No Place to Hide: Contactless Probing of Secret Data on FPGAs

Field Programmable Gate Arrays (FPGAs) have been the target of different physical attacks in recent years. Many different countermeasures have already been integrated into these devices to mitigate the existing vulnerabilities. However, there has not been enough attention paid to semi-invasive attacks from the IC backside due to the following reasons. First, the conventional semi-invasive attacks from the IC backside — such as laser fault injection and photonic emission analysis — cannot be scaled down without further effort to the very latest nanoscale technologies of modern FPGAs and programmable SoCs. Second, the more advanced solutions for secure storage, such as controlled Physically Unclonable Functions (PUFs), make the conventional memory-readout techniques almost impossible. In this paper, however, novel approaches have been explored: Attacks based on Laser Voltage Probing (LVP) and its derivatives, as commonly used in Integrated Circuit (IC) debug for nanoscale low voltage technologies, are successfully launched against a 60 nanometer technology FPGA. We discuss how these attacks can be used to break modern bitstream encryption implementations. Our attacks were carried out on a Proof-of-Concept PUF-based key generation implementation. To the best of our knowledge this is the first time that LVP is used to perform an attack on secure ICs.

[1]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.

[2]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[3]  Overview of Data Security Using Microsemi FPGAs and SoC FPGAs , 2003 .

[4]  Rudolf Schlangen,et al.  Impact of back side circuit edit on active device performance in bulk silicon ICs , 2005, IEEE International Conference on Test, 2005..

[5]  Boris Skoric,et al.  Read-Proof Hardware from Protective Coatings , 2006, CHES.

[6]  Patrick Schaumont,et al.  Offline Hardware/Software Authentication for Reconfigurable Platforms , 2006, CHES.

[7]  Jorge Guajardo,et al.  FPGA Intrinsic PUFs and Their Use for IP Protection , 2007, CHES.

[8]  C. Boit,et al.  Quantitative Investigation of Laser Beam Modulation in Electrically Active Devices as Used in Laser Voltage Probing , 2007, IEEE Transactions on Device and Materials Reliability.

[9]  Rudolf Schlangen,et al.  Physical analysis, trimming and editing of nanoscale IC function with backside FIB processing , 2009, Microelectron. Reliab..

[10]  Srinivas Devadas,et al.  Modeling attacks on physical unclonable functions , 2010, CCS '10.

[11]  Georg Sigl,et al.  Semi-invasive EM attack on FPGA RO PUFs and countermeasures , 2011 .

[12]  Alessandro Barenghi,et al.  On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx Virtex-II FPGAs , 2011, CCS '11.

[13]  Arenberg Doctoral,et al.  Physically Unclonable Functions: Constructions, Properties and Applications , 2012 .

[14]  Akashi Satoh,et al.  Electromagnetic Side-channel Attack against 28-nm FPGA Device , 2012 .

[15]  Tim Güneysu,et al.  Securely Sealing Multi-FPGA Systems , 2012, ARC.

[16]  Roel Maes,et al.  Physically Unclonable Functions , 2013, Springer Berlin Heidelberg.

[17]  Jean-Pierre Seifert,et al.  Breaking and entering through the silicon , 2013, CCS.

[18]  Christof Paar,et al.  Side-channel attacks on the bitstream encryption mechanism of Altera Stratix II: facilitating black-box analysis using software reverse-engineering , 2013, FPGA '13.

[19]  Jean-Pierre Seifert,et al.  Invasive PUF Analysis , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[20]  Jean-Pierre Seifert,et al.  Cloning Physically Unclonable Functions , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[21]  Jean-Pierre Seifert,et al.  Physical Characterization of Arbiter PUFs , 2014, IACR Cryptol. ePrint Arch..

[22]  Stephen M. Trimberger,et al.  FPGA Security: Motivations, Features, and Applications , 2014, Proceedings of the IEEE.

[23]  Jean-Pierre Seifert,et al.  Emission Analysis of Hardware Implementations , 2014, 2014 17th Euromicro Conference on Digital System Design.

[24]  Jean-Pierre Seifert,et al.  Laser Fault Attack on Physically Unclonable Functions , 2015, 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[25]  Heiko Lohrke,et al.  Contactless visible light probing for nanoscale ICs through 10 μm bulk silicon , 2015 .

[26]  Robert Chivas,et al.  Visible Light LVP on Bulk Silicon Devices , 2015 .

[27]  Georg T. Becker,et al.  The Gap Between Promise and Reality: On the Insecurity of XOR Arbiter PUFs , 2015, CHES.

[28]  Martin von Haartman,et al.  Optical Fault Isolation and Nanoprobing Techniques for the 10nm Technology Node and Beyond , 2015 .

[29]  G. Richard Newell,et al.  Differential power analysis countermeasures for the configuration of SRAM FPGAs , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[30]  Frans M. J. Willems,et al.  Secure Key Generation from Biased PUFs , 2015, CHES.

[31]  Jean-Pierre Seifert,et al.  Why Attackers Win: On the Learnability of XOR Arbiter PUFs , 2015, TRUST.

[32]  Georg Sigl,et al.  Precise Laser Fault Injections into 90 nm and 45 nm SRAM-cells , 2015, CARDIS.

[33]  Jean-Pierre Seifert,et al.  Photonic Side-Channel Analysis of Arbiter PUFs , 2016, Journal of Cryptology.

[34]  Amir Moradi,et al.  Improved Side-Channel Analysis Attacks on Xilinx Bitstream Encryption of 5, 6, and 7 Series , 2016, COSADE.

[35]  Srinivas Devadas,et al.  Trapdoor Computational Fuzzy Extractors and Stateless Cryptographically-Secure Physical Unclonable Functions , 2017, IEEE Transactions on Dependable and Secure Computing.