Probing and imaging techniques that are conventionally used for failure analysis pose a major threat to the confidentiality and the integrity of data stored in non-volatile memory (NVM) cells integrated into a silicon chip. These techniques fall under the umbrella of physical attacks, which unlock tremendous capabilities for an attacker trying to access secret information stored in a target NVM. How vulnerable an NVM cell is to these attacks depends on device physics and the operational principles of the memory cell. The wide range of emerging NVM technologies opens new opportunities for attackers. Without significant attention to these emerging threats, confidential data stored in NVMs can get compromised without much effort, given access to advanced failure analysis tools. We aim to show how attackers can use their knowledge of how a memory device works to find out a suitable probing or imaging modality to extract the stored secret.

Laser-based fault injection (LFI) attacks are powerful physical attacks with high precision and controllability. Therefore, attempts have been in the literature to model and simulate the laser effect in pre-silicon digital designs. However, these efforts can only model the laser effect on small SPICE or TCAD circuits of individual standard cells. This paper proposes security properties and a machine-learning assisted layout signoff framework in verifying the full-chip layout's resiliency against LFI. In the framework, we leveraged the commercial SoC power integrity sign-off tool to inject the Gaussian laser current to any spot in the layout, by considering different layout features such as power distribution network, decoupling capacitor placement, metal geometry, instance switching power, etc. To avoid exhaustive analysis of all layout spots regardless of LFI criticality, we use security properties to drive the assessment and identify critical areas. We then use SPICE simulations and machine learning to develop cell-level laser fault models under different laser-induced transient current intensities. This laser cell library is used during full-chip LFI feasibility analysis for the cells inside laser illumination, enabling precise layout -level design fix for critical cells failing the fault injection threshold. Finally, we show the effectiveness of the proposed framework by analyzing the fully implemented AES design layout.

The use of optical techniques for attacking integrated circuits (ICs) is increasingly being reported, particularly the nefarious extraction data from embedded SRAM. Such attacks can provide access to highly sensitive information such as encryption keys and bypass various security measures. Attackers usually exploit one of several interactions between light and semiconductors to generate logic-state images that reflect data in memory. Thermal laser stimulation (TLS) and laser probing via electro-optical frequency mapping (EOFM) have been reported in the literature, but photoelectric laser stimulation (PLS) gets little attention. Considering the potential advantages of PLS over other techniques (e.g., less power is required to generate current-voltage changes and the effect can be triggered at shorter wavelengths, which can lead to improved spatial resolution), the authors set out to determine if logic state images can be generated from various types of devices with PLS and assess the strengths and limitations for each case. The results of the investigation are presented in this paper.

Modern reverse engineering (RE) workflows involve a growing number of challenges as process nodes drop below 5 nm. As more circuitry is packed into smaller areas, larger quantities of raw data must be collected and processed to help reconstruct the underlying schematics of the circuit under test. This paper examines the role of cloud computing in reverse engineering, explaining how it improves throughput by orders of magnitude for 2D image registration and how it facilitates high-quality image segmentation with the help of machine learning.

Semiconductor manufacturing, including the multistep fabrication of ICs and tedious assembly of PCBs, has been outsourced to untrusted regions due to globalization. This invites many problems particularly for PCBs, which are vulnerable to nondestructive methods of attack such as X-ray data collection and surface trace probing. In the case of ICs, high-z materials have proven to be an effective countermeasure to block or scatter X-rays, but PCBs, because of their larger dimensions, are more difficult to fully secure. In this paper, a framework for passively obfuscating the critical connections between components on PCBs is demonstrated. A proof of concept is presented whereby an EDA tool combining the small features of micro electromechanical systems with X-ray simulation and 3D manufacturing processes is used to iteratively optimize a PCB design to thwart reverse engineering and probing attacks.

IC camouflaging has been proposed as a promising countermeasure against reverse engineering. Camouflaged gates contain multiple functional device structures, but appear as a single layout under microscope imaging, thereby concealing circuit functionality. The recent covert gate camouflaging design comes with a significantly reduced overhead cost, allowing numerous camouflaged gates in circuits which improves resiliency against invasive and semi-invasive attacks. Dummy inputs are used in the design, but SEM imaging analysis has only been performed on simplified contact structures so far. In this study, we fabricated real and dummy contacts in different structures and performed a systematic SEM analysis to investigate contact charging and passive voltage contrast. Machine learning based pattern recognition was also employed to examine the possibility of differentiating real and dummy contacts. Based on our experimental results, we found that the difference between real and dummy contacts is insignificant, which effectively prevents SEM-based reverse engineering.

A Bill of Materials (BoM) is the list of all components present on a Printed Circuit Board (PCB). BoMs are useful for multiple forms of failure analysis and hardware assurance. In this paper, we build upon previous work and present an updated framework to automatically extract a BoM from optical images of PCBs in order to keep up to date with technological advancements. This is accomplished by revising the framework to emphasize the role of machine learning and by incorporating domain knowledge of PCB design and hardware Trojans. For accurate machine learning methods, it is critical that the input PCB images are normalized. Hence, we explore the effect of imaging conditions (e.g. camera type, lighting intensity, and lighting color) on component classification, before and after color correction. This is accomplished by collecting PCB images under a variety of imaging conditions and conducting a linear discriminant analysis before and after color checker profile correction, a method commonly used in photography. This paper shows color correction can effectively reduce the intraclass variance of different PCB components, which results in a higher component classification accuracy. This is extremely desirable for machine learning methods, as increased prior knowledge can decrease the number of ground truth images necessary for training. Finally, we detail the future work for data normalization for more accurate automatic BoM extraction. Index Terms – automatic visual inspection; PCB reverse engineering; PCB competitor analysis; hardware assurance; bill of materials

In the hardware assurance community, Reverse Engineering (RE) is considered a key tool and asset in ensuring the security and reliability of Integrated Circuits (IC). However, with the introduction of advanced node technologies, the application of RE to ICs is turning into a daunting task. This is amplified by the challenges introduced by the imaging modalities such as the Scanning Electron Microscope (SEM) used in acquiring images of ICs. One such challenge is the lack of understanding of the influence of noise in the imaging modality along with its detrimental effect on the quality of images and the overall time frame required for imaging the IC. In this paper, we characterize some aspects of the noise in the image along with its primary source. Furthermore, we use this understanding to propose a novel texture-based segmentation algorithm for SEM images called LASRE. The proposed approach is unsupervised, model-free, robust to the presence of noise and can be applied to all layers of the IC with consistent results. Finally, the results from a comparison study is reported, and the issues associated with the approach are discussed in detail. The approach consistently achieved over 86% accuracy in segmenting various layers in the IC.

Printed Circuit Boards (PCBs) play a critical role in everyday electronic systems, therefore the quality and assurance of the functionality for these systems is a topic of great interest to the government and industry. PCB manufacturing has been largely outsourced to cut manufacturing costs in comparison with the designing and testing of PCBs which still retains a large presence domestically. This offshoring of manufacturing has created a surge in the supply chain vulnerability for potential adversaries to garner access and attack a device via a malicious modification. Current hardware assurance and verification methods are based on electrical and optical tests. These tests are limited in the detection of malicious hardware modifications, otherwise known as Hardware Trojans. For PCB manufacturing there has been an increase in the use of automated X-ray inspection. These inspections can validate a PCB’s functionality during production. Such inspections mitigate process errors in real time but are unable to perform highresolution characterization on multi-layer fully assembled PCBs. In this paper, several X-ray reconstruction methods, ranging from proprietary to open-source, are compared. The high-fidelity, commercial NRecon software for SkyScan 2211 Multi-scale X-ray micro-Tomography system is compared to various methods from the ASTRA Toolbox. The latter is an open-source, transparent approach to reconstruction via analytical and iterative methods. The toolbox is based on C++ and MEX file functions with MATLAB and Python wrappers for analysis of PCB samples. In addition, the differences in required imaging parameters and the resultant artifacts generated by planar PCBs are compared to the imaging of cylindrical biological samples. Finally, recommendations are made for improving the ASTRA Toolbox reconstruction results and guidance is given on the appropriate scenarios for each algorithm in the context of hardware assurance for PCBs.

Reverse engineering (RE) is the only foolproof method of establishing trust and assurance in hardware. This is especially important in today's climate, where new threats are arising daily. A Printed Circuit Board (PCB) serves at the heart of virtually all electronic systems and, for that reason, a precious target amongst attackers. Therefore, it is increasingly necessary to validate and verify these hardware boards both accurately and efficiently. When discussing PCBs, the current state-of-the-art is non-destructive RE through X-ray Computed Tomography (CT); however, it remains a predominantly manual process. Our work in this paper aims at paving the way for future developments in the automation of PCB RE by presenting automatic detection of vias, a key component to every PCB design. We provide a via detection framework that utilizes the Hough circle transform for the initial detection, and is followed by an iterative false removal process developed specifically for detecting vias. We discuss the challenges of detecting vias, our proposed solution, and lastly, evaluate our methodology not only from an accuracy perspective but the insights gained through iteratively removing false-positive circles as well. We also compare our proposed methodology to an off-the-shelf implementation with minimal adjustments of Mask R-CNN; a fast object detection algorithm that, although is not optimized for our application, is a reasonable deep learning model to measure our work against. The Mask R-CNN we utilize is a network pretrained on MS COCO followed by fine tuning/training on prepared PCB via images. Finally, we evaluate our results on two datasets, one PCB designed in house and another commercial PCB, and achieve peak results of 0.886, 0.936, 0.973, for intersection over union (IoU), Dice Coefficient, and Structural Similarity Index. These results vastly outperform our tuned implementation of Mask R-CNN.