Challenges and examples of in-situ memory content extraction techniques

We present embedded devices memory elements - from core registers to off chip-use, type and architecture before summarising their features regarding extraction techniques at scale. We list recent and on-going attack platform methodologies prior analysing their pros and cons. Particularly of importance, we address combined attack approaches, signal processing techniques and the challenges of low cost extraction methodologies. Above all, we characterise beam-based extraction techniques, starting from sample preparation before concluding on in-situ memory content extraction limits and countermeasures

Practical Partial Hardware Reverse Engineering Analysis

Funder: Isaac Newton Trust; doi: https://doi.org/10.13039/501100004815Abstract: Reverse engineering typically requires expensive equipment, skilled technicians, time, a cross section of the component to be sliced out and a dedicated reconstruction software. In this paper, we present a low-cost alternative, combining fast frontside sample preparation, electron microscopy imaging, error-free standard cell recognition and within and between-die standard cell statistical analysis (SCSA). Step-by-step, we depict the process to access the transistor’s drain/source area, to acquire the full area of a single chip layer, to adapt pattern recognition for standard cells and to analyze the standard cell width, local/global location and occurrences number. The inner workings of each step are accompanied by results on 45–65-nm FCBGA devices enabling to locate specific areas (e.g. registers, hardware accelerator). We particularly point out the importance of such design information extraction for local fault injection and hardware assurance. The primary goal is to analyze how much design information of a complex integrated circuit can be retrieved with minimal costs and without outsourcing

Partial hardware reverse engineering applied to fine grained laser fault injection and efficient hardware trojans detection

Le travail décrit dans cette thèse porte sur une nouvelle méthodologie de caractérisation des circuits sécurisés basée sur une rétro-conception matérielle partielle : d’une part afin d’améliorer l’injection de fautes laser, d’autre part afin de détecter la présence de Chevaux de Troie Matériels (CTMs). Notre approche est dite partielle car elle est basée sur une seule couche matérielle du composant et car elle ne vise pas à recréer une description schématique ou fonctionnelle de l’ensemble du circuit.Une méthodologie invasive de rétro-conception partielle bas coût, rapide et efficace est proposée. Elle permet d’obtenir une image globale du circuit où seule l’implémentation des caissons des transistors est visible. La mise en œuvre de cette méthodologie est appliquée sur différents circuits sécurisés. L’image obtenue selon la méthodologie déclinée précédemment est traitée afin de localiser spatialement les portes sensibles, voire critiques en matière de sécurité. Une fois ces portes sensibles identifiées, nous caractérisons l’effet du laser sur différentes parties de ces cellules de bases et nous montrons qu’il est possible de contrôler à l’aide d’injections de fautes laser la valeur contenue dans ces portes. Cette technique est inédite car elle valide le modèle de fautes sur une porte complexe en technologie 90 nm. Pour finir une méthode de détection de CTMs est proposée avec le traitement de l’image issue de la rétro-conception partielle. Nous mettons en évidence l’ajout de portes non répertoriées avec l’application sur un couple de circuits. La méthode permet donc de détecter, à moindre coût, de manière rapide et efficace la présence de CTMs.The work described in this thesis covers an integrated circuit characterization methodology based on a partial hardware reverse engineering. On one hand in order to improve integrated circuit security characterization, on the other hand in order to detect the presence of Hardware Trojans. Our approach is said partial as it is only based on a single hardware layer of the component and also because it does not aim to recreate a schematic or functional description of the whole circuit. A low cost, fast and efficient reverse engineering methodology is proposed. The latter enables to get a global image of the circuit where only transistor's active regions are visible. It thus allows localizing every standard cell. The implementation of this methodology is applied over different secure devices. The obtained image according to the methodology declined earlier is processed in order to spatially localize sensible standard cells, nay critical in terms of security. Once these cells identified, we characterize the laser effect over different location of these standard cells and we show the possibility with the help of laser fault injection the value they contain. The technique is novel as it validates the fault model over a complex gate in 90nm technology node.Finally, a Hardware Trojan detection method is proposed using the partial reverse engineering output. We highlight the addition of few non listed cells with the application on a couple of circuits. The method implementation therefore permits to detect, without full reverse-engineering (and so cheaply), quickly and efficiently the presence of Hardware Trojans

Practical Partial Hardware Reverse Engineering Analysis

Funder: Isaac Newton Trust; doi: https://doi.org/10.13039/501100004815Abstract: Reverse engineering typically requires expensive equipment, skilled technicians, time, a cross section of the component to be sliced out and a dedicated reconstruction software. In this paper, we present a low-cost alternative, combining fast frontside sample preparation, electron microscopy imaging, error-free standard cell recognition and within and between-die standard cell statistical analysis (SCSA). Step-by-step, we depict the process to access the transistor’s drain/source area, to acquire the full area of a single chip layer, to adapt pattern recognition for standard cells and to analyze the standard cell width, local/global location and occurrences number. The inner workings of each step are accompanied by results on 45–65-nm FCBGA devices enabling to locate specific areas (e.g. registers, hardware accelerator). We particularly point out the importance of such design information extraction for local fault injection and hardware assurance. The primary goal is to analyze how much design information of a complex integrated circuit can be retrieved with minimal costs and without outsourcing

Rétro-conception matérielle partielle appliquée à l'injection ciblée de fautes laser et à la détection efficace de Chevaux de Troie Matériels

The work described in this thesis covers an integrated circuit characterization methodology based on a partial hardware reverse engineering. On one hand in order to improve integrated circuit security characterization, on the other hand in order to detect the presence of Hardware Trojans. Our approach is said partial as it is only based on a single hardware layer of the component and also because it does not aim to recreate a schematic or functional description of the whole circuit. A low cost, fast and efficient reverse engineering methodology is proposed. The latter enables to get a global image of the circuit where only transistor's active regions are visible. It thus allows localizing every standard cell. The implementation of this methodology is applied over different secure devices. The obtained image according to the methodology declined earlier is processed in order to spatially localize sensible standard cells, nay critical in terms of security. Once these cells identified, we characterize the laser effect over different location of these standard cells and we show the possibility with the help of laser fault injection the value they contain. The technique is novel as it validates the fault model over a complex gate in 90nm technology node.Finally, a Hardware Trojan detection method is proposed using the partial reverse engineering output. We highlight the addition of few non listed cells with the application on a couple of circuits. The method implementation therefore permits to detect, without full reverse-engineering (and so cheaply), quickly and efficiently the presence of Hardware Trojans.Le travail décrit dans cette thèse porte sur une nouvelle méthodologie de caractérisation des circuits sécurisés basée sur une rétro-conception matérielle partielle : d’une part afin d’améliorer l’injection de fautes laser, d’autre part afin de détecter la présence de Chevaux de Troie Matériels (CTMs). Notre approche est dite partielle car elle est basée sur une seule couche matérielle du composant et car elle ne vise pas à recréer une description schématique ou fonctionnelle de l’ensemble du circuit.Une méthodologie invasive de rétro-conception partielle bas coût, rapide et efficace est proposée. Elle permet d’obtenir une image globale du circuit où seule l’implémentation des caissons des transistors est visible. La mise en œuvre de cette méthodologie est appliquée sur différents circuits sécurisés. L’image obtenue selon la méthodologie déclinée précédemment est traitée afin de localiser spatialement les portes sensibles, voire critiques en matière de sécurité. Une fois ces portes sensibles identifiées, nous caractérisons l’effet du laser sur différentes parties de ces cellules de bases et nous montrons qu’il est possible de contrôler à l’aide d’injections de fautes laser la valeur contenue dans ces portes. Cette technique est inédite car elle valide le modèle de fautes sur une porte complexe en technologie 90 nm. Pour finir une méthode de détection de CTMs est proposée avec le traitement de l’image issue de la rétro-conception partielle. Nous mettons en évidence l’ajout de portes non répertoriées avec l’application sur un couple de circuits. La méthode permet donc de détecter, à moindre coût, de manière rapide et efficace la présence de CTMs

In-House Transistors’ Layer Reverse Engineering Characterization of a 45nm SoC

Reverse engineering typically requires expensive equipment, skilled technicians, time, a cross section of the component to be sliced out, and a dedicated reconstruction software. In this paper, we present a low-cost alternative, combining fast frontside sample preparation, electron microscopy imaging, similar standard cell recognition, as well as within and between die Standard Cell Statistical Analysis (SCSA). We develop the process to access the transistor’s drain/source area; image the full surface; develop a robust pattern recognition tool and analyze the standard cell size, local / global location and occurrences number. We present the inner workings of each step and results on 45–65nm FCBGA devices enabling to locate specific areas (core registers, hardware accelerator, and so on) within a die, and find similarities between dies. We particularly point out the importance of such design information extraction for local fault injection and hardware assurance. The primary goal is to analyze how much integrated circuit design information can be retrieved with minimal costs and without outsourcing

Direct charge measurement in Floating Gate transistors of Flash EEPROM using Scanning Electron Microscopy

We present a characterization methodology for fast direct measurement of the charge accumulated on Floating Gate (FG) transistors of Flash EEPROM cells. Using a Scanning Electron Microscope (SEM) in Passive Voltage Contrast (PVC) mode we were able to distinguish between '0' and '1' bit values stored in each memory cell. Moreover, it was possible to characterize the remaining charge on the FG; thus making this technique valuable for Failure Analysis applications for data retent ion measurements in Flash EEPROM. The technique is at least two orders of magnitude faster than state-of-the-art Scanning Probe Microscopy (SPM) methods. Only a relatively simple backside sample preparation is necessary for accessing the FG of memory transistors. The technique presented was successfully implemented on a 0.35 μm technology node microcontroller and a 0.21 μm smart card integrated circuit. We also show the ease of such technique to cover all cells of a memory (using intrinsic features of SEM) and to automate memory cells characterization using standard image processing technique

Combining image processing and laser fault injections for characterizing a hardware AES

International audienceNowadays, the security level of secure integrated circuits makes simple attacks less efficient. The combination of invasive approaches and fault attacks can be seen as more and more pertinent to retrieve secrets from integrated circuits. This article includes a practical methodology and its application. We first describe how to retrieve the physical areas of interest for the attack. Then, we perform a deep fault injection characterization of the area of found. For the former, a methodology based on circuit preparation, Scanning Electron Microscopy (SEM) acquisitions, image registration and processing is given allowing to perform a controlled and localized laser fault attack with a state of the art injection platform. The laser fault injection presented here allows the attacker to perform a "bit-set", a "bit-reset" or a full register "reset". Controlling the value stored in a flip-flop is critical for security. To illustrate this methodology, an encryption algorithm is targeted. We see that efficient method that takes advantage of the comparison between faulty and correct cipher texts, such as Differential Fault Analysis (DFA) or "Safe Error", are particularly relevant with the proposed methodology. The overall methodology can efficiently be used to speed up an attack and to improve the test coverage

SEMBA: a SEM Based Acquisition technique for fast invasive Hardware Trojan detection

International audienceIn this paper, we present how SEMBA, a fast invasive technique for white team Hardware Trojan detection, has been used to differentiate between a maliciously infected integrated circuit and a genuine one. Our methodology is based on the observation of the component’s hardware structure and includes the use of wet etching, Scanning Electron Microscopy and Multiple Image Alignment. Once the Integrated Circuits’ image have been fully reconstructed, image processing allows to detect the presence of the Hardware Trojan (HT). SEMBA is a fully automated approach with a 100% success rate, detecting any ‘transistor-size’ HTs and requiring ‘affordable’ resources and time

Increasing the efficiency of laser fault injections using fast gate level reverse engineering

International audienceLaser fault injections have been evolving rapidly with the advent of more precise, sophisticated and cost-efficient sources, optics and control circuits. In this paper, we show a methodology to improve the test coverage and to speed up analysis based on laser fault injections by only targeting standard cells of interest. We describe how to identify interesting spatial positions thanks to the use of some chemicals along with an automated Scanning Electron Microscope image acquisition, alignment and processing. Using the latter information, fault injections with a high success rate have been obtained against a hardware implemented AES module using a laser beam. With such tools and methodology, we show that attacks become much faster