Abstract
This chapter describes a data acquisition method for non-volatile memory that directly interfaces with the floating-gate transistors on a silicon die using nano-probes under a scanning electron microscope. The method involves chip preparation, memory cell reverse engineering, contact point identification and disinterring, following which nano-probes are positioned on control points on the die that are attached to the address, bit and ground lines associated with an individual memory cell. After the connections are established, a highly-sensitive sourcemeter applies voltage in a sweeping pattern to the address lines to enable current to flow between the bit and ground lines. The sourcemeter measures the minuscule current flow in the floating-gate transistor of the targeted memory cell to determine if it stores a zero or one. The research literature does not describe a data acquisition method that actively probes individual memory cells to read data.
Extensive experiments on ATmega328P microcontrollers demonstrate that the chip preparation, memory cell reverse engineering and contact point identification steps are successful. However, after the contact point disinterring step, it was difficult to verify that the contact points were fully exposed and free from contamination and damage. Indeed, the difficulty establishing consistent electrical connections between the nano-probe tips and address, bit and ground lines yielded non-ideal results. Nevertheless, the direct-control data acquisition method for non-volatile memory and the accompanying workflow that customizes a direct-control data acquisition method to a specific microcontroller or memory chip are technically sound.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Allied High Tech Products, X-Prep Precision Milling/Polishing System, Rancho Dominguez, California (www.alliedhightech.com/Equipment/x-prep-mechanical-mill), 2022.
J. Autran, D. Munteanu, G. Gasiot and P. Roche, Computational modeling and Monte Carlo simulation of soft errors in flash memories (Chapter 17), in Computational and Numerical Simulations, J. Awrejcewicz (Ed.), InTech, Rijeka, Croatia, pp. 367–393, 2014.
J. Breier, D. Jap and C. Chen, Laser profiling for the backside fault attacks with a practical laser skip instruction attack on AES, Proceedings of the First ACM Workshop on Cyber-Physical System Security, pp. 99–103, 2015.
A. Buraga, Protecting microcontrollers. Implementing firmware hardening and secure boot on STM32, HackMag (hackmag.com/security/protec-stm32), 2022.
D. Bursky, Secure microcontrollers keep data safe, Digi-Key Electronics, Thief River Falls, Minnesota (www.digikey.com/en/articles/secure-microcontrollers-keep-data-safe), July 8, 2011.
F. Courbon, S. Skorobogatov and C. Woods, Reverse engineering flash EEPROM memories using scanning electron microscopy, Proceedings of the Fifteenth International Conference on Smart Card Research and Advanced Applications, pp. 57–72, 2016.
A. Daga, AVR ATmega16/32 fuse bits, Engineers Garage, Jaipur, India (www.engineersgarage.com/avr-atmega16-32-fuse-bits), March 28, 2011.
C. De Nardi, R. Desplats, P. Perdu, C. Guerin, J. Gauffier and T. Amundsen, Direct measurements of charge in floating gate transistor channels of flash memories using scanning capacitance microscopy, Proceedings of the Thirty-Second International Symposium for Testing and Failure Analysis, pp. 86–93, 2006.
A. Fievrea, A. Al-Aakhir and S. Bhansalia, Integrated circuit security: An overview, Journal of the Institute of Smart Structures and Systems, vol. 4(1), pp. 18–37, 2015.
S. Hossain, Chip to chip communication protocols: An overview and design considerations, PCBWay, Hong Kong, China (www.pcbway.com/blog/PCB_Design_Tutorial/Chip_to_Chip_Communication_Protocols__An_Overview_and_Design_Considerations.html), April 24, 2021.
O. Kommerling and F. Kommerling, Anti Tamper Encapsulation for an Integrated Circuit, U.S. Patent no. 7,005,733 B2, February 28, 2006.
K. Magdy, Configuration bits (fuses) for microcontrollers, DeepBlue (www.deepbluembedded.com/configuration-bits-fuses-for-microcontrollers), April 21, 2021.
Microchip Technology, In-Circuit Emulator and Debugger Selection Guide, Chandler, Arizona (www.microchip.com/en-us/tools-resources/debug/programmers-debuggers), 2022.
S. Mohieldin, Hardware Hacking 101: Introduction to JTAG, River Loop Security Blog, Washington, DC (www.riverloopsecurity.com/blog/2021/05/hw-101-jtag), May 6, 2021.
S. Prado, Extracting firmware from devices Using JTAG, EmbeddedBits, Sao Paulo, Brazil (embeddedbits.org/2020-02-20-extracting-firmware-from-devices-using-jtag), 2021.
S. Rainwater, Physically-Invasive Forensic Data Recovery Techniques, Ph.D. Dissertation in Computer Engineering, Tandy School of Computer Science and Department of Electrical and Computer Engineering, University of Tulsa, Tulsa, Oklahoma, 2014.
A. Sguigna, Securing the JTAG interface, ASSET, ASSET InterTech, Plano, Texas (www.asset-intertech.com/resources/blog/2019/07/securing-the-jtag-interface), July 21, 2019.
B. Streetman and S. Banerjee, Solid State Electronic Devices, Pearson Education, Harlow, United Kingdom, 2016.
J. Tyson, How computer memory works, HowStuffWorks, Marina Del Rey, California (www.computer.howstuffworks.com/computer-memory1.htm), August 23, 2000.
N. Weste and D. Money Harris, CMOS VLSI Design: A Circuits and Systems Perspective, Pearson Education, Boston, Massachusetts, 2011.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
McKay, S., Hutchins, N., Baskerville, S., Shenoi, S. (2023). Towards Direct-Control Data Acquisition by Nano-Probing Non-Volatile Memory Cells. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XIX. DigitalForensics 2023. IFIP Advances in Information and Communication Technology, vol 687. Springer, Cham. https://doi.org/10.1007/978-3-031-42991-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-42991-0_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-42990-3
Online ISBN: 978-3-031-42991-0
eBook Packages: Computer ScienceComputer Science (R0)