An official website of the United States government
Physical attacks can compromise the security of cryptographic devices. Depending on the attack’s requirements, adversaries might need to (i) place probes in the proximity of the integrated circuits (ICs) package, (ii) create physical connections between their probes/wires and the system’s PCB, or (iii) physically tamper with the PCB’s components, chip’s package, or substitute the entire PCB to prepare the device for the attack. While tamper-proof enclosures prevent and detect physical access to the system, their high manufacturing cost and incompatibility with legacy systems make them unattractive for many low-cost scenarios. In this paper, inspired by methods known from the field of power integrity analysis, we demonstrate how the impedance characterization of the system’s power distribution network (PDN) using on-chip circuit-based network analyzers can detect various classes of tamper events. We explain how these embedded network analyzers, without any modifications to the system, can be deployed on FPGAs to extract the frequency response of the PDN. The analysis of these frequency responses reveals different classes of tamper events from board to chip level. To validate our claims, we run an embedded network analyzer on FPGAs of a family of commercial development kits and perform extensive measurements for various classes of PCB and IC package tampering required for conducting different side-channel or fault attacks. Using the Wasserstein Distance as a statistical metric, we further show that we can confidently detect tamper events. Our results, interestingly, show that even environment-level tampering activities, such as the proximity of contactless EM probes to the IC package or slightly polished IC package, can be detected using on-chip impedance sensing.
more »
« less
This content will become publicly available on July 5, 2026
Near-Field Microwave Sensing for Chip-Level Tamper Detection
Stealthy chip-level tamper attacks, such as hardware Trojan insertions or security-critical circuit modifications, can threaten modern microelectronic systems’ security. While traditional inspection and side-channel methods offer potential for tamper detection, they may not reliably detect all forms of attacks and often face practical limitations in terms of scalability, accuracy, or applicability. This work introduces a non-invasive, contactless tamper detection method employing a complementary split-ring resonator (CSRR). CSRRs, which are typically deployed for non-destructive material characterization, can be placed on the surface of the chip’s package to detect subtle variations in the impedance of the chip’s power delivery network (PDN) caused by tampering. The changes in the PDN’s impedance profile perturb the local electric near field and consequently affect the sensor’s impedance. These changes manifest as measurable variations in the sensor’s scattering parameters. By monitoring these variations, our approach enables robust and cost-effective physical integrity verification requiring neither physical contact with the chips or printed circuit board (PCB) nor activation of the underlying malicious circuits. To validate our claims, we demonstrate the detection of various chip-level tamper events on an FPGA manufactured with 28 nm technology.
more »
« less
- Award ID(s):
- 2338069
- PAR ID:
- 10616722
- Publisher / Repository:
- MDPI Sensors
- Date Published:
- Journal Name:
- Sensors
- Volume:
- 25
- Issue:
- 13
- ISSN:
- 1424-8220
- Page Range / eLocation ID:
- 4188
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
The threats of physical side-channel attacks and their countermeasures have been widely researched. Most physical side-channel attacks rely on the unavoidable influence of computation or storage on current consumption or voltage drop on a chip. Such data-dependent influence can be exploited by, for instance, power or electromagnetic analysis. In this work, we introduce a novel non-invasive physical side-channel attack, which exploits the data-dependent changes in the impedance of the chip. Our attack relies on the fact that the temporarily stored contents in registers alter the physical characteristics of the circuit, which results in changes in the die's impedance. To sense such impedance variations, we deploy a well-known RF/microwave method called scattering parameter analysis, in which we inject sine wave signals with high frequencies into the system's power distribution network (PDN) and measure the echo of the signals. We demonstrate that according to the content bits and physical location of a register, the reflected signal is modulated differently at various frequency points enabling the simultaneous and independent probing of individual registers. Such side-channel leakage challenges the t-probing security model assumption used in masking, which is a prominent side-channel countermeasure. To validate our claims, we mount non-profiled and profiled impedance analysis attacks on hardware implementations of unprotected and high-order masked AES. We show that in the case of the profiled attack, only a single trace is required to recover the secret key. Finally, we discuss how a specific class of hiding countermeasures might be effective against impedance leakage.more » « less
-
The security of printed circuit boards (PCBs) has become increasingly vital as supply chain vulnerabilities, including tampering, present significant risks to electronic systems. While detecting tampering on a PCB is the first step for verification, forensics is also needed to identify the modified component. One non-invasive and reliable PCB tamper detection technique with global coverage is the impedance characterization of PCB's power delivery network (PDN). However, it is an open question whether one can use the two-dimensional impedance signatures for forensics purposes. In this work, we introduce a novel PCB forensics approach, using explainable AI (XAI) on impedance signatures. Through extensive experiments, we replicate various PCB tamper events, generating a dataset used to develop an XAI algorithm capable of not only detecting tampering but also explaining why the algorithm makes a decision about whether a tamper event has happened. At the core of our XAI algorithm is a random forest classifier with an accuracy of 96.7%, sufficient to explain the algorithm's decisions. To understand the behavior of the classifier In the decision-making process, we utilized the SHAP values as an XAI tool to determine which frequency component influences the classifier's decision for a particular class the most. This approach enhances detection capabilities as well as advancing the verifier's ability to reverse-engineer and analyze two-dimensional impedance signatures for forensics.more » « less
-
This work presents the design, analysis, and experimental validation of a novel chip-based 3-D printed ultra-high frequency (UHF) radio frequency identification (RFID) sensor designed for leaf moisture detection for smart farming applications. The presented sensor is designed to operate at a frequency of 915 MHz and utilizes an integrated circuit (IC) chip having a specified impedance of 18.06−j164 Ω at 915 MHz. The proposed sensor is fabricated by the state-of-the-art Nano Dimension DragonFly IV 3-D printer. The 3-D printer uses both dielectric and conductive inks in a single printer for producing additive manufactured electronics (AME). The performance of the sensor is validated by experiments conducted on Valley Oak, Japanese tree lilac, and Crabapple leaf samples. The sensor’s functionality is based on its ability to detect variations in the dielectric properties of leaves, which are caused by changes in moisture content. This is achieved by analyzing the radio frequency (RF) backscattered signal, measured in terms of the received signal strength indicator (RSSI) levels, using a standard RFID reader. Experimental results demonstrate a consistent linear relationship between RSSI levels and leaf moisture content that is used to obtain a calibration curve that can accurately determine unknown moisture levels. By integrating advanced fabrication techniques with reliable RF sensing mechanisms, this work offers a sustainable, and scalable solution for monitoring plant health and optimizing agricultural productivity.more » « less
-
Thispaperdescribesanewphysicalsidechannel,i.e. the backscattering side channel, that is created by transmitting a signal toward the IC, where the internal impedance changes caused by on-chip switching activity modulate the signal that is backscattered (reflected) from the IC. To demonstrate how this new side-channel can be used to detect small changes in circuit impedances, we propose a new method for nondestructively detecting hardware Trojans (HTs) from outside of the chip. We experimentally confirm, using measurements on one physical instance for training and nine other physical instances for testing, that the new side-channel, when combined with an HT detection method, allows detection of a dormant HT in 100% of the HT-afflicted measurements for a number of different HTs, while producing no false positives in HT free measurements. Furthermore, additional experiments are conducted to compare the backscattering-based detection to one that uses the traditional EM-emanation-based side channel. These results show that backscattering-based detection outperforms the EM side channel, confirm that dormant HTs are much more difficult for detection than HTs that have been activated, and show how detection is affected by changing the HT’s size and physical location on the IC.more » « less
