학술논문

Fault Injection Attacks Exploiting High Voltage Pulsing over Si-Substrate Backside of IC chips
Document Type
Conference
Source
2024 Workshop on Fault Detection and Tolerance in Cryptography (FDTC) FDTC Fault Detection and Tolerance in Cryptography (FDTC), 2024 Workshop on. :44-52 Sep, 2024
Subject
Computing and Processing
Three-dimensional displays
Wires
Stacking
Prototypes
High-voltage techniques
Packaging
Circuit faults
Flip-chip devices
Integrated circuit modeling
Flip-flops
High voltage pulsing
Body bias injection
Si-substrate backside
Fault injection
Language
ISSN
2995-0252
Abstract
Flip-chip BGA (ball grid array) implementation offers advantages such as shorter signal wires and a smaller footprint compared to conventional wire-bonding face-up packaging technology. These characteristics are also well-suited for advanced packaging technologies such as 2.5D or 3D packaging. Si-substrate backside of IC chips are open and exposed in flip-chip packaging. In the context of hardware security, attackers can access to the backside of an IC chip easily and use the Si-substrate backside as a contact point for fault injection and side-channel attacks. In this paper, we show that high voltage pulsing (HVP) injection over Si-substrate backside could be a serious threat as IC chips become thinner for low profile and chip stacking. First, using simulations comparing injection from the frontside and from the backside, we show that the HVP injection from the backside has the characteristic ability to induce faults in targeted circuits over a small area and explain the physical mechanism behind this ability. It is also shown that this ability becomes more pronounced as IC chips become thinner. Secondly, we prepare a Si prototype chip and confirm this characteristic ability by experimental results. It is shown that HVP over Si-substrate backside can target flip-flops (the size of each flip-flop is about $13 \mu \mathrm{m}$ times $3 \mu \mathrm{m}$) in the area with an accuracy of about $50 \mu \mathrm{m}$ times $50 \mu \mathrm{m}$ and reproducibly causes bit flips associated with the targeted bytes. Finally, the threat of this attack is demonstrated by performing differential fault analysis (DFA) on AES-128bit and obtaining entire secret key bytes.