skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Electrons Vs. Photons: Assessment of Circuit’s Activity Requirements for E-Beam and Optical Probing Attacks
Contactless probing methods through the chip backside have been demonstrated to be powerful attack techniques in the field of electronic security. However, these attacks typically require the adversary to run the circuit under specific conditions, such as enforcing the switching of gates or registers with certain frequencies or repeating measurements over multiple executions to achieve an acceptable signal-to-noise ratio (SNR). Fulfilling such requirements may not always be feasible due to challenges such as low-frequency switching or inaccessibility of the control signals. In this work, we assess these requirements for contactless electron- and photon-based probing attacks by performing extensive experiments. Our findings demonstrate that E-beam probing, in particular, has the potential to outperform optical methods in scenarios involving static or low-frequency circuit activities.  more » « less
Award ID(s):
2150123
PAR ID:
10476812
Author(s) / Creator(s):
; ; ; ; ; ; ; ; ;
Publisher / Repository:
ASM International
Date Published:
Page Range / eLocation ID:
339 to 345
Format(s):
Medium: X
Location:
Phoenix, Arizona, USA
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, IACR Transactions on Cryptographic Hardware and Embedded Systems)
    Physical attacks can compromise the security of cryptographic devices. Depending on the attack’s requirements, adversaries might need to (i) place probes in the proximity of the integrated circuits (ICs) package, (ii) create physical connections between their probes/wires and the system’s PCB, or (iii) physically tamper with the PCB’s components, chip’s package, or substitute the entire PCB to prepare the device for the attack. While tamper-proof enclosures prevent and detect physical access to the system, their high manufacturing cost and incompatibility with legacy systems make them unattractive for many low-cost scenarios. In this paper, inspired by methods known from the field of power integrity analysis, we demonstrate how the impedance characterization of the system’s power distribution network (PDN) using on-chip circuit-based network analyzers can detect various classes of tamper events. We explain how these embedded network analyzers, without any modifications to the system, can be deployed on FPGAs to extract the frequency response of the PDN. The analysis of these frequency responses reveals different classes of tamper events from board to chip level. To validate our claims, we run an embedded network analyzer on FPGAs of a family of commercial development kits and perform extensive measurements for various classes of PCB and IC package tampering required for conducting different side-channel or fault attacks. Using the Wasserstein Distance as a statistical metric, we further show that we can confidently detect tamper events. Our results, interestingly, show that even environment-level tampering activities, such as the proximity of contactless EM probes to the IC package or slightly polished IC package, can be detected using on-chip impedance sensing. 
    more » « less
  2. ; (, Sensors)
    Stealthy chip-level tamper attacks, such as hardware Trojan insertions or security-critical circuit modifications, can threaten modern microelectronic systems’ security. While traditional inspection and side-channel methods offer potential for tamper detection, they may not reliably detect all forms of attacks and often face practical limitations in terms of scalability, accuracy, or applicability. This work introduces a non-invasive, contactless tamper detection method employing a complementary split-ring resonator (CSRR). CSRRs, which are typically deployed for non-destructive material characterization, can be placed on the surface of the chip’s package to detect subtle variations in the impedance of the chip’s power delivery network (PDN) caused by tampering. The changes in the PDN’s impedance profile perturb the local electric near field and consequently affect the sensor’s impedance. These changes manifest as measurable variations in the sensor’s scattering parameters. By monitoring these variations, our approach enables robust and cost-effective physical integrity verification requiring neither physical contact with the chips or printed circuit board (PCB) nor activation of the underlying malicious circuits. To validate our claims, we demonstrate the detection of various chip-level tamper events on an FPGA manufactured with 28 nm technology. 
    more » « less
  3. ; ; ; ; (, IEEE transactions on computer-aided design of integrated circuits and systems)
    Security-critical applications on integrated circuits (ICs) are threatened by probing attacks that extract sensitive information assisted with focused ion beam (FIB) based circuit edit. Existing countermeasures, such as active shield, analog shield, and t-private circuit, have proven to be inefficient and provide limited resistance against probing attacks without taking FIB capabilities into consideration. In this paper, we propose a FIB-aware anti-probing physical design flow, which considers FIB capabilities and utilizes computer-aided design (CAD) tools, to automatically reduce the probing attack vulnerability of an IC’s security-critical nets with minimal extra design effort. The floor-planning and routing of the design are constrained by incorporating three new steps in the conventional physical design flow, so that security-critical nets are protected by internal shield nets with low overhead. Results show that the proposed technique can reduce the vulnerable area exposed to probing on security-critical nets by 100% with all critical nets fully protected for both advanced encryption standard (AES) and data encryption standard (DES) modules. The timing, area, and power overheads are less than 3% per module, which would be negligible in a system-on-chip (SoC) design. 
    more » « less
  4. ; ; ; (, IEEE transactions on very large scale integration (VLSI) systems)
    Probing attacks against integrated circuits (IC) have become a serious concern, especially for security-critical applications. With the help of modern circuit editing tools, an attacker could remove layers of materials and expose wires carrying sensitive on-chip assets, such as cryptographic keys and proprietary firmware for probing. Most existing protection methods use active shield which provides tamper-evident covers at the top-most metal layers to the circuity below. However, they lack formal proofs of their effectiveness as some active shields have already been circumvented by hackers. In this paper, we investigate the problem of protection against front-side probing attacks and present a framework to assess a design’s vulnerabilities against probing attacks. Metrics are developed to evaluate the resilience of designs to bypass attack and reroute attack which are two common techniques used to compromise an anti-probing mechanism. Exemplary assets from an SoC layout are used to evaluate the proposed flow. Results show that long net and high layer wires are vulnerable to probing attack equipped with high aspect ratio FIB. Meanwhile, nets that occupy small area on the chip are probably compromised through rerouting shield wires. On the other hand, multi-layer internal orthogonal shield performs the best among common shield structures. 
    more » « less
  5. ; ; (, ACM)
    The threats of physical side-channel attacks and their countermeasures have been widely researched. Most physical side-channel attacks rely on the unavoidable influence of computation or storage on current consumption or voltage drop on a chip. Such data-dependent influence can be exploited by, for instance, power or electromagnetic analysis. In this work, we introduce a novel non-invasive physical side-channel attack, which exploits the data-dependent changes in the impedance of the chip. Our attack relies on the fact that the temporarily stored contents in registers alter the physical characteristics of the circuit, which results in changes in the die's impedance. To sense such impedance variations, we deploy a well-known RF/microwave method called scattering parameter analysis, in which we inject sine wave signals with high frequencies into the system's power distribution network (PDN) and measure the echo of the signals. We demonstrate that according to the content bits and physical location of a register, the reflected signal is modulated differently at various frequency points enabling the simultaneous and independent probing of individual registers. Such side-channel leakage challenges the t-probing security model assumption used in masking, which is a prominent side-channel countermeasure. To validate our claims, we mount non-profiled and profiled impedance analysis attacks on hardware implementations of unprotected and high-order masked AES. We show that in the case of the profiled attack, only a single trace is required to recover the secret key. Finally, we discuss how a specific class of hiding countermeasures might be effective against impedance leakage. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email