Reversing Stealthy Dopant-Level Circuits

[stef]

http://eprint.iacr.org/2014/508

>  Abstract: A successful detection of the stealthy dopant-level circuit
>  (trojan), proposed by Becker et al. at CHES 2013, is reported. Contrary to
>  an assumption made by Becker et al., dopant types in active region are
>  visible with either scanning electron microscopy (SEM) or focused ion beam
>  (FIB) imaging. The successful measurement is explained by an LSI failure
>  analysis technique called the passive voltage contrast. The experiments are
>  conducted by measuring a dedicated chip. The chip uses the diffusion
>  programmable device: an anti-reverse-engineering technique by the same
>  principle as the stealthy dopant-level trojan. The chip is delayered down
>  to the contact layer, and images are taken with (1) an optical microscope,
>  (2) SEM, and (3) FIB. As a result, the four possible dopant-well
>  combinations, namely (i) p+/n-well, (ii) p+/p-well, (iii) n+/n-well and
>  (iv) n+/p-well are distinguishable in the SEM images. Partial but
>  sufficient detection is also achieved with FIB. Although the stealthy
>  dopant-level circuits are visible, however, they potentially make a
>  detection harder. That is because the contact layer should be measured. We
>  show that imaging the contact layer is at most 16-times expensive than that
>  of a metal layer in terms of the number of images

-- 
otr fp: https://www.ctrlc.hu/~stef/otr.txt