Is Backside the New Backdoor in Modern SoCs?: Invited Paper

Modern integrated circuits (ICs) possess several countermeasures to safeguard sensitive data and information stored in the device. In recent years, semi-invasive physical attacks based on optical debugging techniques have proven to be capable of easily bypassing these security measures implemented in the chip. Optical attacks can reveal the data stored in memory, cache and register through various methods such as photon emission analysis, laser fault injection, laser voltage probing, and thermal laser stimulation. The above-mentioned methods, which employ laser scanning microscopy and photon emission microscopy, are effective because the silicon substrate is transparent to near-infrared (NIR) photons. Therefore, the most vulnerable part of an IC to optical attacks is the backside, where the chip's transistors can be accessed and probed with a NIR laser beam. Although different optical attack detection and avoidance mechanisms have been proposed, many can be circumvented and none are universal solutions for all types of optical attacks. In this study, we present a taxonomy of the different types of optical attacks and the security threats posed by each type. Then we discuss the existing prevention-detection based solutions to optical probing attacks which will set the future research direction.

[1]  Qihang Shi,et al.  Golden Gates: A New Hybrid Approach for Rapid Hardware Trojan Detection using Testing and Imaging , 2019, 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[2]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[3]  Sergei P. Skorobogatov,et al.  Using Optical Emission Analysis for Estimating Contribution to Power Analysis , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[4]  Franco Stellari,et al.  Revealing SRAM memory content using spontaneous photon emission , 2016, 2016 IEEE 34th VLSI Test Symposium (VTS).

[5]  Steven J. Greenwald,et al.  Discussion topic: what is the old security paradigm? , 1998, NSPW '98.

[6]  Yang Liu,et al.  Practical Fault Attack on Deep Neural Networks , 2018, CCS.

[7]  X. Zhang,et al.  Failure localization methods for system-on-chip (SoC) using photon emission microscopy , 2013, International Symposium on the Physical and Failure Analysis of Integrated Circuits.

[8]  Mark Mohammad Tehranipoor,et al.  Physical Inspection & Attacks: New Frontier in Hardware Security , 2018, 2018 IEEE 3rd International Verification and Security Workshop (IVSW).

[9]  Jean-Pierre Seifert,et al.  Laser Fault Attack on Physically Unclonable Functions , 2015, 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[10]  Haoting Shen,et al.  Nanopyramid: An Optical Scrambler Against Backside Probing Attacks , 2018, ISTFA 2018: Conference Proceedings from the 44th International Symposium for Testing and Failure Analysis.

[11]  Christian Boit,et al.  Assessment of a Chip Backside Protection , 2018, J. Hardw. Syst. Secur..

[12]  Rosa Rodríguez Montañés,et al.  Backside polishing detector: a new protection against backside attacks , 2015 .

[13]  Christian Boit,et al.  Security Risks Posed by Modern IC Debug and Diagnosis Tools , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[14]  Boris Skoric,et al.  Read-Proof Hardware from Protective Coatings , 2006, CHES.

[15]  Stephan Borel,et al.  A Novel Structure for Backside Protection Against Physical Attacks on Secure Chips or SiP , 2018, 2018 IEEE 68th Electronic Components and Technology Conference (ECTC).

[16]  Elham Amini,et al.  STUDENT PAPER: Backside Protection Structure for Security Sensitive ICs , 2017 .

[17]  Jean-Pierre Seifert,et al.  Simple photonic emission analysis of AES , 2013, Journal of Cryptographic Engineering.

[18]  Jean-Pierre Seifert,et al.  Simple Photonic Emission Analysis of AES - Photonic Side Channel Analysis for the Rest of Us , 2012, CHES.

[19]  Swarup Bhunia,et al.  Security Validation in Modern SoC Designs , 2017 .

[20]  Mir Tanjidur Rahman,et al.  A Time-Dependent Collisional Sheath Model for Dual-Frequency Capacitively Coupled RF Plasma , 2013, IEEE Transactions on Plasma Science.

[21]  Michael Hutter,et al.  Optical Fault Attacks on AES: A Threat in Violet , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[22]  Waleed Khalil,et al.  Defense-in-Depth: A Recipe for Logic Locking to Prevail , 2019, Integr..

[23]  Mario J. Paniccia,et al.  Laser voltage probe (LVP): a novel optical probing technology for flip-chip packaged microprocessors , 1999, Proceedings of the 1999 7th International Symposium on the Physical and Failure Analysis of Integrated Circuits (Cat. No.99TH8394).

[24]  Jean-Pierre Seifert,et al.  On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs , 2017, CCS.

[25]  Jean-Pierre Seifert,et al.  PUFMon: Security monitoring of FPGAs using physically unclonable functions , 2017, 2017 IEEE 23rd International Symposium on On-Line Testing and Robust System Design (IOLTS).

[26]  Assia Tria,et al.  Increasing the efficiency of laser fault injections using fast gate level reverse engineering , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[27]  Alan Purvis,et al.  Fault tolerant quadded logic cell structure with built-in adaptive time redundancy. , 2014 .

[28]  Mark Mohammad Tehranipoor,et al.  Security vulnerability analysis of design-for-test exploits for asset protection in SoCs , 2017, 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC).

[29]  Mark Mohammad Tehranipoor,et al.  Detecting Hardware Trojans Inserted by Untrusted Foundry Using Physical Inspection and Advanced Image Processing , 2018, Journal of Hardware and Systems Security.

[30]  Jean-Pierre Seifert,et al.  Key Extraction using Thermal Laser Stimulation: A Case Study on Xilinx Ultrascale FPGAs , 2018, IACR Cryptol. ePrint Arch..

[31]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[32]  Jean-Pierre Seifert,et al.  Physical Characterization of Arbiter PUFs , 2014, IACR Cryptol. ePrint Arch..

[33]  Fabrizio Lombardi,et al.  A Fault-Tolerant Technique Using Quadded Logic and Quadded Transistors , 2015, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[34]  弗兰克·萨卡里亚斯 Semiconductor device with backside tamper protection , 2008 .

[35]  Jean-Pierre Seifert,et al.  Emission Analysis of Hardware Implementations , 2014, 2014 17th Euromicro Conference on Digital System Design.

[36]  Makoto Nagata,et al.  Ring Oscillator under Laser: Potential of PLL-based Countermeasure against Laser Fault Injection , 2016, 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[37]  Swarup Bhunia,et al.  ArtiFact: Architecture and CAD Flow for Efficient Formal Verification of SoC Security Policies , 2018, 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI).