Extraction of Secrets from 40nm CMOS Gate Dielectric Breakdown Antifuses by FIB Passive Voltage Contrast

• URL: http://arxiv.org/abs/2501.13276v1
• Date: Wed, 22 Jan 2025 23:40:21 GMT
• Title: Extraction of Secrets from 40nm CMOS Gate Dielectric Breakdown Antifuses by FIB Passive Voltage Contrast
• Authors: Andrew D. Zonenberg, Antony Moor, Daniel Slone, Lain Agan, Mario Cop,
• Abstract summary: Antifuses are widely used for storing small amounts of data in integrated circuits.<n>We demonstrate that data bits stored in a widely used antifuse block can be extracted by a semiconductor failure analysis technique.<n>We identify several potential mechanisms by which it may be possible to read the even and odd rows separately.
• Score: 0.0
• License: http://creativecommons.org/licenses/by-nc-sa/4.0/
• Abstract: CMOS one-time-programmable (OTP) memories based on antifuses are widely used for storing small amounts of data (such as serial numbers, keys, and factory trimming) in integrated circuits due to their low cost, requiring no additional mask steps to fabricate. Device manufacturers and IP vendors have claimed for years that antifuses are a ``high security" memory which is significantly more difficult for an attacker to extract data from than other types of memory, such as Flash or mask ROM - however, as our results show, this is untrue. In this paper, we demonstrate that data bits stored in a widely used antifuse block can be extracted by a semiconductor failure analysis technique known as passive voltage contrast (PVC) using a focused ion beam (FIB). The simple form of the attack demonstrated here recovers the bitwise OR of two physically adjacent memory rows sharing common metal 1 contacts, however we have identified several potential mechanisms by which it may be possible to read the even and odd rows separately. We demonstrate the attack on a commodity microcontroller made on the 40nm node and show how it can be used to extract significant quantities of sensitive data, such as keys for firmware encryption, in time scales which are very practical for real world exploitation (1 day of sample prep plus a few hours of FIB time) with only a single target device required after initial reconnaissance has been completed on blank devices.

Related papers

• Chypnosis: Stealthy Secret Extraction using Undervolting-based Static Side-channel Attacks [3.4482813947866693]
  We introduce a novel class of static side-channel attacks, called Chypnosis, that enables adversaries to freeze a chip's internal clock. We demonstrate that, by rapidly dropping a chip's voltage below the standard nominal levels, the attacker can bypass the clock and voltage sensors and put the chip in a so-called brownout condition. We show that not only are all clock sources deactivated, but various clock and voltage sensors also fail to detect the event.
  arXiv  Detail & Related papers  (2025-04-15T21:43:33Z)
• Memory Efficient Transformer Adapter for Dense Predictions [42.413108132475855]
  We propose META, a memory-efficient ViT adapter that can improve the model's memory efficiency and decrease memory time consumption. Within the proposed block, the cross-shaped self-attention is employed to reduce the model's frequent reshaping operations. META substantially enhances the predicted quality, while achieving a new state-of-the-art accuracy-efficiency trade-off.
  arXiv  Detail & Related papers  (2025-02-04T03:19:33Z)
• DeviceRadar: Online IoT Device Fingerprinting in ISPs using Programmable Switches [37.41464693677561]
  Device fingerprinting can be used by Internet Service Providers (ISPs) to identify vulnerable IoT devices for early prevention of threats. This paper proposes DeviceRadar, an online IoT device fingerprinting framework that achieves accurate, real-time processing in ISPs using programmable switches.
  arXiv  Detail & Related papers  (2024-04-19T09:31:11Z)
• Memristor-Based Lightweight Encryption [0.6774275305946261]
  Next-generation personalized healthcare devices are undergoing extreme miniaturization in order to improve user acceptability. cryptographic primitives using available target technologies are notorious for their energy consumption. We propose a 40-nm RRAM-based GIFT-cipher implementation using a 1T1R configuration with promising results.
  arXiv  Detail & Related papers  (2024-03-29T19:30:08Z)
• RandOhm: Mitigating Impedance Side-channel Attacks using Randomized Circuit Configurations [6.388730198692013]
  We introduce RandOhm, which exploits a moving target defense (MTD) strategy based on the partial reconfiguration (PR) feature of mainstream FPGAs. We demonstrate that the information leakage through the PDN impedance could be significantly reduced via runtime reconfiguration of the secret-sensitive parts of the circuitry. In contrast to existing PR-based countermeasures, RandOhm deploys open-source bitstream manipulation tools to speed up the randomization and provide real-time protection.
  arXiv  Detail & Related papers  (2024-01-17T02:22:28Z)
• Utilizing Layout Effects for Analog Logic Locking [3.3123773366516645]
  We present a groundbreaking method for safeguarding analog IP by harnessing layout-based effects that are typically considered undesirable in IC design. Specifically, we exploit the impact of Length of Oxide Diffusion and Well Proximity Effect on transistors to fine-tune critical parameters such as transconductance (gm) and threshold voltage (Vth) Our research explores the application of layout-based effects in two commercial CMOS technologies, namely a 28nm and a 65nm node.
  arXiv  Detail & Related papers  (2024-01-12T11:13:04Z)
• Survey of Security Issues in Memristor-based Machine Learning Accelerators for RF Analysis [0.0]
  We explore security aspects of a new computing paradigm that combines novel memristors and traditional CMOS. Memristors have different properties than traditional CMOS which can potentially be exploited by attackers. Mixed signal approximate computing model has different vulnerabilities than traditional digital implementations.
  arXiv  Detail & Related papers  (2023-12-01T21:44:35Z)
• A Machine Learning Approach to Predicting Single Event Upsets [0.0]
  A single event upset (SEU) is a critical soft error that occurs in semiconductor devices on exposure to ionising particles from space environments. Currently, SEUs are only detected several hours after their occurrence. CREMER, the model presented in this paper, predicts SEUs in advance using machine learning.
  arXiv  Detail & Related papers  (2023-10-09T17:19:49Z)
• TinyAD: Memory-efficient anomaly detection for time series data in Industrial IoT [43.207210990362825]
  We propose a novel framework named Tiny Anomaly Detection (TinyAD) to efficiently facilitate onboard inference of CNNs for real-time anomaly detection. To reduce the peak memory consumption of CNNs, we explore two complementary strategies, in-place, and patch-by-patch memory rescheduling. Our framework can reduce peak memory consumption by 2-5x with negligible overhead.
  arXiv  Detail & Related papers  (2023-03-07T02:56:15Z)
• CodedPaddedFL and CodedSecAgg: Straggler Mitigation and Secure Aggregation in Federated Learning [86.98177890676077]
  We present two novel coded federated learning (FL) schemes for linear regression that mitigate the effect of straggling devices. The first scheme, CodedPaddedFL, mitigates the effect of straggling devices while retaining the privacy level of conventional FL. The second scheme, CodedSecAgg, provides straggler resiliency and robustness against model inversion attacks.
  arXiv  Detail & Related papers  (2021-12-16T14:26:30Z)
• Recovering AES Keys with a Deep Cold Boot Attack [91.22679787578438]
  Cold boot attacks inspect the corrupted random access memory soon after the power has been shut down. In this work, we combine a novel cryptographic variant of a deep error correcting code technique with a modified SAT solver scheme to apply the attack on AES keys. Our results show that our methods outperform the state of the art attack methods by a very large margin.
  arXiv  Detail & Related papers  (2021-06-09T07:57:01Z)
• Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
  adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes. We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks. These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
  arXiv  Detail & Related papers  (2020-08-17T07:16:57Z)
• One-step regression and classification with crosspoint resistive memory arrays [62.997667081978825]
  High speed, low energy computing machines are in demand to enable real-time artificial intelligence at the edge. One-step learning is supported by simulations of the prediction of the cost of a house in Boston and the training of a 2-layer neural network for MNIST digit recognition. Results are all obtained in one computational step, thanks to the physical, parallel, and analog computing within the crosspoint array.
  arXiv  Detail & Related papers  (2020-05-05T08:00:07Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.