Descrambling of Embedded SRAM Using a Laser Probe

Chef, Samuel; Chua, Cecil Eng Huang; Tay, Jing Yun; Siah, Y.W.; Bhasin, Shivam; Breier, Jakub; Gan, Chee Lip

doi:10.1109/ipfa.2018.8452604

Cited by 8 publications

(5 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…6, the data 0xAA on even addresses and 0x55 on odd addresses. Prior work [24] had shown that data were stored by the weight of the bits. Instead of four addresses, eight consecutive addresses share the same wordline signal.…”

Section: Application and Resultsmentioning

confidence: 99%

Quantitative Study of Photoelectric Laser Stimulation for Logic State Imaging in Embedded SRAM

Chef

Chua

Tay

et al. 2021

International Symposium for Testing and Failure Analysis

Self Cite

View full text Add to dashboard Cite

The use of optical techniques for attacking integrated circuits (ICs) at the silicon level is increasingly being reported. Although these attacks can be complex to set and require skilled attacker that can access expensive equipment, they are nonetheless very powerful. Among the different applications described in literature, there has been a focus on extracting data directly from embedded SRAM. Such attacks can provide access to highly sensitive information such as encryption keys and bypass various security strategies. An attacker usually exploits one of the several interactions that exist between light and semiconductor to generate an image where content can be directly qualified by the data in memory (Logic State Image – LSI). Thermal laser stimulation (TLS) and laser probing (EOFM-Electro-Optical Frequency Mapping) have been reported in the literature recently but Photoelectric Laser Stimulation (PLS) did not get as much attention. Considering the potential advantages of PLS over other techniques (e.g. lower power requirements to generate current/voltage change, effect can be triggered at shorter wavelength which may lead to an improved spatial resolution), we investigate in this paper if logic state images can be generated with PLS on a variety of devices and do a comparative assessment with state-of-the-art technologies to assess potential benefits and limitations.

show abstract

Section: Application and Resultsmentioning

confidence: 99%

Quantitative Study of Photoelectric Laser Stimulation for Logic State Imaging in Embedded SRAM

Chef

Chua

Tay

et al. 2021

International Symposium for Testing and Failure Analysis

Self Cite

View full text Add to dashboard Cite

show abstract

“…Furthermore, a more precise technique that security evaluation labs would typically choose, is laser fault injection. An attacker can use laser beams to probe the memory revealing its content without changing it [23]. A laser FIA can also cause the bypass of a secure boot process and the authentication check step, or to recover the encryption key [17].…”

Section: E Optical Fault Injectionmentioning

confidence: 99%

Implications of Physical Fault Injections on Single Chip Motes

Faour,

Vučinić,

Maksimovic

et al. 2023

2023 IEEE 9th World Forum on Internet of Things (WF-IoT)

View full text Add to dashboard Cite

Single-chip motes are wireless sensor nodes that integrate computation, communication, power and sensing on a single chip. We consider the security threats these novel devices are subject to when employed in safety-critical applications. Fault injection attacks are a prominent form of physical attacks that pose a threat to the normal and secure functioning of targeted devices, potentially compromising their intended behavior. These attacks have been studied mainly on commercial off-the-shelf devices which rely on external components such as crystal oscillators and passives. Such external components are absent from single-chip motes, resulting in a uniquely different attack surface compared to commercial systems. In this paper, we first survey the features of the common fault injection methods, and then study and compare their implications on single-chip motes.

show abstract

“…On one hand, there are works using an inexpensive camera flash to cause random faults [41], on the other, an attacker can use a nanofocused X-ray beam to target a single transistor [16]. Moreover, it was shown that with the usage of lasers it is possible to probe the memory without changing it, which can reveal its content [42]. Therefore, the practicality range varies greatly for this class of attacks.…”

Section: B Optical Fault Injectionmentioning

confidence: 99%

How Practical Are Fault Injection Attacks, Really?

Breier

Hou

2022

IEEE Access

View full text Add to dashboard Cite

Fault injection attacks (FIA) are a class of active physical attacks, mostly used for malicious purposes such as extraction of cryptographic keys, privilege escalation, attacks on neural network implementations. There are many techniques that can be used to cause the faults in integrated circuits, many of them coming from the area of failure analysis. In this paper we tackle the topic of practicality of FIA. We analyze the most commonly used techniques that can be found in the literature, such as voltage/clock glitching, electromagnetic pulses, lasers, and Rowhammer attacks. To summarize, FIA can be mounted on most commonly used architectures from ARM, Intel, AMD, by utilizing injection devices that are often below the thousand dollar mark. Therefore, we believe these attacks can be considered practical in many scenarios, especially when the attacker can physically access the target device.INDEX TERMS Hardware security, fault injection attacks, fault analysis, cryptography.

show abstract

Descrambling of Embedded SRAM Using a Laser Probe

Cited by 8 publications

References 18 publications

Quantitative Study of Photoelectric Laser Stimulation for Logic State Imaging in Embedded SRAM

Quantitative Study of Photoelectric Laser Stimulation for Logic State Imaging in Embedded SRAM

Implications of Physical Fault Injections on Single Chip Motes

How Practical Are Fault Injection Attacks, Really?

Contact Info

Product

Resources

About