13 research outputs found
Recommended from our members
Reverse engineering Flash EEPROM memories using Scanning Electron Microscopy
In this article, a methodology to extract Flash EEPROM memory contents is presented. Samples are first backside prepared to expose the tunnel oxide of floating gate transistors. Then, a Scanning Electron Microscope (SEM) in the so called Passive Voltage Contrast (PVC) mode allows distinguishing ‘0’ and ‘1’ bit values stored in individual memory cell. Using SEM operator-free acquisition and standard image processing technique we demonstrate the possible automating of such technique over a full memory. The presented fast, efficient and low cost technique is successfully implemented on 0.35 technology node microcontrollers and on a 0.21 smart card type integrated circuit. The technique is at least two orders of magnitude faster than state-of-the-art Scanning Probe Microscopy (SPM) methods. Without adequate protection an adversary could obtain the full memory array content within minutes. The technique is a first step for reverse engineering secure embedded systems
Recommended from our members
Hardware Security Implications of Reliability, Remanence and Recovery in Embedded Memory
Secure semiconductor devices usually destroy key material on tamper detection. However, data remanence effect in SRAM and Flash/EEPROM makes secure erasure process more challenging. On the other hand, data integrity of the embedded memory is essential to mitigate fault attacks and Trojan malware. Data retention issues could influence the reliability of embedded systems. Some examples of such issues in industrial and automotive applications are presented. When it comes to the security of semiconductor devices, both data remanence and data retention issues could lead to possible data recovery by an attacker. This paper introduces a new power glitching technique that reduces the data remanence time in embedded SRAM from seconds to microseconds at almost no cost. This would definitely help in designing systems with better secret key guarding. Data remanence in non-volatile memory could be influenced in the same way. The effect of data remanence and data retention on hardware security is discussed and possible countermeasures are suggested. This should raise awareness among the designers of secure embedded systems
Hardware Security of Emerging Non-Volatile Memory Devices under Imaging Attacks
The emerging non-volatile memory (NVM)
devices are currently changing the landscape of computing
hardware. However, their hardware security remains
relatively unexplored in the field. This is a critical research
problem because given that they are non-volatile, sensitive
information may be vulnerable to various physical attacks
unless properly encrypted. In this work, we investigated
security vulnerability of two emerging non-volatile memory
devices (STT-MRAM and RRAM) against the most
commonly available, non-destructive physical attack –
Scanning Electron Microscope (SEM) imaging. The central
premise is that if any difference of memory cells in high
resistance and low resistance (bit ‘1’ and ‘0’) states can be
detected in SEM, stored data could possibly leak or be stolen
by adversaries. It is concluded that unless advanced elemental
analysis techniques such as energy dispersive x-ray
spectroscopy (EDX) are used, it is very unlikely that the bit
information stored in these memory cells leak out by imaging
attacks
Deep dip teardown of tubeless insulin pump
This paper introduces a deep level teardown process of a personal medical device - the OmniPod wireless tubeless insulin pump. This starts with mechanical teardown exposing the engineering solutions used inside the device. Then the electronic part of the device is analysed followed by components identification. Finally, the firmware extraction is performed allowing further analysis of the firmware inside the device as well as real-time debugging. This paper also evaluates the security of the main controller IC of the device. It reveals some weaknesses in the device design process which lead to the possibility of the successful teardown. Should the hardware security of the controller inside the device was well thought through, the teardown process would be far more complicated. This paper demonstrates what the typical teardown process of a personal medical device involves. This knowledge could help in improving the hardware security of sensitive devices
Hardware Security Evaluation of MAX 10 FPGA
With the ubiquity of IoT devices there is a growing demand for
confidentiality and integrity of data. Solutions based on reconfigurable logic
(CPLD or FPGA) have certain advantages over ASIC and MCU/SoC alternatives.
Programmable logic devices are ideal for both confidentiality and upgradability
purposes. In this context the hardware security aspects of CPLD/FPGA devices
are paramount. This paper shows preliminary evaluation of hardware security in
Intel MAX 10 devices. These FPGAs are one of the most suitable candidates for
applications demanding extensive features and high level of security. Their
strong and week security aspects are revealed and some recommendations are
suggested to counter possible security vulnerabilities in real designs. This is
a feasibility study paper. Its purpose is to highlight the most vulnerable
areas to attacks aimed at data extraction and reverse engineering. That way
further investigations could be performed on specific areas of concern