Abstracts by Session
Session G: Hardware Security & Counterfeiting
| Wed 14:20 – 15:00 | Dr. Navid Asidi | Failure Analysis for Physical Assurance |
In this presentation we will focus on the physical inspection methods, attacks, reverse engineering techniques, and counterfeit electronics from the device to system level. With hardware being at the heart of the communication and networking systems, it is paramount to understand it’s security and the vulnerabilities. This talk presents how advanced microscopy, failure analysis (FA) techniques combined with image analysis and machine learning can provide assurance to electronics systems and set the stage for secure microelectronics hardware.
| Wed 15:00 – 15:20 | Samuel Chef | Leveraging on FA tools for the recovery of embedded memory data |
Embedded memory plays a critical role in integrated circuits such as Microcontrollers (MCU), Systems on Chip, FPGAs, Edge AI accelerator and many more. To achieve higher performances and meet requirements of an always wider range of applications with a minimum form-factor and device footprint, various types of volatile and non-volatile memory devices can be found in modern chips. These may store sensitive assets such as firmware, encryption keys, application and/or user’s data. As such, they may hold critical information for forensic analysis but also constitute a target of choice for an ill-intention attacker. In this talk, we will discuss the state-of-art techniques for data recovery from embedded memory using various techniques that can be either semi or fully invasive approaches. A discussion on the challenges raised by the state-of-the-art semiconductor devices will conclude this presentation.
| Wed 15:20 – 15:40 | Jean Pierre Seifert | No Need for Reverse Engineering – Machine Learning Will Do It for Us |
Usually, hardware vendors commonly believe that the ever-growing physical complexity of the integrated circuit (IC) designs can be a natural barrier against potential adversaries. In this work, we present a novel approach that can extract secrets without any knowledge of the IC’s layout, and independent from the employed memory technology as key storage. Using deep learning methods, we automate the – traditionally very labor-intensive – reverse-engineering and data extraction process. We showcase the potential of our approach by targeting keys on three different hardware platforms, which are utilized as RoT in different products.
| Wed 15:40 – 16:00 | Jörg Jatzkowski | E-Beam Probing to attac sub 20nm nodes |
Contactless probing methods through the chip backside have been shown to be powerful failure analysis technique with great potential for highly integrated circuits. But they can also be used for hardware attacks to disturb security functions on the chip or read out secured information. For ICs of nm-nodes optical methods are more and more limited and new approaches like E‑Beam probing are required to get access to the IC signals. However the backside preparation down to less than 1 µm is challenging, especially if the circuit working condition must be maintained. In comparison to optical techniques e.g., emission microscopy and laser voltage probing electron beam based techniques provide a much higher resolution and allow the visualization of static electrical signals. One limitation is the small interaction volume of E‑beam in comparison to optical methods. This work presents a workflow for local Si substrate thinning down to STI level of an integrated circuit to enable E‑Beam probing from the chip backside. It will be demonstrated that SEM based contrast mechanisms can differentiate between electrical states of transistors under working conditions. Furthermore, the electron beam can be used to modify the state of a single transistor and is able to interrupt internal signals as well.
| Wed 16:00 – 16:20 | Neel Leslie | Overcoming hardware attacks with Meridian E: a new approach for nondestructive security validation |
Optical based failure analysis techniques are common in many hardware security laboratories. Among them, laser voltage imaging (LVI) and laser voltage probing (LVP)—collectively called LVx—dominate because they directly expose the electrical activity of a given circuit or cell. Recently, electron beam (e-beam) probing has had a resurgence in failure analysis due to the clear resolution improvement vs optical tools. Scanning electron microscopes (SEM)s can achieve extremely high spatial resolution, of less than 2nm spatial resolution. This is at least a 75x improvement for the standard VLP system, which is limited about 120-150nm in resolution. In addition, ebeam probing can detect dynamic signals from metal structures. This is critical in addressing the requirements for the emerging technologies such as active shields, where optical techniques will become limited due to the inability of photons to penetrate high density metal lines. In addition, by employing a fast beam blanker, the ebeam prober can provide both high spatial resolution as well as high temporal resolution measurements. This presentation herein describes the Meridian EX system’s capability for hardware security.
| Wed 16:20 – 16:40 | Stephan Nickell | High-Throughput Imaging of Semiconductors and Electronic Components by Multi-beam SEM |
The continuous shrink of semiconductors imposes several challenges not only for IC fabrication but also for imaging these structures in process control, reverse engineering and failure analysis applications. Scanning electron microscopy (SEM) can resolve the relevant patterns, but so far has not been able to achieve the throughput requirements for large area imaging at practicable rates. Using a multi-beam SEM increases the throughput dramatically and therefore allows to image chips and components in their entirety. Here, we will present details on the ZEISS MultiSEM and how this worldwide fastest multi-beam electron microscope can facilitate imaging and analysis of modern integrated circuits and electronic components.