Thermal laser stimulation (TLS) is a failure analysis technique, which can be deployed by an adversary to localize and read out stored secrets in the SRAM of a chip. To this date, a few proof-of-concept experiments based on TLS or similar approaches have been reported in the literature, which do not reflect a real attack scenario. Therefore, it is still questionable whether this attack technique is applicable to modern ICs equipped with side-channel countermeasures. The primary aim of this work is to assess the feasibility of launching a TLS attack against a device with robust security features. To this end, we select a modern FPGA, and more specifically, its key memory, the so-called battery-backed SRAM (BBRAM), as a target. We demonstrate that an attacker is able to extract the stored 256-bit AES key used for the decryption of the FPGA’s bitstream, by conducting just a single non-invasive measurement. Moreover, it becomes evident that conventional countermeasures are incapable of preventing our attack since the FPGA is turned off during key recovery. Based on our time measurements, the required effort to develop the attack is shown to be less than 7 hours. To avert this powerful attack, we propose a low-cost and CMOS compatible countermeasure circuit, which is capable of protecting the BBRAM from TLS attempts even when the FPGA is powered off. Using a proof-of-concept prototype of our countermeasure, we demonstrate its effectiveness against TLS key extraction attempts.
This paper compares the three major semi-invasive optical approaches, Photon Emission (PE), Thermal Laser Stimulation (TLS) and Electro-Optical Frequency Mapping (EOFM) for contactless static random access memory (SRAM) content read-out on a commercial microcontroller. Advantages and disadvantages of these techniques are evaluated by applying those techniques on a 1 KB SRAM in an MSP430 microcontroller. It is demonstrated that successful read out depends strongly on the core voltage parameters for each technique. For PE, better SNR and shorter integration time are to be achieved by using the highest nominal core voltage. In TLS measurements, the core voltage needs to be externally applied via a current amplifier with a bias voltage slightly above nominal. EOFM can use nominal core voltages again; however, a modulation needs to be applied. The amplitude of the modulated supply voltage signal has a strong effect on the quality of the signal. Semi-invasive read out of the memory content is necessary in order to remotely understand the organization of memory, which finds applications in hardware and software security evaluation, reverse engineering, defect localization, failure analysis, chip testing and debugging.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.