ANR, 2021-2025
- Share
- Share on Facebook
- Share on X
- Share on LinkedIn
ANR, PRC
In the digital, economic and identity domains, fraud prevention is crucial. For this reason, electronic components must provide encryption and authentication functions and be protected against hacking attempts. In the field of security, attack based on laser illumination, generation of short electrical pulses on the power supply or clock (glitches) or Focused Ion Beam (FIB) are now well known threats. Their physical and electronic effects are well understood and mastered, and the literature on associated countermeasures is extensive.
In order to evaluate the security level of these components used in smart cards or passports and to stay ahead of fraudsters, engineers and researchers are constantly looking for new attack techniques. Recently, researchers have conducted a new approach to disrupt electronic circuits with an X-ray beam. Experiments conducted with a nanofocused beam have shown that it is possible to erase the information contained in a single Flash or SRAM type memory cell.
The effect of this type of disturbance is semi-permanent, i.e. it persists after the disturbance is stopped, but it is reversible (by annealing). These results demonstrate the feasibility of a new paradigm of highly targeted attacks and modifications on integrated circuits using X-rays. Compared to a perturbation induced by a laser beam limited in resolution by its wavelength, the modification generated by this X-ray beam allows to modify the state of a single transistor. Detection mechanisms and safety countermeasures can thus be deactivated. Moreover, the depth of penetration of the X-rays can be exploited: the attack can be carried out directly through the protective grid of the integrated circuits or even through a plastic housing. This absence of visible modification, and the reversible character of the perturbation, allow to carry out this attack without leaving any physical trace. However, there are currently several limitations: (1) circuit perturbations have only been demonstrated on memories and on components fabricated in not so recent technology nodes; (2) these attacks require a synchrotron with a nanofocused beam, which can be presumed to be generally out of reach of classical attackers; (3) the physical mechanisms of these attacks are not yet well understood, so it is difficult to determine what protections to implement.
Given these limitations, the general objective of this project is to demonstrate the relevance of X-ray attacks on secure integrated circuits, and thus to propose and validate adequate countermeasures. This general idea is broken down into several sub-objectives that address the limitations mentioned:
In order to evaluate the security level of these components used in smart cards or passports and to stay ahead of fraudsters, engineers and researchers are constantly looking for new attack techniques. Recently, researchers have conducted a new approach to disrupt electronic circuits with an X-ray beam. Experiments conducted with a nanofocused beam have shown that it is possible to erase the information contained in a single Flash or SRAM type memory cell.
The effect of this type of disturbance is semi-permanent, i.e. it persists after the disturbance is stopped, but it is reversible (by annealing). These results demonstrate the feasibility of a new paradigm of highly targeted attacks and modifications on integrated circuits using X-rays. Compared to a perturbation induced by a laser beam limited in resolution by its wavelength, the modification generated by this X-ray beam allows to modify the state of a single transistor. Detection mechanisms and safety countermeasures can thus be deactivated. Moreover, the depth of penetration of the X-rays can be exploited: the attack can be carried out directly through the protective grid of the integrated circuits or even through a plastic housing. This absence of visible modification, and the reversible character of the perturbation, allow to carry out this attack without leaving any physical trace. However, there are currently several limitations: (1) circuit perturbations have only been demonstrated on memories and on components fabricated in not so recent technology nodes; (2) these attacks require a synchrotron with a nanofocused beam, which can be presumed to be generally out of reach of classical attackers; (3) the physical mechanisms of these attacks are not yet well understood, so it is difficult to determine what protections to implement.
Given these limitations, the general objective of this project is to demonstrate the relevance of X-ray attacks on secure integrated circuits, and thus to propose and validate adequate countermeasures. This general idea is broken down into several sub-objectives that address the limitations mentioned:
- to carry out attacks and modifications using X-rays on the logic to modify the operation of a processor and to attack more advanced technologies;
- to investigate the feasibility of these attacks with more accessible means, constituted by laboratory X-ray sources and more widely used equipment such as the Focused Ion Beam probe;
- to develop simulation models and flows that will be used to determine and understand the attacks;
- to develop countermeasures to counter these attacks.
Informations
- Funding: (ex :) ANR
- Budget (€): 707 K€
- Started on: 18/01/2021
- Duration: 60 months
- Project website
- Leader (at TIMA): Paolo MAISTRI
- Project members:
- Nasreddine Ouldei-Tebina
- Alain Zergainoh
- Giorgio Di Natale
- Régis Leveugle
- Share
- Share on Facebook
- Share on X
- Share on LinkedIn