skip to main content


Title: Electrons Vs. Photons: Assessment of Circuit’s Activity Requirements for E-Beam and Optical Probing Attacks
Contactless probing methods through the chip backside have been demonstrated to be powerful attack techniques in the field of electronic security. However, these attacks typically require the adversary to run the circuit under specific conditions, such as enforcing the switching of gates or registers with certain frequencies or repeating measurements over multiple executions to achieve an acceptable signal-to-noise ratio (SNR). Fulfilling such requirements may not always be feasible due to challenges such as low-frequency switching or inaccessibility of the control signals. In this work, we assess these requirements for contactless electron- and photon-based probing attacks by performing extensive experiments. Our findings demonstrate that E-beam probing, in particular, has the potential to outperform optical methods in scenarios involving static or low-frequency circuit activities.  more » « less
Award ID(s):
2150123
PAR ID:
10476812
Author(s) / Creator(s):
; ; ; ; ; ; ; ; ;
Publisher / Repository:
ASM International
Date Published:
Page Range / eLocation ID:
339 to 345
Format(s):
Medium: X
Location:
Phoenix, Arizona, USA
Sponsoring Org:
National Science Foundation
More Like this
  1. Physical attacks can compromise the security of cryptographic devices. Depending on the attack’s requirements, adversaries might need to (i) place probes in the proximity of the integrated circuits (ICs) package, (ii) create physical connections between their probes/wires and the system’s PCB, or (iii) physically tamper with the PCB’s components, chip’s package, or substitute the entire PCB to prepare the device for the attack. While tamper-proof enclosures prevent and detect physical access to the system, their high manufacturing cost and incompatibility with legacy systems make them unattractive for many low-cost scenarios. In this paper, inspired by methods known from the field of power integrity analysis, we demonstrate how the impedance characterization of the system’s power distribution network (PDN) using on-chip circuit-based network analyzers can detect various classes of tamper events. We explain how these embedded network analyzers, without any modifications to the system, can be deployed on FPGAs to extract the frequency response of the PDN. The analysis of these frequency responses reveals different classes of tamper events from board to chip level. To validate our claims, we run an embedded network analyzer on FPGAs of a family of commercial development kits and perform extensive measurements for various classes of PCB and IC package tampering required for conducting different side-channel or fault attacks. Using the Wasserstein Distance as a statistical metric, we further show that we can confidently detect tamper events. Our results, interestingly, show that even environment-level tampering activities, such as the proximity of contactless EM probes to the IC package or slightly polished IC package, can be detected using on-chip impedance sensing. 
    more » « less
  2. Security-critical applications on integrated circuits (ICs) are threatened by probing attacks that extract sensitive information assisted with focused ion beam (FIB) based circuit edit. Existing countermeasures, such as active shield, analog shield, and t-private circuit, have proven to be inefficient and provide limited resistance against probing attacks without taking FIB capabilities into consideration. In this paper, we propose a FIB-aware anti-probing physical design flow, which considers FIB capabilities and utilizes computer-aided design (CAD) tools, to automatically reduce the probing attack vulnerability of an IC’s security-critical nets with minimal extra design effort. The floor-planning and routing of the design are constrained by incorporating three new steps in the conventional physical design flow, so that security-critical nets are protected by internal shield nets with low overhead. Results show that the proposed technique can reduce the vulnerable area exposed to probing on security-critical nets by 100% with all critical nets fully protected for both advanced encryption standard (AES) and data encryption standard (DES) modules. The timing, area, and power overheads are less than 3% per module, which would be negligible in a system-on-chip (SoC) design. 
    more » « less
  3. Probing attacks against integrated circuits (IC) have become a serious concern, especially for security-critical applications. With the help of modern circuit editing tools, an attacker could remove layers of materials and expose wires carrying sensitive on-chip assets, such as cryptographic keys and proprietary firmware for probing. Most existing protection methods use active shield which provides tamper-evident covers at the top-most metal layers to the circuity below. However, they lack formal proofs of their effectiveness as some active shields have already been circumvented by hackers. In this paper, we investigate the problem of protection against front-side probing attacks and present a framework to assess a design’s vulnerabilities against probing attacks. Metrics are developed to evaluate the resilience of designs to bypass attack and reroute attack which are two common techniques used to compromise an anti-probing mechanism. Exemplary assets from an SoC layout are used to evaluate the proposed flow. Results show that long net and high layer wires are vulnerable to probing attack equipped with high aspect ratio FIB. Meanwhile, nets that occupy small area on the chip are probably compromised through rerouting shield wires. On the other hand, multi-layer internal orthogonal shield performs the best among common shield structures. 
    more » « less
  4. Microprobing attacks against integrated circuit used in security-critical systems have become a serious concern. With the help of advanced circuit editing technology, an attacker can remove layers of materials and expose wires carrying security critical information for probing. Active shields constitute the most widely used approach to deter microprobing attacks. However, a number of vulnerabilities have been found in existing active shield designs; in particular, their weakness to tilted bypass attacks has yet to be addressed. In this paper, we provide a comprehensive investigation on tilted bypass attacks with a mathematical model to investigate how best an attacker can exploit geometric weakness of shield designs in three dimensions, as well as shield design techniques informed with such observations. We also include a numerical analysis with realistic parameters to validate theoretical predictions. 
    more » « less
  5. This paper demonstrates a high-efficiency modular multilevel resonant DC-DC converter (MMRC) with zero-voltage switching (ZVS) capability. In order to minimize the conduction loss in the converter, optimizing the root-mean-square (RMS) current flowing through switching devices is considered an effective approach. The analysis of circuit configuration and operating principle show that the RMS value of the current flowing through switching devices is closely related to the factors such as the resonant tank parameters, switching frequency, converter output voltage and current, etc. A quantitative analysis that considers all these factors has been performed to evaluate the RMS current of all the components in the circuit. When the circuit parameters are carefully designed, the switch current waveform can be close to the square waveform, which has a low RMS value and results in low conduction loss. And a design example based on the theoretical analysis is presented to show the design procedures of the presented converter. A 600 W 48 V-to-12 V prototype is built with the parameters obtained from the design example section. Simulation and experiments have been performed to verify the high-efficiency feature of the designed converter. The measured converter peak efficiency reaches 99.55% when it operates at 200 kHz. And its power density can be as high as 795 W/in 3 . 
    more » « less