Skip to main content
SpringerLink
Log in

Reversing stealthy dopant-level circuits

  • CHES 2014
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

A successful detection of the stealthy dopant-level circuit (trojan), proposed by Becker et al. at CHES 2013 (LNCS 8086:197–214, 2013), is reported. Contrary to an assumption made by Becker et al. dopant types in active region are visible with either scanning electron microscopy (SEM) or focused ion beam (FIB) imaging. The successful measurement is explained by a technique called the passive voltage contrast (Rosenkranz J Mater Sci Mater Electron 22(10):1523–1535, 2011) which is used to analyze failures in large-scale integration (LSI). The experiments are conducted by measuring a dedicated chip. The chip uses the diffusion programmable device (Shiozaki et al. Diffusion programmable device: a device to prevent reverse engineering, IACR Cryptology ePrint Archive 2014/109 2014): an anti-reverse engineering technique by the same principle as the stealthy dopant-level trojan. The chip is delayered down to the contact layer, and images are taken with (1) an optical microscope, (2) SEM, and (3) FIB. As a result, the four possible dopant–well combinations, namely (i) p+/n-well, (ii) p+/p-well, (iii) n+/n-well and (iv) n+/p-well are distinguishable in the SEM images. Partial but sufficient detection is also achieved with FIB. Although the stealthy dopant-level circuits are visible, they potentially make a detection harder. That is because the contact layer should be measured. We show that imaging the contact layer is at most 16 times more expensive than that of a metal layer in terms of the number of images.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Notes

  1. The cost to recover a netlist is not considered. That is an emerging research topic and is beyond the scope of this paper.

References

  1. Becker, G.T., Regazzoni, F., Paar, C., Burleson, W.P.: Stealthy dopant-level hardware trojans, CHES2013. LNCS 8086,197–214 (2013)

  2. Rosenkranz, R.: Failure localization with active and passive voltage contrast in FIB and SEM. J Mater Sci Mater Electron 22(10), 1523–1535 (2011)

    Article  Google Scholar 

  3. Shiozaki, M., Hori, R., Fujino, T.: Diffusion programmable device: the device to prevent reverse engineering. In: Proceedings of IACR Cryptology ePrint Archive 2014/109 (2014)

  4. Nohl, K., Evans, D., Starbug, Plötz, H.: Reverse-engineering a cryptographic RFID tag. In: Proceedings of the 17th USENIX Security Symposium (2008)

  5. Torrance, R., James, D.: The state-of-the-art in IC reverse engineering, CHES 2009. LNCS 5747, 363–381 (2009)

  6. Slashdot: stealthy dopant-level hardware trojans. http://hardware.slashdot.org/story/13/09/13/1228216/stealthy-dopant-level-hardware-trojans

  7. Tarnovsky, C.: (In)security of Commonly Found Smart Cards, Invited Talk II, CHES 2012 (2012)

  8. Boit, C.: Security risks posed by modern ic debug and diagnosis tools, keynote talk I. In: Proceedings of 10th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2013) (2013)

  9. Kang, S.M., Leblebici, Y.: CMOS Digital Integrated Circuits Analysis and Design. McGraw-Hill, New York (2002)

    Google Scholar 

  10. Rajendran, J., Sam, M., Sinanoglu, O., Karri, R.: Security analysis of integrated circuit camouflaging. In: Proceedings of 2013 ACM SIGSAC Conference on Computer and Communications Security, pp 709–720 (2013)

  11. SypherMedia International. Circuit Camouflage Technology, SMI IP Protection and Anti-Tamper Technologies. White Paper Version 1.9.8j, Mar 2012 (2012)

  12. Reverse engineering integrated circuits with degate. http://www.degate.org/

  13. Chen, H., Fan, R., Lou, H., Kuo, M., Huang, Y.: Mechanism and application of NMOS leakage with intra-well isolation breakdown by voltage contrast detection. J. Semicond. Technol. Sci. 13(4), 402–409 (2013)

    Article  Google Scholar 

  14. Joint Interpretation Library, Application of Attack Potential to Smartcards v. 2.7 (2009)

  15. Electron Microscope Lab. at UC Berkeley, Charges for training and use of EML facilities (11/2013). http://em-lab.berkeley.edu/EML/charge.php

  16. Silicon zoo, Megamos chip XOR gate. http://www.siliconzoo.org/megamos.html

  17. Yang, M., Liang, S., Wu, L., Lai, L., Su, J., Niou, C., Wen, Y., Zhu, Y.: Application of passive voltage contrast fault isolation on 65nm SRAM single bit failure. In: Proceedings of 16th IEEE International Symposium on the Physical and Failure Analysis of Integrated Circuits (2009)

  18. Cryptographic Hardware Project at Tohoku Univ., Aoki Lab. http://www.aoki.ecei.tohoku.ac.jp/crypto/web/cores.html

Download references

Acknowledgments

The authors would like to thank the anonymous reviewers at CHES 2014 and JCEN for their valuable comments. The study was conducted as a part of the CREST Dependable VLSI Systems Project funded by the Japan Science and Technology Agency. The chip used in the paper was made in a fabrication program of the VLSI Design and Education Center at the University of Tokyo in collaboration with Rohm Corporation and Toppan Printing Corporation. The standard cell library used in the appendix was developed by the Tamaru and Onodera Laboratory at Kyoto University and released by the Kobayashi Laboratory at the Kyoto Institute of Technology.

Author information

Authors and Affiliations

  1. Mitsubishi Electric Corporation, Tokyo, Japan

    Takeshi Sugawara, Daisuke Suzuki, Ryoichi Fujii & Shigeaki Tawa

  2. Ritsumeikan University, Kyoto, Japan

    Ryohei Hori, Mitsuru Shiozaki & Takeshi Fujino

Authors
  1. Takeshi Sugawara
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daisuke Suzuki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ryoichi Fujii
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shigeaki Tawa
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ryohei Hori
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Mitsuru Shiozaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Takeshi Fujino
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Takeshi Sugawara.

Additional information

This is an extended version of the paper appeared at CHES 2014 submitted to the JCEN special edition for CHES 2014.

Appendix: Estimating the number of images per gate

Appendix: Estimating the number of images per gate

The relationship between (i) the number of gate elements, (ii) chip area, and (iii) the number of images is estimated.

As a target, we use an open-source AES core called AES_Comp [18]. The core is synthesized with the standard-cell library for the Rohm 180-nm process. The total cell area is 288,000 \(\upmu \mathrm{m}^2\). The area corresponds to about 15 kGE. The utilization ratio after place and route is assumed to be 70 %. Then, the AES core uses about 411,000 \(\upmu \mathrm{m}^2\) (=288,000/0.7).

In SEM imaging with \(\times \)1.5k magnification, an area involved in a single image is about 5,000 \(\upmu \mathrm{m}^2\) (\(\approx \)63 \(\upmu \)m \(\times \) 84 \(\upmu \)m). Therefore, we need about 77 (\(\approx \)411,000/5,000) shots to cover the AES core. If we normalize the number of shots by the gate counts, we get 5.16 shots/kGE.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sugawara, T., Suzuki, D., Fujii, R. et al. Reversing stealthy dopant-level circuits. J Cryptogr Eng 5, 85–94 (2015). https://doi.org/10.1007/s13389-015-0102-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-015-0102-5

Keywords

Search

Navigation