Reverse Engineering Flash EEPROM Memories Using Scanning Electron Microscopy

Courbon, Franck; Skorobogatov, Sergei; Woods, Christopher

doi:10.1007/978-3-319-54669-8_4

Cited by 40 publications

(27 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…First, flash memory dumps are becoming extremely difficult because the latest smart speakers have already adopted mitigation such as code protection as mentioned in Section 4. However, the hardware-based attacks are still possible by leveraging Scanning Electron Microscopy (SEM) or glitching attack [Courbon, Skorobogatov and Woods (2016); Giller 2015]. Second, the dolphin attack Zhang et al [Zhang, Yan, Ji et al (2017)] can be launched from several feet away (e.g., distances vary from 2 cm to a maximum value of 175 cm across devices) but portable attack with a smartphone, an ultrasonic transducer and a lowcost amplifier as described in their paper allows the adversary to hide the attack device inside a pocket (or a bag) and to access to a target close enough.…”

Section: Discussionmentioning

confidence: 99%

Security Analysis of Smart Speaker: Security Attacks and Mitigation

Park¹,

Choi²,

Cho³

et al. 2019

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

The speech recognition technology has been increasingly common in our lives. Recently, a number of commercial smart speakers containing the personal assistant system using speech recognition came out. While the smart speaker vendors have been concerned about the intelligence and the convenience of their assistants, but there have been little mentions of the smart speakers in security aspects. As the smart speakers are becoming the hub for home automation, its security vulnerabilities can cause critical problems. In this paper, we categorize attack vectors and classify them into hardware-based, network-based, and software-based. With the attack vectors, we describe the detail attack scenarios and show the result of tests on several commercial smart speakers. In addition, we suggest guidelines to mitigate various attacks against smart speaker ecosystem.

show abstract

Section: Discussionmentioning

confidence: 99%

Security Analysis of Smart Speaker: Security Attacks and Mitigation

Park¹,

Choi²,

Cho³

et al. 2019

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

show abstract

“…Nardi et al [28] solved the challenge of maintaining the value of stored charge by accessing the memory from the back-side of IC. Once an attacker gets access to the floating gate of EEPROM/Flash, she can use scanning Kelvin probe microscopy (SKPM), scanning probe microscopy (SPM), passive voltage contrast (PVC) or scanning capacitance microscopy (SCM) for extracting the stored value in the EEPROM/Flash [28], [29]. However, the security of the 3D Flash chips (see 3D NAND flash cells in Fig.…”

Section: A Vulnerabilities Of the Key-storage Elementmentioning

confidence: 99%

Defense-in-depth: A recipe for logic locking to prevail

Rahman

Wang

et al. 2020

Integration

View full text Add to dashboard Cite

Logic locking has emerged as a promising solution for protecting the semiconductor intellectual Property (IP) from the untrusted entities in the design and fabrication process. Logic locking hides the functionality of the IP by embedding additional key-gates in the circuit. The correct output of the chip is produced, once the correct key value is available at the input of the key-gates. The confidentiality of the key is imperative for the security of the locked IP as it stands as the lone barrier against IP infringement. Therefore, the logic locking is considered as a broken scheme once the key value is exposed. The research community has shown the vulnerability of the logic locking techniques against different classes of attacks, such as Oracle-guided and physical attacks. Although several countermeasures have already been proposed against such attacks, none of them is simultaneously impeccable against Oracle-guided, Oracle-less, and physical attacks. Under such circumstances, a defense-in-depth approach can be considered as a practical approach in addressing the vulnerabilities of logic locking. Defense-in-depth is a multilayer defense approach where several independent countermeasures are implemented in the device to provide aggregated protection against different attack vectors. Introducing such a multilayer defense model in logic locking is the major contribution of this paper. With regard to this, we first identify the core components of logic locking schemes, which need to be protected. Afterwards, we categorize the vulnerabilities of core components according to potential threats for the locking key in logic locking schemes. Furthermore, we propose several defense layers and countermeasures to protect the device from those vulnerabilities. Finally, we turn our focus to open research questions and conclude with suggestions for future research directions.

show abstract

“…Flash/ EEPROM would require more sophisticated methods as the information is stored in the form of electrical charge. That means that either atomic force microscope (AFM) [22] or scanning electron microscope (SEM) [23] will be required. SRAM extraction is the most challenging task, because any interruption of the power supply could result in data loss.…”

Section: Data Retentionmentioning

confidence: 99%

Hardware Security Implications of Reliability, Remanence, and Recovery in Embedded Memory

Skorobogatov

2018

J Hardw Syst Secur

Self Cite

View full text Add to dashboard Cite

Secure semiconductor devices usually destroy key material on tamper detection. However, data remanence effect in SRAM and Flash/EEPROM makes secure erasure process more challenging. On the other hand, data integrity of the embedded memory is essential to mitigate fault attacks and Trojan malware. Data retention issues could influence the reliability of embedded systems. Some examples of such issues in industrial and automotive applications are presented. When it comes to the security of semiconductor devices, both data remanence and data retention issues could lead to possible data recovery by an attacker. This paper introduces a new power glitching technique that reduces the data remanence time in embedded SRAM from seconds to microseconds at almost no cost. This would definitely help in designing systems with better secret key guarding. Data remanence in non-volatile memory could be influenced in the same way. The effect of data remanence and data retention on hardware security is discussed and possible countermeasures are suggested. This should raise awareness among the designers of secure embedded systems.

show abstract

Reverse Engineering Flash EEPROM Memories Using Scanning Electron Microscopy

Cited by 40 publications

References 18 publications

Security Analysis of Smart Speaker: Security Attacks and Mitigation

Security Analysis of Smart Speaker: Security Attacks and Mitigation

Defense-in-depth: A recipe for logic locking to prevail

Hardware Security Implications of Reliability, Remanence, and Recovery in Embedded Memory

Contact Info

Product

Resources

About