Keynotes

CMOS one-time programmable (OTP) memories based on antifuses are widely used for storing small amounts of data (such as serial numbers, keys, and factory trimming) in integrated circuits because they are inexpensive and require no additional mask steps to fabricate. The RP2350 uses an off-the-shelf Synopsys antifuse memory block for storing secure boot keys and other sensitive configuration data.

Despite antifuses being widely considered a "high security" memory - which means they are significantly more difficult for an attacker to extract data from than other types of memory, such as Flash or mask ROM, - we have demonstrated that data bits stored in the RP2350 antifuse memory can be extracted using a well-known semiconductor failure analysis technique: passive voltage contrast (PVC) with a focused ion beam (FIB).

The simple form of the attack demonstrated here recovers the bitwise OR of two physically adjacent memory bitcell rows sharing common metal 1 contacts, however, we believe it is possible for an attacker to separate the even/odd row values with additional effort.

Furthermore, it is highly likely that all products using the Synopsys dwc_nvm_ts40* family of memory IPs on the TSMC 40nm node are vulnerable to the same attack, since the attack is not specific to the RP2350 but rather against the memory itself. We have not yet tested our technique against other vendors' antifuse IP blocks or on other process node, but we assess it to have broad applicability to antifuse-based memories.

The global nature of supply chains is creating trust issues among everyday users. Although our research community has yielded an impressive arsenal of tools for inspecting silicon chips, the research is rarely translated into techniques that can be practically applied to everday problems in the supply chain. Thus, the state of practice in supply chain security (i.e. carefully comparing fonts and logos on chip packages) is far behind the state of art in reverse engineering and failure analysis research.

This talk proposes threat levels for supply chain attacks, and contextualizes them against a backside infrared imaging technique dubbed IRIS (InfraRed, In-situ), which prioritizes accessibility over fidelity.

In this context, we observe that defending against the most advanced adversaries will always demand the most advanced analytical techinques. However, the broader question of trust in supply chains may benefit from translating our research into relatively simple, low-cost techniques that can be deployed at scale to screen for a broad range of simple yet effective hardware attacks.