Paper 2016/593

No Place to Hide: Contactless Probing of Secret Data on FPGAs

Heiko Lohrke, Shahin Tajik, Christian Boit, and Jean-Pierre Seifert


Field Programmable Gate Arrays (FPGAs) have been the target of different physical attacks in recent years. Many different countermeasures have already been integrated into these devices to mitigate the existing vulnerabilities. However, there has not been enough attention paid to semi-invasive attacks from the IC backside due to the following reasons. First, the conventional semi-invasive attacks from the IC backside --- such as laser fault injection and photonic emission analysis --- cannot be scaled down without further effort to the very latest nanoscale technologies of modern FPGAs and programmable SoCs. Second, the more advanced solutions for secure storage, such as controlled Physically Unclonable Functions (PUFs), make the conventional memory-readout techniques almost impossible. In this paper, however, novel approaches have been explored: Attacks based on Laser Voltage Probing (LVP) and its derivatives, as commonly used in Integrated Circuit (IC) debug for nanoscale low voltage technologies, are successfully launched against a $60$ nanometer technology FPGA. We discuss how these attacks can be used to break modern bitstream encryption implementations. Our attacks were carried out on a Proof-of-Concept PUF-based key generation implementation. To the best of our knowledge this is the first time that LVP is used to perform an attack on secure ICs.

Available format(s)
Publication info
Published by the IACR in CHES 2016
FPGA SecuritySemi-Invasive AttackLaser Voltage ProbingPhysically Unclonable Function
Contact author(s)
heiko lohrke @ campus tu-berlin de
stajik @ sec t-labs tu-berlin de
2016-06-07: received
Short URL
Creative Commons Attribution


      author = {Heiko Lohrke and Shahin Tajik and Christian Boit and Jean-Pierre Seifert},
      title = {No Place to Hide: Contactless Probing of Secret Data on {FPGAs}},
      howpublished = {Cryptology ePrint Archive, Paper 2016/593},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.