Hardware Security , 2018, 2018 IEEE 3rd International Verification and Security Workshop (IVSW).

[7]  Jean-Pierre Seifert,et al.  Laser Fault Attack on Physically Unclonable Functions , 2015, 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[9]  Jean-Max Dutertre,et al.  Laser fault injection into SRAM cells: Picosecond versus nanosecond pulses , 2015, 2015 IEEE 21st International On-Line Testing Symposium (IOLTS).

[10]  Franco Stellari,et al.  Revealing SRAM memory content using spontaneous photon emission , 2016, 2016 IEEE 34th VLSI Test Symposium (VTS).

[11]  Michael Hutter,et al.  Optical Fault Attacks on AES: A Threat in Violet , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[12]  Jean-Pierre Seifert,et al.  Physical Characterization of Arbiter PUFs , 2014, IACR Cryptol. ePrint Arch..

[13]  Jean-Pierre Seifert,et al.  Key Extraction using Thermal Laser Stimulation: A Case Study on Xilinx Ultrascale FPGAs , 2018, IACR Cryptol. ePrint Arch..

[14]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[15]  Christian Boit,et al.  Assessment of a Chip Backside Protection , 2018, J. Hardw. Syst. Secur..

[16]  Rosa Rodríguez Montañés,et al.  Backside polishing detector: a new protection against backside attacks , 2015 .

[17]  Ravikumar Venkat Krishnan,et al.  Pattern Search Automation for Combinational Logic Analysis , 2018 .

[18]  Christian Boit,et al.  Security Risks Posed by Modern IC Debug and Diagnosis Tools , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[19]  Jean-Pierre Seifert,et al.  On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs , 2017, CCS.

[20]  J. Huening,et al.  Electron Beam Probing of Active Advanced FinFET Circuit with Fin Level Resolution , 2018, ISTFA 2018: Conference Proceedings from the 44th International Symposium for Testing and Failure Analysis.

[21]  Sergei Skorobogatov Flash Memory 'Bumping' Attacks , 2010, CHES.

[22]  Angeline Phoa,et al.  Combinational logic analysis case studies using laser voltage probing , 2016, 2016 IEEE 23rd International Symposium on the Physical and Failure Analysis of Integrated Circuits (IPFA).

[23]  Mir Tanjidur Rahman,et al.  Analytical Determination of Collisional Sheath Properties for Triple Frequency Capacitively Coupled Plasma , 2015, IEEE Transactions on Plasma Science.

[24]  Jean-Pierre Seifert,et al.  PUFMon: Security monitoring of FPGAs using physically unclonable functions , 2017, 2017 IEEE 23rd International Symposium on On-Line Testing and Robust System Design (IOLTS).

[25]  Heiko Lohrke,et al.  Contactless visible light probing for nanoscale ICs through 10 μm bulk silicon , 2015 .

[26]  Georg Sigl,et al.  Detection of probing attempts in secure ICs , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[27]  Jean-Pierre Seifert,et al.  Simple photonic emission analysis of AES , 2013, Journal of Cryptographic Engineering.

[28]  Jean-Pierre Seifert,et al.  Emission Analysis of Hardware Implementations , 2014, 2014 17th Euromicro Conference on Digital System Design.

[29]  Makoto Nagata,et al.  Ring Oscillator under Laser: Potential of PLL-based Countermeasure against Laser Fault Injection , 2016, 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[30]  Sandip Ray,et al.  Security policy enforcement in modern SoC designs , 2015, 2015 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).