Skip to main content
SpringerLink
Log in

Towards Direct-Control Data Acquisition by Nano-Probing Non-Volatile Memory Cells

  • Chapter
  • First Online:
Advances in Digital Forensics XIX (DigitalForensics 2023)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 687))

Included in the following conference series:

  • 117 Accesses

Abstract

This chapter describes a data acquisition method for non-volatile memory that directly interfaces with the floating-gate transistors on a silicon die using nano-probes under a scanning electron microscope. The method involves chip preparation, memory cell reverse engineering, contact point identification and disinterring, following which nano-probes are positioned on control points on the die that are attached to the address, bit and ground lines associated with an individual memory cell. After the connections are established, a highly-sensitive sourcemeter applies voltage in a sweeping pattern to the address lines to enable current to flow between the bit and ground lines. The sourcemeter measures the minuscule current flow in the floating-gate transistor of the targeted memory cell to determine if it stores a zero or one. The research literature does not describe a data acquisition method that actively probes individual memory cells to read data.

Extensive experiments on ATmega328P microcontrollers demonstrate that the chip preparation, memory cell reverse engineering and contact point identification steps are successful. However, after the contact point disinterring step, it was difficult to verify that the contact points were fully exposed and free from contamination and damage. Indeed, the difficulty establishing consistent electrical connections between the nano-probe tips and address, bit and ground lines yielded non-ideal results. Nevertheless, the direct-control data acquisition method for non-volatile memory and the accompanying workflow that customizes a direct-control data acquisition method to a specific microcontroller or memory chip are technically sound.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Allied High Tech Products, X-Prep Precision Milling/Polishing System, Rancho Dominguez, California (www.alliedhightech.com/Equipment/x-prep-mechanical-mill), 2022.

  2. J. Autran, D. Munteanu, G. Gasiot and P. Roche, Computational modeling and Monte Carlo simulation of soft errors in flash memories (Chapter 17), in Computational and Numerical Simulations, J. Awrejcewicz (Ed.), InTech, Rijeka, Croatia, pp. 367–393, 2014.

    Google Scholar 

  3. J. Breier, D. Jap and C. Chen, Laser profiling for the backside fault attacks with a practical laser skip instruction attack on AES, Proceedings of the First ACM Workshop on Cyber-Physical System Security, pp. 99–103, 2015.

    Google Scholar 

  4. A. Buraga, Protecting microcontrollers. Implementing firmware hardening and secure boot on STM32, HackMag (hackmag.com/security/protec-stm32), 2022.

    Google Scholar 

  5. D. Bursky, Secure microcontrollers keep data safe, Digi-Key Electronics, Thief River Falls, Minnesota (www.digikey.com/en/articles/secure-microcontrollers-keep-data-safe), July 8, 2011.

  6. F. Courbon, S. Skorobogatov and C. Woods, Reverse engineering flash EEPROM memories using scanning electron microscopy, Proceedings of the Fifteenth International Conference on Smart Card Research and Advanced Applications, pp. 57–72, 2016.

    Google Scholar 

  7. A. Daga, AVR ATmega16/32 fuse bits, Engineers Garage, Jaipur, India (www.engineersgarage.com/avr-atmega16-32-fuse-bits), March 28, 2011.

  8. C. De Nardi, R. Desplats, P. Perdu, C. Guerin, J. Gauffier and T. Amundsen, Direct measurements of charge in floating gate transistor channels of flash memories using scanning capacitance microscopy, Proceedings of the Thirty-Second International Symposium for Testing and Failure Analysis, pp. 86–93, 2006.

    Google Scholar 

  9. A. Fievrea, A. Al-Aakhir and S. Bhansalia, Integrated circuit security: An overview, Journal of the Institute of Smart Structures and Systems, vol. 4(1), pp. 18–37, 2015.

    Google Scholar 

  10. S. Hossain, Chip to chip communication protocols: An overview and design considerations, PCBWay, Hong Kong, China (www.pcbway.com/blog/PCB_Design_Tutorial/Chip_to_Chip_Communication_Protocols__An_Overview_and_Design_Considerations.html), April 24, 2021.

  11. O. Kommerling and F. Kommerling, Anti Tamper Encapsulation for an Integrated Circuit, U.S. Patent no. 7,005,733 B2, February 28, 2006.

    Google Scholar 

  12. K. Magdy, Configuration bits (fuses) for microcontrollers, DeepBlue (www.deepbluembedded.com/configuration-bits-fuses-for-microcontrollers), April 21, 2021.

  13. Microchip Technology, In-Circuit Emulator and Debugger Selection Guide, Chandler, Arizona (www.microchip.com/en-us/tools-resources/debug/programmers-debuggers), 2022.

  14. S. Mohieldin, Hardware Hacking 101: Introduction to JTAG, River Loop Security Blog, Washington, DC (www.riverloopsecurity.com/blog/2021/05/hw-101-jtag), May 6, 2021.

  15. S. Prado, Extracting firmware from devices Using JTAG, EmbeddedBits, Sao Paulo, Brazil (embeddedbits.org/2020-02-20-extracting-firmware-from-devices-using-jtag), 2021.

    Google Scholar 

  16. S. Rainwater, Physically-Invasive Forensic Data Recovery Techniques, Ph.D. Dissertation in Computer Engineering, Tandy School of Computer Science and Department of Electrical and Computer Engineering, University of Tulsa, Tulsa, Oklahoma, 2014.

    Google Scholar 

  17. A. Sguigna, Securing the JTAG interface, ASSET, ASSET InterTech, Plano, Texas (www.asset-intertech.com/resources/blog/2019/07/securing-the-jtag-interface), July 21, 2019.

  18. B. Streetman and S. Banerjee, Solid State Electronic Devices, Pearson Education, Harlow, United Kingdom, 2016.

    Google Scholar 

  19. J. Tyson, How computer memory works, HowStuffWorks, Marina Del Rey, California (www.computer.howstuffworks.com/computer-memory1.htm), August 23, 2000.

  20. N. Weste and D. Money Harris, CMOS VLSI Design: A Circuits and Systems Perspective, Pearson Education, Boston, Massachusetts, 2011.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Tulsa, Tulsa, Oklahoma, USA

    Shawn McKay, Nathan Hutchins & Sujeet Shenoi

  2. U.S. Secret Service National Computer Forensics Institute Laboratory, Tulsa, Oklahoma, USA

    Steven Baskerville

Authors
  1. Shawn McKay
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nathan Hutchins
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Steven Baskerville
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sujeet Shenoi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sujeet Shenoi .

Editor information

Editors and Affiliations

  1. Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson AFB, OH, USA

    Gilbert Peterson

  2. Keplinger Hall 3315, University of Tulsa, Tulsa, OK, USA

    Sujeet Shenoi

Rights and permissions

Reprints and permissions

Copyright information

© 2023 IFIP International Federation for Information Processing

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

McKay, S., Hutchins, N., Baskerville, S., Shenoi, S. (2023). Towards Direct-Control Data Acquisition by Nano-Probing Non-Volatile Memory Cells. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XIX. DigitalForensics 2023. IFIP Advances in Information and Communication Technology, vol 687. Springer, Cham. https://doi.org/10.1007/978-3-031-42991-0_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-42991-0_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-42990-3

  • Online ISBN: 978-3-031-42991-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation