August_EDFA_Digital

ELECTRONIC DEVICE FAILURE ANALYSIS | VOLUME 21 NO. 3 20

A silicon die can be accessed through the front side (Fig. 3a) or backsidewith depackaging. Front side probing usually targets higher metal layer interconnects, while backside probing usually targets transistor channels, dif- fusion contacts, and interconnects in lowmetal layers. An adversary identifies the target wire and point of interest (PoI) using full-blown or partial reverse engineering. The target wire canbe buriedbeneath severalmetal layers. For access, a hole is milled at a normal or tilted angle with a state-of-the-art FIB, as shown in Fig. 3a, to expose the PoI for frontside probing. In backside probing, the silicon substrate can be pol- ished down to 30 µm. Advanced node technology uses shallow trench isolation (STI). STI is generally reached by creating a wide trench to the n-well level using common milling tools and then milling a local trench using FIB. Next, depositing conductivematerial cangenerate contact holes. A contact-to-silicide method has also been devel- oped for the probing drain and source of a FET. [11] Conventional electrical probing, also called micro- probing, cannot meet the nanometer resolution required for current 14 nmnode technologies due tononuniformity in dopant implants, structural defects, and processing conditions. Nanoprobing is providing the capability to probe at the submicron level with a probe tip size as small as 5 nm, allowing direct probing of every terminal in a transistor (Fig. 3b) where conventional microprobing cannot. The probe can be assembled on any SEM or FIB stage and can be used for extracting information from devices fabricated at newer technology nodes. Electron beam induced current (EBIC), electron beam absorbed current (EBAC), and resistive contrast imaging are three nanoprobing techniques that use the SEM electron beam to localize IC faults. In EBIC (Fig. 3c), nanoprobes are placed along a p-n junction to measure the current induced by the electron beam. The EBIC systemamplifies and synchronizes themeasurement to the electron beam position. The measurement is thenmapped and overlaid to the SEM image to visualize fault location. SECURITY THREATS AND COUNTERMEASURES FOR ELECTRICAL PROBING Probing allows extractionof information fromphysical circuit devices and enables an attacker to extract security assets such as encryption keys. A number of protective mechanisms have been developed to detect or deter front sidemilling, which canbe used against probing and circuit editing among other invasive attacks. Existing counter- measures focus on twoapproaches: 1) preventingphysical probing and 2) encrypting information. Countermeasures

based on detecting probing attempts fall into two types— active andpassive shields. Active shields carry signalswith interconnects/metalmesh sensors placed as the top-most metal layer. The signals in interconnects are continuously compared to verify chip integrity. These signals may use a ring oscillator, RC delay, block cypher, and/or random number. Passive shields are a type of analog shield based on parametric data such as capacitance. Any variation in signals or parameters can initiate an IC reset signal. [13-14] A few weaknesses remain to be secured in today’s protective designs: 1) existing designs require high area overhead and occupy a number of routing layers to detect millingwitha shield, which is expensiveon state-of-the-art ICdesigns; 2) their implementation is limited to top layers, which may be suboptimal and does not properly protect the shield’s key signals against circuit editing attacks; further, they do not protect against backside attacks; 3) nodesigns protect against front side attacks at anangle; and 4) some designs leave weaknesses for the attacker to exploit, suchas: beingunsecuredagainst a replay attackor attacks on rerouting shield wires; only protecting certain wires, leaving protected information to be probed from logically related signals and then reconstructed; or incur- ring large area overhead while relying on other methods to protect security primitives. Improving existing front side protection mechanisms in these areas can be especially useful in designs where backside attack is made infeasible, for example on back- to-back 3D ICs. In particular, shield-based detection of tampering attempts could be improved in terms of maximum secure aspect ratios, protection against circuit edits, andprotectionagainst angledmillingby undergoing computer-aided design (CAD) evaluations and optimiza- tions. Front side protections will likely remain vulnerable due to the fact that tools used in invasive attacks are the same tools necessary for IC FA and diagnosis. It is easier for an attacker to acquire a state-of-the-art FIB than for protection designs at a given technology node to remain state of the art. However, backside protection is more vulnerable than front side. Because the STI technique used in recent technology nodes spares probing attack- ers the trouble of insulating contacts to the wires they intend to probe, backside attacks present a dire threat for chip assets. In summary, extensive research in protection against tampering attacks is necessary to answer fundamental questions in the field. Some of the most urgent needs include developing dedicated solutions against back- side attacks, proposing practical security metrics for ICs fabricated under legacy technology nodes, optimizing

edfas.org