INSIGHTS, RESEARCH | February 4, 2025

New Academic Paper: Extraction of Secrets from 40nm CMOS Gate Dielectric Breakdown Antifuses by FIB Passive Voltage Contrast

In my previous blog post titled “Novel Invasive Attack on One-Time-Programmable Antifuse Memory,” and my post introducing IOActive’s silicon security eGuide titled “Threat Brief: Low-level Hardware Attacks,” I alluded to the fact that IOActive would be releasing a preprint academic paper on our novel attack technique for one-time-programmable (OTP) antifuse memory.

The lead researcher on this topic, Dr. Andrew Zonenberg, is a keynote speaker at the Hardware Reverse Engineering Workshop (HARRIS 2025), which will be held on the 17th and 18th of March 2025 in Bochum, Germany. Additional details are available in our blog post titled “Hardware Reverse Engineering Workshop (HARRIS) 2025.”

We have submitted this preprint paper to an academic conference and will share those details in a future blog post, should the paper be accepted.

Abstract

CMOS one-time-programmable (OTP) memories based on antifuses are widely used for storing small amounts of data (such as serial numbers, keys, and factory trimming) in integrated circuits (ICs) due to their low cost, as they require no additional mask steps to fabricate. Device manufacturers and IP vendors have claimed for years that antifuses are a “high security” memory that is significantly more difficult for an attacker to extract data from than other types of memory, such as flash or mask ROM; however, as our results show, this is untrue. In this paper, we demonstrate that data bits stored in a widely used antifuse block can be extracted by a semiconductor failure analysis technique known as passive voltage contrast (PVC) using a focused ion beam (FIB). The simple form of the attack demonstrated recovers the bitwise OR of two physically adjacent memory rows sharing common metal 1 contacts; however, we have identified several potential mechanisms by which it may be possible to read the even and odd rows separately. We demonstrate the attack on a commodity microcontroller made on the 40nm node and show how it can be used to extract significant quantities of sensitive data (such as keys for firmware encryption) in time scales that are very practical for real-world exploitation (one day of sample prep plus a few hours of FIB time), requiring only a single target device after initial reconnaissance has been completed on blank devices.

Supporting Open Science

Most of us who work on cutting-edge technologies and supporting science find our efforts stymied by closed access to general knowledge academic papers due to the antiquated journal model of publishing. We do not face these problems with our original cybersecurity research. We publicly present at cybersecurity conferences and publish our findings openly on the Internet in a responsible manner after completing a coordinated, responsible disclosure process with simple copyright protection.

We have chosen to release this academic paper under the Creative Commons license, specifically the CC-BY-NC-SA variant, which allows for non-commercial use with proper attribution, including derivative works, so long as they use the same license variant. Our intention is to support independent researchers and researchers at institutions without the significant budgets needed to acquire every academic journal and to encourage more research in this highly impactful area of interest.

This paper describes the PVC fuse extraction technique and sample preparation in sufficient detail to enable other research groups to replicate the work. Key microscope configuration parameters are included in the image databars.

The full physical address map of the RP2350 is included in the appendix, enabling other groups to easily program test devices with test patterns of their choice and experiment with data extraction techniques.

A series of Python scripts for converting a linear fuse dump from the “picotool” utility to a physically addressed ASCII art render (of both the individual bit values and the OR’d values seen via PVC), as well as for converting a desired test pattern to a linear fuse map, have been uploaded to an anonymous pastebin for review. The camera-ready version of the paper will link to a more permanent GitHub repository or similar.

Client Confidentiality Commitment

Our commitment to client confidentiality is sacrosanct and never impacted by our commitment to open science. We think it’s important to reinforce this point to remove any ambiguity about the strict separation between our research and our client work. On occasion, a project deliverable may be a research or assessment report made public at the request of the client due to their interest in disseminating the results for the public good. To avoid the appearance of a conflict of interest, we always note when we receive any material funding from a sponsor for the production of a report. The assessment reports released on client direction as part of Open Compute Project’s OCP SAFE program exemplify this practice, one of which you can find here. Other examples include studies we have conducted for our clients, such as on the security and performance of WiFi and 5G and the attack surface between generations of Intel processors.

Acknowledgments

The authors would like to thank Raspberry Pi for their cooperation throughout the competition and disclosure process, as well as Entropic Engineering for assistance with procuring scarce RP2350 samples shortly after the device had been released.

Additional Reading

IOActive recently released an eGuide titled “The State of Silicon Chip Hacking,” which is intended to make the very opaque topic of low-level attacks on microchips and ICs more accessible to security team members, business leaders, semiconductor engineers, and even laypersons. This eGuide is meant to be clear, concise, and accessible to anyone interested in the topic of low-level hardware attacks with an emphasis on invasive attacks using specialized equipment. To increase the accessibility of the eGuide to all readers, we made an effort to include high-quality graphics to illustrate the key concepts related to these attacks.