In the chain of trust of most secure schemes is an electronic chip that holds secret information. These schemes often employ cryptographically secure protocols. The weakest link of such a scheme is the chip itself. By attacking the chip directly an attacker can gain access to the secret data in its unencrypted form. In this presentation we demonstrate the attack class of the future, backside attacks. This class of attacks mitigate all device countermeasures and can access all signals of the device. As opposed to the attacks of today, these attacks can also be applied to complex systems such as the ARM SoCs of modern smartphones.
Over recent years hackers and chip manufacturers have been deadlocked in the field of integrated circuit security. From reverse engineering proprietary cryptographic algorithms and microprobing bus lines to fault injection and side cannel attacks, every class of attack has ushered in new preventative countermeasures. Most attacks to date are performed from the frontside where all the active areas and circuit nodes are accesible. Hence, all countermeasures, such as shields and meshes, also focus on mitigating attacks from the frontside. Security relevant signals are burried under many layers of metalization to make them inaccessible to frontside attackers.
The direct consequence is that backside attacks become significantly more appealing. With comprably little effort, many old-school attacks are once again possible. Setting or resetting fuses, probing wires or even single transistors is possible, not only with needles but with electron beams or lasers. More exotic attacks are feasible from the backside as well. For example, in switching transistors some of the electrons induce photons that can be seen with an infrared camera during execution. The opposite, i.e. iducing laser light, can also result in successful glitching attacks.
Currently, there are is little IC vendors can do to prevent such attacks.