Although the implementation of multiple countermeasures, both hardware and software, are making integrated circuits more and more secure, the backside of a chip is still considered as a vulnerability regarding physical attacks.
A novel protection structure will be presented here, which consists in combining several elements to make it impossible for a hacker to use the backside of a chip as an access to the active parts of the IC without triggering an alert.
The integration flow is using standard processes coming from the world of packaging and it is applied on commonly available industrial tools. Cybersecurity by hardware can thus be implemented at low additional cost.
In order to weaken the chip in case of milling, deep cavities are etched into the substrate. They are lined with a 3D metallic shield that block the IR wavelengths commonly used for fault injection. This part of the structure is fabricated using standard TSV last process steps. These cavities are then corked with a polymer so that RDL-like metallic serpentines connected to TSVs can meander all over the protected area. This constitutes the active part of the shield, since the integrity of the serpentines can be controlled by measuring their electrical resistance. Finally the structure is covered with a thick protection layer with specific properties: it is FIB-resistant and fully opaque to IR.
In order to evaluate the efficiency of the countermeasures, a test vehicle has been designed and fabricated with metal pads on one side and with the protection structure on the other side. The backside process was done using a glass carrier in order to handle the wafers after thinning below 200μm. After debonding, the wafers were tested and singulated before being hacked.
A realistic scenario of physical attacks will be presented together with the physical, optical and electrical characterizations after the different attacks including (P)FIB ablation, micro-milling, chemical etching and laser illumination. We will conclude on the interest of such a structure for IoT or other applications that require protecting confidential data.
Laser fault injection into SRAM cells: Picosecond versus nanosecond pulses
