Integrated-Circuit Surgery: getting to the heart of the problem with - - PowerPoint PPT Presentation

integrated circuit surgery
SMART_READER_LITE
LIVE PREVIEW

Integrated-Circuit Surgery: getting to the heart of the problem with - - PowerPoint PPT Presentation

Nov 25, 2023 261 likes •576 views

Integrated-Circuit Surgery: getting to the heart of the problem with the smallest scalpel John Walker Hardware.io The Hague, Netherlands 1 September 2019 The need for secure hardware Software, Firmware and Hardware. All can contribute to

slide-1
SLIDE 1

Hardware.io The Hague, Netherlands September 2019

John Walker

1

Integrated-Circuit Surgery:

getting to the heart of the problem with the smallest scalpel

slide-2
SLIDE 2

Hardware.io The Hague, Netherlands September 2019

The need for secure hardware

▪ Software, Firmware and Hardware. All can contribute to making a microchip secure ▪ Software, Firmware and Hardware. They can all equally contribute to making a secure microchip insecure ▪ This talk concentrates on hardware security and on the physical aspects of that security ▪ A chip can be hacked given enough time, effort and resources. The defender is tasked with ensuring that the expenditure of time, effort and resources is greater than any gain from a successful attack

2

slide-3
SLIDE 3

Hardware.io The Hague, Netherlands September 2019

Different forms of secure hardware: Hard versus hardened

3

▪ The typical microprocessor is hard because it is complex ▪ Small geometry down to 7nm ▪ Billions of elements ▪ Complex data flow, but designed for speed and efficiency with security down the list ▪ A secure chip is hardened but might not be complex ▪ Limited number of features ▪ Secure shields ▪ Security is the first priority

slide-4
SLIDE 4

4

What does hardened mean?

▪ Software and Firmware are designed to prevent known attack paths. Internal firewalling, error checking and obfuscation are used to stop attacks ▪ Features such as true random number generators are used ▪ Test and analysis functions such as JTAG are either not present, disabled or cryptographically secured ▪ A secure chip is normally protected against probing attacks using a shield or system of shield.

slide-5
SLIDE 5

5

Physical attacks

▪ Probing ▪ Rewiring ▪ Focused ion beam ▪ Changing the chip behaviour to do what you want

slide-6
SLIDE 6

6

Focused Ion Beam Workstation

▪ First it is a microscope – An ion microscope with 5nm resolution – An electron microscope with sub- nanometer resolution – An infra-red microscope to look through silicon ▪ Second it is a digging tool – The Ga ion beam can sputter away material with significantly sub-micron resolution – It can selectively remove different materials (aluminium, copper, dielectric) ▪ Third it can add new circuit to your chip – Deposit new conductive tracks and probe points using metal deposition ▪ Changing the chip behaviour to do what you want

slide-7
SLIDE 7

7

Stages in an attack

  • 1. Are you testing security, breaching security or researching security?
  • 2. Find out what is there first

– Read available documentation (maybe not much) – Reverse engineer the chip

  • 3. Identify the potential weaknesses and try to exploit them
  • 4. Change the chip behaviour to do what you want
slide-8
SLIDE 8

8

Reverse Engineering

▪ Reverse engineer to make a 3 dimensional map of a chip – Many chips die, but their sacrifice guarantees them a place in heaven ▪ Strip back layer-by-layer – Wet chemical etching – Mechanical grinding and lapping – Reactive ion etching ▪ Capture an image of each layer, including all gates, interconnects and vias ▪ Identify the functions

  • f blocks, cells/gates

and structures – Identify how the above are interconnected – Identify weak points

slide-9
SLIDE 9

9

Strip back layers

slide-10
SLIDE 10

Hardware.io The Hague, Netherlands September 2019

Active security shields

▪ Prevention of probing attacks ▪ Top one or two layers are shield ▪ Multiple active circuits – If any circuit is cut (open-circuit) then the chip is disabled – If any two adjacent circuits touch (short-circuit) then the chip is disabled ▪ The chip only recognises fault when it is powered up

slide-11
SLIDE 11

Hardware.io The Hague, Netherlands September 2019

Limited area attacks

Used to remove the active shield from above a single point for probing.

slide-12
SLIDE 12

Hardware.io The Hague, Netherlands September 2019

Bridge shield lines

A loop in the active circuit can be short-circuited without affecting the circuit.

slide-13
SLIDE 13

Hardware.io The Hague, Netherlands September 2019

Expose shield area to be removed

The loop can be exposed. It is then possible to remove the loop material without a breach being detected.

slide-14
SLIDE 14

Hardware.io The Hague, Netherlands September 2019

Remove shield

▪ Is this useful? ▪ Only a small area removed ▪ Difficult to align to tracks under shield ▪ Easy to short-circuit your FIB edit to the bridge created on the shield

slide-15
SLIDE 15

Hardware.io The Hague, Netherlands September 2019

First find the contacts

Use backscattered electrons to look for tungsten plugs ▪ First, find where the tracks contact the circuit below ▪ Use backscattered electrons to look for tungsten plugs

slide-16
SLIDE 16

Hardware.io The Hague, Netherlands September 2019

Cut track at each end

▪ When the track is cut at each end, the track appears dark ▪ This is a voltage contrast effect

slide-17
SLIDE 17

Track ends are short-circuited

When the track ends are short-circuited, the tracks can be removed or ignored

slide-18
SLIDE 18

Shields with parallel lines

Use backscattered electrons to look for tungsten plugs ▪ First, find where the tracks contact the circuit below ▪ Use backscattered electrons to look for tungsten plugs

slide-19
SLIDE 19

Use voltage contrast to find connections

Open the first field of circuits. Open once to expose, and a second time to cut them.

▪ First, try to map out the basic shield structure ▪ Expose the sixteen separate shield lines ▪ Cut the lines close to the contacts below

slide-20
SLIDE 20

Open the second field to expose the shield tracks

▪ Expose the circuit lines

  • f the second column of

contacts

slide-21
SLIDE 21

Cut the first track

Use voltage contrast to find the correct wire to short to

▪ Cut one of the lines of the second column ▪ Note which line goes dark (voltage contrast)

slide-22
SLIDE 22

Restore the shield

▪ Connect the lines of the chosen track to bypass

slide-23
SLIDE 23

Continue to cut shield and restore

▪ Connect the other lines to bypass the whole circuit block

slide-24
SLIDE 24

Hardware.io The Hague, Netherlands September 2019

Data gathering with internal probing

24

▪ Placing probe points

  • n a bus

▪ Disable RNG and RNG checking ▪ Enable JTAG ▪ Read or set registers

slide-25
SLIDE 25

Hardware.io The Hague, Netherlands September 2019

An alternative route to the data: backside edit

25

▪ If the active shield is too hard to bypass ▪ If it is a flip-chip with ball bonds ▪ If the interesting tracks are really deep

slide-26
SLIDE 26

Hardware.io The Hague, Netherlands September 2019

Find your feature – IR microscopy

26

▪ Backside edit uses IR microscopy to find an area of interest ▪ IR resolution is about 1μm. Small tracks cannot be seen ▪ You need to have an accurate reverse engineered layout and nearby alignment points ▪ You should also know where the n-wells and other implanted areas are. Very hard for hackers without the GDS11 layout

slide-27
SLIDE 27

Hardware.io The Hague, Netherlands September 2019

Start digging

27

slide-28
SLIDE 28

Hardware.io The Hague, Netherlands September 2019

Keep digging

28

slide-29
SLIDE 29

Hardware.io The Hague, Netherlands September 2019

Stop digging

29

▪ N-wells become visible ▪ Stop digging immediately ▪ Align to layout points between active areas ▪ Cut tracks, join tracks or put down probe points (and hope you can reach them)

slide-30
SLIDE 30

Hardware.io The Hague, Netherlands September 2019

Congratulate yourself

30