USE-IT 2007, Toulouse France Valery Ray PBS&T FREUD Methods FIB Invasive Attacks and Countermeasures.

Slides:

Advertisements

Similar presentations

Categories of I/O Devices

Advertisements

Applications of PICs Advantages/disadvantages Digital and analogue control Loops, sub-routines, scanning, counting and feedback Interrupts Problems with.

Opening the Key to Hi-Tech Video Surveillance & Intelligent Video Analytics with Video Management Software Opening the Key to Hi-Tech Video Surveillance.

Chapter 7 Operational-Amplifier and its Applications

Circuit Extraction 1 Outline –What is Circuit Extraction? –Why Circuit Extraction? –Circuit Extraction Algorithms Goal –Understand Extraction problem –Understand.

EE141 © Digital Integrated Circuits 2nd Wires 1 The Wires Dr. Shiyan Hu Office: EERC 731 Adapted and modified from Digital Integrated Circuits: A Design.

Recent achievements and projects in Large MPGDs Rui de Oliveira 21/01/2009 RD51 WG1 workshop.

G53SEC 1 Hardware Security The (slightly) more tactile side of security.

Physical Unclonable Functions and Applications

Introduction The goal of this research is to study the fundamentals of microcontrollers and determine their possible functionality within the laser lab.

Introduction to Network (c) Nouf Aljaffan

Valery Ray Particle Beam Systems & Technology, Methuen, USA Fluorocarbon Precursor for High Aspect Ratio Via Milling in Focused.

1 Steps for Production Code Generation Wind Turbine Pitch Controller 1. Generate test data and extract controller 2. Discretize Change integrator blocks.

Effect of Pads 0.6  m chip June 2002 Final layout.

Utility Scale Arc Flash Analysis using CAPE System Simulator.

Optical Communications Green Book Outline Blue Book for Optical Communications Physical Layer Blue Book for Optical Communications Coding & Synchronization.

1 CCTV SYSTEMS CCTV MONITORS. 2 CCTV SYSTEMS A monitor simply allows remote viewing of cameras in a CCTV system from a control room or other location.

Engineering 1040: Mechanisms & Electric Circuits Fall 2011 Introduction to Embedded Systems.

myDAQ Biomedical Instrumentation Board

VELO upgrade electronics – HYBRIDS Tony Smith University of Liverpool.

SCADA and Telemetry Presented By:.

1 © Unitec New Zealand Embedded Hardware ETEC 6416 Date: - 10 Aug,2011.

Computerized Train Control System by: Shawn Lord Christian Thompson.

OPA549 and Negative Whisker on Enable

Embedded Microcomputer Systems Andrew Karpenko 1 Prepared for Technical Presentation February 25 th, 2011.

MonolithIC 3D Inc., Patents Pending MonolithIC 3D ICs RCAT approach 1 MonolithIC 3D Inc., Patents Pending.

Diffuse Optical Tomography Optimization and Miniaturization ECE 4902-Spring 2014 Thomas Capuano (EE&BME), Donald McMenemy (EE), David Miller (EE), Dhinakaran.

Computer Literacy for IC 3 Unit 1: Computing Fundamentals © 2010 Pearson Education, Inc. | Publishing as Prentice Hall.1 Chapter 1: Identifying Types of.

Avogadro-Scale Engineering: Form and Function MIT, November 18, Three Dimensional Integrated Circuits C.S. Tan, A. Fan, K.N. Chen, S. Das, N.

1HSSPG Georgia Tech High Speed Image Acquisition System for Focal-Plane-Arrays Doctoral Dissertation Presentation by Youngjoong Joo School of Electrical.

02/24/ th FIB/SEM User Group Meeting, Washington DC Valery Ray Developing FIB GAE Recipes: Practical Application of “Unfinished.

© 2008, Renesas Technology America, Inc., All Rights Reserved 1 Course Introduction  Purpose  This Part-A course discusses techniques that are used to.

Sally Seidel 1 3D Sensor Studies at New Mexico Sally Seidel for Martin Hoeferkamp, Igor Gorelov, Elena Vataga, and Jessica Metcalfe University of New Mexico.

Introduction to Network (c) Nouf Aljaffan

Cisco 1 - Networking Basics Perrine. J Page 110/16/2015 Chapter 4 Which of the following best describes a digital signal? 1.A sine wave of normal shape.

Smart card security Nora Dabbous Security Technologies Department.

The George Washington University School of Engineering and Applied Science Department of Electrical and Computer Engineering ECE122 – 30 Lab 3: Layout.

FIB User Group, Washington DC, USA Valery Ray PBS&T FREUD Applications of FIB Invasive FIB Attacks and Countermeasures in Hardware.

Test and Test Equipment Joshua Lottich CMPE /23/05.

CHES 2015 Finding the AES Bits in the Haystack:

Input/Output Computer component : Input/Output I/O Modules External Devices I/O Modules Function and Structure I/O Operation Techniques I/O Channels and.

Fabrication Technology(1)

Valery Ray Particle Beam Systems & Technology, Methuen, USA High-Throughput Milling of HAR Vias with Concentrated Gas Delivery.

Acquisition Crate Design BI Technical Board 26 August 2011 Beam Loss Monitoring Section William Vigano’ 26 August

Presenter: Tracy Wessler June 5, 2007 The Use of High Speed Data Processing to Capture Census Data U.S. Census Bureau Decennial Response Integration System.

Higher Vision, language and movement. Strong AI Is the belief that AI will eventually lead to the development of an autonomous intelligent machine. Some.

SIAM M. Despeisse / 29 th January Toward a Gigatracker Front-end - Performance of the NINO LCO and HCO Matthieu Despeisse F. Osmic, S. Tiuraniemi,

Valery Ray Particle Beam Systems & Technology, Methuen, USA CAD – less Blind Navigation in Focused Ion Beam System PBS&T Chris.

Budapest University of Technology and Economics Department of Electron Devices Microelectronics, BSc course Bipolar IC technology:

© 2008, Renesas Technology America, Inc., All Rights Reserved 1 Course Introduction Purpose  This course provides an introduction to the peripheral functions.

Signal Intelligence Fiber Optic Wire tapping By: Mark Jensen.

1 Teaching Innovation - Entrepreneurial - Global The Centre for Technology enabled Teaching & Learning, N Y S S, India DTEL DTEL (Department for Technology.

Linda Bagby - SBN Program Electrical Coordinator ICARUS Electronics Meeting 27 January 2016 SBN Program Operational Readiness Clearance.

Information Systems Design and Development Technical Implications (Storage) Computing Science.

Front Side Circuit Edit: state of the art Circuit editing of first silicon using FIB (focused ion beam) technology has become increasingly more common.

Budapest University of Technology and Economics Department of Electron Devices Microelectronics, BSc course Bipolar IC technology:

Student Name USN NO Guide Name H.O.D Name Name Of The College & Dept.

Input & Output devices. Input Device :keyboard a keyboard is an input device, partially modeled after the typewriter keyboard, which uses an arrangement.

Digital to Analog Converter for High-Fidelity Audio Applications Matt Smith Alfred Wanga CSE598A.

SIGNAL CONDITIONING Signal conditioning is stage of instrumentation system used for modifying the transduced signal into a usable format for the final.

Lecture 19: SRAM.

RAILWAY TRACK SNAP NOTIFICATION

I/O Organization and Peripherals

I/O Organization and Peripherals

PBS&T What Gas Concentrator Does in Focused Ion Beam System? Applicable to Focused Electron Beam Systems and Broad-Beam Apparatus Valery Ray

TCSP – Software Design.

BOC1 Run Thru: Agenda 14h30 Start CB Local Meeting 16h00 Break for Tea

Processing of Endpoint Information from HAR Vias

Measurements & Instrumentation – Module 4

Presentation transcript:

USE-IT 2007, Toulouse France Valery Ray PBS&T FREUD Methods FIB Invasive Attacks and Countermeasures

6/13/2016 USE-IT 2007, Toulouse France 2 F R E U D ® Functional Reverse Engineering of Undocumented Devices ® Extraction of functionality and data without full reverse-engineering of manufacturing process

6/13/2016 USE-IT 2007, Toulouse France 3 Outline  Targeted Devices and Applications  Workflow of FIB process  Signal extraction and injection, RC issues  Limitations of existing FIB technology  Countermeasures to FIB methods

6/13/2016 USE-IT 2007, Toulouse France 4 Workflow of “FIB invasion”  Layout capture and location of nodes  Navigation and positioning  Bypassing protective shields, if needed  Making contacts, injecting and extracting data

6/13/2016 USE-IT 2007, Toulouse France 5 Layout Capture and Node Location Alignment Reference Data Nodes TargetedNode

6/13/2016 USE-IT 2007, Toulouse France 6 FIB Navigation to Nodes  Must be done by coordinates – lines are small and shield prevents direct navigation with optics;  Have to use sacrificial device for locating nodes, two devices for small-linewidth shielded ICs;  Two steps of localization – coarse and precise;

6/13/2016 USE-IT 2007, Toulouse France 7 Coarse Navigation on Sacrificial Device (s)  Scan tiles, stitch bitmap, locate nodes  Establish coordinate conversion by references  Convert bitmap coordinates to FIB stage position  Do laser mark under OM and locate the mark in FIB – obtain FIB coordinates

6/13/2016 USE-IT 2007, Toulouse France 8 References and Nodes in FIB Use alignment references for navigation and deprocess nodes to capture position

6/13/2016 USE-IT 2007, Toulouse France 9 Navigation with Local Alignment  Accuracy of FIB stage is limited – how to navigate on small-linewidth devices?  Shield is preventing optical navigation  Use reference points for coordinate navigation  Use protective shield as your local reference!

6/13/2016 USE-IT 2007, Toulouse France 10 Electrically Bypassing Shield  Bypass protective shield locally » Works on analog and digital shields » One or two lines may need bypassing per contact » Takes 30 to 120 min. of FIB time per contact  Bypass entire shield » Best for analog shields » Takes 30 to 120 min. of FIB time per device » Requires follow up by non-FIB techniques

6/13/2016 USE-IT 2007, Toulouse France 11 Shield Disabling  Disable shield control circuitry » Requires detailed analysis of layout » Simulate “OK” shield on input of circuitry » Simulate “OK” output (no interrupts, alarms, etc…)  Disable “NOK” actions » Requires detailed analysis of layout » Cut output of charge pump – disable flash erase! » Cut “security interrupt” nodes

6/13/2016 USE-IT 2007, Toulouse France 12 Making Contacts and Pads Create HAR vias to connect to the nodes and deposit contact pads for probing Clean overspray of metal depo

6/13/2016 USE-IT 2007, Toulouse France 13 Data Extraction  Connect contact pads to data acquisition equipment by microprobing  Ensure proper buffering of the connection lines – internal nodes can’t drive 100pF cable  Use ultra-low capacitance buffers for glitch recovery

6/13/2016 USE-IT 2007, Toulouse France 14 Signal injection  Injection of impulses into data bus can alter execution of embedded code  Basic application: disrupt end of loop command during ATR – data memory could be extracted  Suitable injection buffers are not available from OEMs of pattern generators – design and build your own!

6/13/2016 USE-IT 2007, Toulouse France 15 Limitations of existing FIB technology  Accuracy of navigation » Targeting multiple nodes on <150nm devices by coordinates is unreliable – use local reference.  Aspect ratio of contacts » Detection of endpoint on contacts deeper then 20:1 depth/width requires “aftermarket tune-up”  Linewidth (technology node) limitations » Making deep contacts smaller then 150 nm is a high art

6/13/2016 USE-IT 2007, Toulouse France 16 Countermeasures against FIB  FIB attacks are high-cost effort and can be made uneconomical for commercial hacking: » Planarize devices and use small linewidth » Thick copper metal shields difficult to cut » Use Liquid Crystal Polymer passivation » Use leakage-sensitive analog shields and double shield layers » Introduce “jitter” to shield position – prevent local referencing for navigation (easy with analog shields)

6/13/2016 USE-IT 2007, Toulouse France 17 Summary  FREUD by FIB methods can’t be prevented, but can be made uneconomical (>>100K/device)  Basic countermeasures are relatively inexpensive in manufacturing – planarize devices, use thick copper plate in addition to active shield  Advanced countermeasures become viable as cost of IC manufacturing is reduced: active double-shielding, LCP (Liquid Crystal Polymer) passivation

USE-IT 2007, Toulouse France