Contactless visible light probing for nanoscale ICs through 10 μm bulk silicon

This paper explains why only optical techniques will be able to provide debug and diagnosis of bulk silicon FinFET technologies. In order to apply optical techniques through a convenient thickness of silicon on the one hand, light is limited to NIR to minimize absorption. To match resolution requirements on the other hand, it becomes mandatory to use shorter wavelengths. Two key issues have to be addressed: First, the penetration depth of visible light is only a few μm. This challenges device preparation and integrity. Our approach makes use of confocal microscopy suppressing back surface reflection and thus relaxing the preparation requirements to around 10 μm. Second, only solid immersion lenses (SIL) enable nanoscale resolution. But instead of silicon, materials transparent to visible light and providing a high refractive index are necessary. Our concept is based on 658 nm/633 nm laser and supports GaP as SIL material. We demonstrate the power of confocal imaging and prove contactless probing through a device thickness of 10 μm. We discuss how confocal optics relax the thickness requirements for visible light imaging and probing and we layout the concept for a GaP SIL. This concept opens the path to the design of nanoscale visible light debug and diagnosis

On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs

Modern Integrated Circuits (ICs) employ several classes of countermeasures to mitigate physical attacks. Recently, a powerful semi-invasive attack relying on optical contactless probing has been introduced, which can assist the attacker in circumventing the integrated countermeasures and probe the secret data on a chip. This attack can be mounted using IC debug tools from the backside of the chip. The first published attack based on this technique was conducted against a proof-of-concept hardware implementation on a Field Programmable Gate Array (FPGA). Therefore, the success of optical probing techniques against a real commercial device without any knowledge of the hardware implementation is still questionable. The aim of this work is to assess the threat of optical contactless probing in a real attack scenario. To this end, we conduct an optical probing attack against the bitstream encryption feature of a common FPGA. We demonstrate that the adversary is able to extract the plaintext data containing sensitive design information and intellectual property (IP). In contrast to previous optical attacks from the IC backside, our attack does not require any device preparation or silicon polishing, which makes it a non-invasive attack. Additionally, we debunk the myth that small technology sizes are unsusceptible to optical attacks, as we use an optical resolution of about 1 um to successfully attack a 28 nm device. Based on our time measurements, an attacker needs less than 10 working days to conduct the optical analysis and reverse-engineer the security-related parts of the hardware. Finally, we propose and discuss potential countermeasures, which could make the attack more challenging

Physical Characterization of Arbiter PUFs

As intended by its name, Physically Unclonable Functions (PUFs) are considered as an ultimate solution to deal with insecure stor- age, hardware counterfeiting, and many other security problems. How- ever, many different successful attacks have already revealed vulnera- bilities of certain digital intrinsic PUFs. Although settling-state-based PUFs, such as SRAM PUFs, can be physically cloned by semi-invasive and fully-invasive attacks, successful attacks on timing-based PUFs were so far limited to modeling attacks. Such modeling requires a large sub- set of challenge-response-pairs (CRP) to successfully model the targeted PUF. In order to provide a final security answer, this paper proves that all arbiter-based (i.e. controlled and XOR-enhanced) PUFs can be com- pletely and linearly characterized by means of photonic emission analy- sis. Our experimental setup is capable of measuring every PUF-internal delay with a resolution of 6 picoseconds. Due to this resolution we in- deed require only the theoretical minimum number of linear independent equations (i.e. physical measurements) to directly solve the underlying inhomogeneous linear system. Moreover, we neither require to know the actual PUF challenges nor the corresponding PUF responses for our physical delay extraction. On top of that devastating result, we are also able to further simplify our setup for easier physical measurement han- dling. We present our practical results for a real arbiter PUF implemen- tation on a Complex Programmable Logic Device (CPLD) from Altera manufactured in a 180 nanometer process

Monitoring of the formation of a photosensitive device by electric breakdown of an impurity containing oxide in a MOS capacitor

The formation of an photosensitive device due to the local breakdown in an MOS structure with an impurity containing oxide layer has been monitored. A stepwise breakdown of the oxide layer resulted in the formation of a diode like characteristics with further on stable current-voltage characteristics. Under illumination with white and blue light we found a high photosensitivity of the resulting structure, probably due to the formation of a local p-n junction due to out-diffusion from the oxide of n-type dopants into the underlying silicon substrate. Using a blue light LED illumination during the monitoring of the device formation enables the identification of the moment, when a high ratio between photo- and dark current is obtained

Key Extraction Using Thermal Laser Stimulation: A Case Study on Xilinx Ultrascale FPGAs

Thermal laser stimulation (TLS) is a failure analysis technique, which can be deployed by an adversary to localize and read out stored secrets in the SRAM of a chip. To this date, a few proof-of-concept experiments based on TLS or similar approaches have been reported in the literature, which do not reflect a real attack scenario. Therefore, it is still questionable whether this attack technique is applicable to modern ICs equipped with side-channel countermeasures. The primary aim of this work is to assess the feasibility of launching a TLS attack against a device with robust security features. To this end, we select a modern FPGA, and more specifically, its key memory, the so-called battery-backed SRAM (BBRAM), as a target. We demonstrate that an attacker is able to extract the stored 256-bit AES key used for the decryption of the FPGA’s bitstream, by conducting just a single non-invasive measurement. Moreover, it becomes evident that conventional countermeasures are incapable of preventing our attack since the FPGA is turned off during key recovery. Based on our time measurements, the required effort to develop the attack is shown to be less than 7 hours. To avert this powerful attack, we propose a low-cost and CMOS compatible countermeasure circuit, which is capable of protecting the BBRAM from TLS attempts even when the FPGA is powered off. Using a proof-of-concept prototype of our countermeasure, we demonstrate its effectiveness against TLS key extraction attempts

2D modelling of polycrystalline silicon thin film solar cells

The influence of grain boundary (GB) properties on device parameters of polycrystalline silicon (poly-Si) thin film solar cells is investigated by two-dimensional device simulation. A realistic poly-Si thin film model cell composed of antireflection layer, (n+)-type emitter, thick p-type absorber, and (p+)-type back surface field was created. The absorber consists of a low-defect crystalline Si grain with an adjacent highly defective grain boundary layer. The performances of a reference cell without GB, one with n-type and one with p-type GB, respectively, are compared. The doping concentration and defect density at the GB are varied. It is shown that the impact of the grain boundary on the poly-Si cell is twofold: a local potential barrier is created at the GB, and a part of the photogenerated current flows within the GB. Regarding the cell performance, a highly doped n-type GB is less critical in terms of the cell’s short circuit current than a highly doped p-type GB, but more detrimental in terms of the cell’s open circuit voltage and fill factor

2D modelling of polycrystalline silicon thin film solar cells

The influence of grain boundary (GB) properties on device parameters of polycrystalline silicon (poly-Si) thin film solar cells is investigated by two-dimensional device simulation. A realistic poly-Si thin film model cell composed of antireflection layer, (n+)-type emitter, thick p-type absorber, and (p+)-type back surface field was created. The absorber consists of a low-defect crystalline Si grain with an adjacent highly defective grain boundary layer. The performances of a reference cell without GB, one with n-type and one with p-type GB, respectively, are compared. The doping concentration and defect density at the GB are varied. It is shown that the impact of the grain boundary on the poly-Si cell is twofold: a local potential barrier is created at the GB, and a part of the photogenerated current flows within the GB. Regarding the cell performance, a highly doped n-type GB is less critical in terms of the cell’s short circuit current than a highly doped p-type GB, but more detrimental in terms of the cell’s open circuit voltage and fill factor

Photonic Side-Channel Analysis of Arbiter PUFs

As intended by its name, Physically Unclonable Functions (PUFs) are considered as an ultimate solution to deal with insecure storage, hardware counterfeiting, and many other security problems. However, many different successful attacks have already revealed vulnerabilities of certain digital intrinsic PUFs. This paper demonstrates that legacy arbiter PUF and its popular extended versions (i.e., Feed-forward and XOR-enhanced) can be completely and linearly characterized by means of photonic emission analysis. Our experimental setup is capable of measuring every PUF-internal delay with a resolution of 6 picoseconds. Due to this resolution we indeed require only the theoretical minimum number of linear independent equations (i.e., physical measurements) to directly solve the underlying inhomogeneous linear system. Moreover, it is not required to know the actual PUF responses for our physical delay extraction. We present our practical results for an arbiter PUF implementation on a Complex Programmable Logic Device (CPLD) manufactured with a 180 nanometer process. Finally, we give an insight into photonic emission analysis of arbiter PUF on smaller chip architectures by performing experiments on a Field Programmable Gate Array (FPGA) manufactured with a 60 nanometer process