Paper 2014/508

Reversing Stealthy Dopant-Level Circuits

Takeshi Sugawara, Daisuke Suzuki, Ryoichi Fujii, Shigeaki Tawa, Ryohei Hori, Mitsuru Shiozaki, and Takeshi Fujino

Abstract

A successful detection of the stealthy dopant-level circuit (trojan), proposed by Becker et al. at CHES 2013, is reported. Contrary to an assumption made by Becker et al., dopant types in active region are visible with either scanning electron microscopy (SEM) or focused ion beam (FIB) imaging. The successful measurement is explained by an LSI failure analysis technique called the passive voltage contrast. The experiments are conducted by measuring a dedicated chip. The chip uses the diffusion programmable device: an anti-reverse-engineering technique by the same principle as the stealthy dopant-level trojan. The chip is delayered down to the contact layer, and images are taken with (1) an optical microscope, (2) SEM, and (3) FIB. As a result, the four possible dopant-well combinations, namely (i) p+/n-well, (ii) p+/p-well, (iii) n+/n-well and (iv) n+/p-well are distinguishable in the SEM images. Partial but sufficient detection is also achieved with FIB. Although the stealthy dopant-level circuits are visible, however, they potentially make a detection harder. That is because the contact layer should be measured. We show that imaging the contact layer is at most 16-times expensive than that of a metal layer in terms of the number of images

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published by the IACR in CHES 2014
Keywords
Stealthy dopant-level trojanChip reverse engineeringLSI failure analysisPassive voltage contrast
Contact author(s)
Sugawara Takeshi @ bp mitsubishielectric co jp
History
2014-06-30: received
Short URL
https://ia.cr/2014/508
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/508,
      author = {Takeshi Sugawara and Daisuke Suzuki and Ryoichi Fujii and Shigeaki Tawa and Ryohei Hori and Mitsuru Shiozaki and Takeshi Fujino},
      title = {Reversing Stealthy Dopant-Level Circuits},
      howpublished = {Cryptology ePrint Archive, Paper 2014/508},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/508}},
      url = {https://eprint.iacr.org/2014/508}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.