Loading…

Evaluation of Low-Cost Thermal Laser Stimulation for Data Extraction and Key Readout

Recent attacks using thermal laser stimulation (TLS) have shown that it is possible to extract cryptographic keys from the battery-backed memory on state-of-the-art field-programmable gate arrays (FPGAs). However, the professional failure analysis microscopes usually employed for these attacks cost...

Full description

Saved in:
Bibliographic Details
Published in:Journal of hardware and systems security 2020-03, Vol.4 (1), p.24-33
Main Authors: Krachenfels, Thilo, Lohrke, Heiko, Seifert, Jean-Pierre, Dietz, Enrico, Frohmann, Sven, Hübers, Heinz-Wilhelm
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Recent attacks using thermal laser stimulation (TLS) have shown that it is possible to extract cryptographic keys from the battery-backed memory on state-of-the-art field-programmable gate arrays (FPGAs). However, the professional failure analysis microscopes usually employed for these attacks cost in the order of 500k to 1M dollars. In this work, we evaluate the use of a cheaper commercial laser fault injection station retrofitted with a suitable amplifier and light source to enable TLS. We demonstrate that TLS attacks are possible at a hardware cost of around 100k dollars. This constitutes a reduction of the resources required by the attacker by a factor of at least five. We showcase two actual attacks: data extraction from the SRAM memory of a low-power microcontroller and decryption key extraction from a 20-nm technology FPGA device. The strengths and weaknesses of our low-cost approach are then discussed in comparison with the conventional failure analysis equipment approach. In general, this work demonstrates that TLS backside attacks are available at a much lower cost than previously expected.
ISSN:2509-3428
2509-3436
DOI:10.1007/s41635-019-00083-9