Cryptology ePrint Archive: Report 2020/1228

Low-Cost Body Biasing Injection (BBI) Attacks on WLCSP Devices

Colin O'Flynn

Abstract: Body Biasing Injection (BBI) uses a voltage applied with a physical probe onto the backside of the integrated circuit die. Compared to other techniques such as electromagnetic fault injection (EMFI) or Laser Fault Injection (LFI), this technique appears less popular in academic literature based on published results. It is hypothesized being due to (1) moderate cost of equipment, and (2) effort required in device preperation.

This work demonstrates that BBI (and indeed many other backside attacks) can be trivially performed on Wafer-Level Chip-Scale Packaging (WLCSP), which inherently expose the die backside. A low-cost ($15) design for the BBI tool is introduced, and validated with faults introduced on a STM32F415OG against code flow, RSA, and some initial results on various hardware block attacks are discussed.

Category / Keywords: applications / Fault Injection, Glitch Attacks, Body Biasing Injection

Original Publication (with major differences): Smart Card Research and Advanced Application Conference (CARDIS) 2020

Date: received 5 Oct 2020, last revised 8 Oct 2020

Contact author: colin at oflynn com

Available format(s): PDF | BibTeX Citation

Note: Typo fixes from initial

Version: 20201009:015815 (All versions of this report)

Short URL: ia.cr/2020/1228