skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


This content will become publicly available on June 1, 2025

Title: Detour-RS: Reroute Attack Vulnerability Assessment with Awareness of the Layout and Resource
Recent decades have witnessed a remarkable pace of innovation and performance improvements in integrated circuits (ICs), which have become indispensable in an array of critical applications ranging from military infrastructure to personal healthcare. Meanwhile, recent developments have brought physical security to the forefront of concern, particularly considering the valuable assets handled and stored within ICs. Among the various invasive attack vectors, micro-probing attacks have risen as a particularly menacing threat. These attacks leverage advanced focused ion beam (FIB) systems to enable post-silicon secret eavesdropping and circuit modifications with minimal traceability. As an evolved variant of micro-probing attacks, reroute attacks possess the ability to actively disable built-in shielding measures, granting access to the security-sensitive signals concealed beneath. To address and counter these emerging challenges, we introduce a layout-level framework known as Detour-RS. This framework is designed to automatically assess potential vulnerabilities, offering a systematic approach to identifying and mitigating exploitable weaknesses. Specifically, we employed a combination of linear and nonlinear programming-based approaches to identify the layout-aware attack costs in reroute attempts given specific target assets. The experimental results indicate that shielded designs outperform non-shielded structures against reroute attacks. Furthermore, among the two-layer shield configurations, the orthogonal layout exhibits better performance compared to the parallel arrangement. Furthermore, we explore both independent and dependent scenarios, where the latter accounts for potential interference among circuit edit locations. Notably, our results demonstrate a substantial near 50% increase in attack cost when employing the more realistic dependent estimation approach. In addition, we also propose time and gas consumption metrics to evaluate the resource consumption of the attackers, which provides a perspective for evaluating reroute attack efforts. We have collected the results for different categories of target assets and also the average resource consumption for each via, required during FIB reroute attack.  more » « less
Award ID(s):
2016624
PAR ID:
10554618
Author(s) / Creator(s):
; ; ;
Publisher / Repository:
MDPI
Date Published:
Journal Name:
Cryptography
Volume:
8
Issue:
2
ISSN:
2410-387X
Page Range / eLocation ID:
13
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, IEEE transactions on very large scale integration (VLSI) systems)
    Probing attacks against integrated circuits (IC) have become a serious concern, especially for security-critical applications. With the help of modern circuit editing tools, an attacker could remove layers of materials and expose wires carrying sensitive on-chip assets, such as cryptographic keys and proprietary firmware for probing. Most existing protection methods use active shield which provides tamper-evident covers at the top-most metal layers to the circuity below. However, they lack formal proofs of their effectiveness as some active shields have already been circumvented by hackers. In this paper, we investigate the problem of protection against front-side probing attacks and present a framework to assess a design’s vulnerabilities against probing attacks. Metrics are developed to evaluate the resilience of designs to bypass attack and reroute attack which are two common techniques used to compromise an anti-probing mechanism. Exemplary assets from an SoC layout are used to evaluate the proposed flow. Results show that long net and high layer wires are vulnerable to probing attack equipped with high aspect ratio FIB. Meanwhile, nets that occupy small area on the chip are probably compromised through rerouting shield wires. On the other hand, multi-layer internal orthogonal shield performs the best among common shield structures. 
    more » « less
  2. ; ; ; ; (, IEEE transactions on computer-aided design of integrated circuits and systems)
    Security-critical applications on integrated circuits (ICs) are threatened by probing attacks that extract sensitive information assisted with focused ion beam (FIB) based circuit edit. Existing countermeasures, such as active shield, analog shield, and t-private circuit, have proven to be inefficient and provide limited resistance against probing attacks without taking FIB capabilities into consideration. In this paper, we propose a FIB-aware anti-probing physical design flow, which considers FIB capabilities and utilizes computer-aided design (CAD) tools, to automatically reduce the probing attack vulnerability of an IC’s security-critical nets with minimal extra design effort. The floor-planning and routing of the design are constrained by incorporating three new steps in the conventional physical design flow, so that security-critical nets are protected by internal shield nets with low overhead. Results show that the proposed technique can reduce the vulnerable area exposed to probing on security-critical nets by 100% with all critical nets fully protected for both advanced encryption standard (AES) and data encryption standard (DES) modules. The timing, area, and power overheads are less than 3% per module, which would be negligible in a system-on-chip (SoC) design. 
    more » « less
  3. ; ; ; ; (, TECHCON 2018)
    Security-critical applications on integrated circuits (ICs) are threatened by microprobing attacks that extract sensitive information through focused ion beam (FIB) based milling. Existing countermeasures, such as active shield, analog shield and t-private circuit, have proven to be inefficient and provide limited resistance. In this paper, we propose a FIB-aware anti-probing physical design flow to reduce the vulnerability of security-critical nets in a design. Results show that our proposed technique can reduce the vulnerable exposed area on critical nets to probing attack by 90% in AES and DES modules with only 5% area overhead. 
    more » « less
  4. ; ; ; (, SRC TECHCON)
    Microprobing attacks poses a serious threat to security-critical applications by enabling attackers to steal assets and/or secrets within integrated circuits (ICs).With the assistance of focused ion beam (FIB), microprobing attacks are even more powerful. Although there are some existing countermeasures like active shields, analog shields, and t-private circuits, the FIB’s capabilities are not taken into consideration and thus these countermeasures are inefficient and only provide limited resistance against the FIB-enhanced microprobing attacks. To counter the attack, we previously proposed a FIB-aware antiprobing physical design flow that utilizes computer-aided design (CAD) tools to detect and prevent microprobing attack from the IC front-side with minimal extra design effort. In this paper, we expand this flow to protect not only front-side of the IC, but provide simultaneous protection of both front-side and back-side. Results in an Advanced Encryption Standard (AES) benchmark show that, by using the proposed flow, the vulnerable area exposed to front-side probing on security-critical nets is reduced to zero at low FIB aspect ratios with less than 2% timing and area overhead. 
    more » « less
  5. ; ; ; (, IEEE Asian Hardware Oriented Security and Trust Symposium)
    Sensitive data contained and processed in integrated circuits (ICs), such as secret keys and encrypted firmware, can be extracted with focused ion beam (FIB) based probing attacks. Due to the unprotected structure on the back-side of the die, the threat of back-side probing attacks is particularly grim. In this study, we develop a quantitative model for back-side probing attacks and apply it to three latest technology nodes 7, 10 and 14 nm with 3, 5, 8 and 10 FIB aspect ratios. The probed opening is modeled to have shape of conical frustum, which allows FIB beam diameter, in range of 10nm to 33.3nm, to produce the opening with diameter in range of 22nm to 57.3nm. We also propose a novel back-side shield design structure with an estimated 16% area overhead that terminates the die operations as a result of probing to prevent malicious data extraction. Proposed back-side countermeasure increases the complexity of the attack performed on protected die. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email