Why Every Chip Can Be Hacked With This Tool

A look at the dark side of focused ion beam technology.

popularity

As explained by Darth Vader in the classic Star Wars saga, the line between good and evil can be very thin. What is sometimes developed for the benefit technology, in the hands of the wrong people, can be devastating.

That may seem a bit melodramatic when it comes to discussions around focused ion beam (FIB) applications in semiconductors, but the analogy is quite real. Focused ion beam technology is an ingenious technique, developed as a tool to aid in the development, manufacturing, and reworking of chips. But it also can be used to hack them.

Focused ion beam technology has been in existence since the early 1990s. Early versions were somewhat clumsy, inaccurate, expensive, limited in what they could do, and mostly confined to mask repair.

Figure 1. Modern FIB system setup. Courtesy FEI

Figure 1. Modern FIB system setup. Courtesy FEI

Within the last few years, however, they have been updated using the latest laser technologies and computer guided systems (see Figure 1). And, in those same few years they have come to be a most useful, tool for IC manufacturing and rework. That is the good side.

On the dark side, they have been put to use doing the same things they do in design and manufacturing, but to a different end. The goal here is to obtain, leak or corrupt sensitive data, security keys, or confidential information.

What they are, what they do and how they do it
FIB systems are similar in function to scanning electron microscopes (SEM). The difference is that, rather than a beam of electrons, FIB systems use a finely focused beam of gallium ions. In such systems, the ions can be controlled to operate at low beam currents for imaging, or high beam currents for site specific sputtering or milling. Both modes serve both masters – engineers and hackers, in much the same way.

A gallium ion is approximately 50,000 times heavier than an electron. This overwhelming mass of the gallium ions permits them to, ballistically, dislodge, or sputter electrons on the surface of substrate. In high-energy mode, when they impact the target, they sputter away atoms from the surface.

In gas form, these same ions can be injected close to the surface and used for material deposition.

Legitimately, these techniques are extremely useful for things like device edits on prototype devices to fix design errors, incorporate last-minute changes requested by clients, run experiments, probe circuits for failure analysis (FA), etc. Simply put, FIB systems used for circuit editing allow designers to cut traces or add material to the substrate within a chip, enabling them to redirect signals, rework trace paths and add or remove components. Figure 2 is a schematic of a FIB column.

Figure 2. Schematic diagram of a FIB ion column. Courtesy: IBM Almaden Research Center

Figure 2. Schematic diagram of a FIB ion column. Courtesy: IBM Almaden Research Center

The benefit of FIB
FIB systems can do, in a matter of hours, prior to mask changes, things that would have required a complete redesign and rework of the device. It is akin to baking a tray of cookies from the original formula, and modifying the recipe of a single cookie until you have the exact combination of ingredients that is desired. Then one uses that formula to make the next batch of cookies and, theoretically, they all come out exactly like the modified cookie.

The concept is that rather than make batch after batch of expensive reworked wafers, FIB systems rework one wafer, and the next run is based upon the modified single wafer model. This approach can save millions of dollars for each new lot of wafers that would have had to be run if the FIB system didn’t exist.

These systems are also a boon for performing system and board level checks. With today’s state-of-the-art equipment, it is possible to edit circuits with gate dimensions of 28nm and smaller, including multi-layer metal stacks, and in flip-chip and other advanced chip-scale form factors. Devices can be worked iteratively until the correct result is achieved. This is also extremely useful in failure analysis and test – analyze the defect, modify the wafer and see how the device behaves.

The other side
This same process works extremely well in the hands of hackers, too. Because the FIB system can be used as an etching tool, hackers can use it to cut traces. This can cause consequences such as disabling intrusion detection or removing protection technologies such as optical sensors or tamper meshes. The hacker is then free to probe the chip without fear of internal security measures destroying data.

On the sputtering or milling side, in the hacker’s hands, the FIB system is used to bridge traces. The result is that data can be rerouted to extraction pins, or the chips I/O pins for collection. Typically, the hacker uses this to obtain security keys, personal data, proprietary or other sensitive information stored in memory or other secure locations in the chip.

FIB attacks require a lot of expertise on the part of the hacker, and they are expensive—$500,000 and up, with the most sophisticated versions costing millions of dollars. As a result, FIB attacks generally aren’t directed at someone’s credit card or smart phone SIM chip. They are used for hacking high-value targets, searching for access keys, secret codes, proprietary data or secure/sensitive data, or access to it in areas such as government, military, or industrial secrets. An example might be to learn the workings of a control chip in a missile or smart bomb and then figuring out how to disable, or worse yet, redirect it en route. Or it can be used to hack chips that control the energy or communications grids.

How the dark side goes about FIB hacking
One technique of how an adversary can attempt to compromise a chip is called FIB microsurgery. One example might be that the hacker is be attempting to disable integrated security mechanisms specific to a particular IC.

In such a case, the scenario of getting to the circuit layers takes a number of steps. While there are other methods that can be applied, the most common is to first remove the IC package with a corrosive material. Next the chip is delayered. In today’s modern ICs, this is a tedious task. Even lower-end chips can have up to a dozen layers of metal, made up of an esoteric combination of materials. Such material is used, in various combinations to create semiconductors, dielectrics, and integrated components, including RF, power rails, memory, MEMS devices, inductors, various analog circuits, and a myriad of other devices. Once delayed, the FIB comes into play.

If they are successful and have access to the, now unprotected, circuits, they can use the FIB to mill holes through the substrate, down to the traces—even ones that are buried below many other layers. The next step is to work on these circuits. This is where cutting the traces happens and this, generally, attempts to physically disconnect some, or all of the circuitry that implements security functions.

Once the security has been disabled, the trace points are connected either to a power source or ground. By applying power or grounding a trace, if the trace is connected to a control circuit, it is possible to permanently enable or disable circuitry. If the hacker has some inkling about how the chip is laid out, (and those that attempt this are generally knowledgeable in chip design), they can selectively disable many security and other circuits that are implemented in the hardware.

Another approach is to use the FIB system to access and observe running processes. The FIB is used to attach probes to specific circuits in the IC and the process is captured.

One of the latest in such attempts is a rather edge-of-the-envelope proof-of-concept technique demonstrated by researchers at Berlin’s Technical University. For this discussion, a condensed version is presented. The full details can be found here.

The procedure used a low-level security chip found in TiVo applications. The first step was to mill it down to 30 microns. Then, a FIB was used to dig a couple of trenches in an area suspected of containing data. Next, a couple of wiretap communications channels probes were inserted.

Once the chip was set up, it was placed under and electron microscope fitted with an infrared camera. The chip was then fired up and the camera captured the heat signature of the of the encryption algorithms that were running through the communication probes. While this was only a proof of concept, it showed that the theory is sound and the results were successful. It extrapolates, according to the research team, that with top-of–the-line equipment, even military-grade security chips, could be compromised using this technique.

Conclusion
Once again, as is often the case, technology developed to aid design and engineering can be used for other purposes. FIB devices have become an indispensable tool for both sides of the camp. General opinion is that there is no practical method to make chips FIB-proof.

And, since there is no possibility of making chips hack-proof, FIB or otherwise, the best one can do is raise the frustration bar for the hacker.
Chip designers would be about as far ahead of the game as possible if they thought like a hacker. The best mentality is to make hacking the chip as costly and time consuming as possible. Unfortunately, in the Internet of Things/Everything, Cloud of Things (IoT/E, CoT), where everything is connected to everything else, most of the chips will be of the low-end variety. So the biggest challenge for designers of these devices is to find a way to secure those devices, cheaply and effectively.