CAD for Assurance of Electronic Systems

Probing Attacks


Probing attacks are an invasive method for bypassing security measures by observing the physical silicon implementation of a chip. As an invasive attack, one directly accesses the internal wires and connections of a targeted device and extracts sensitive information. In combination with reverse engineering, this poses a serious threat. A typical probing attack will begin with decapsulation to expose the silicon die. Once done, an attacker can begin reverse engineering the device. By extracting the netlist, one can begin to understand the functionality and identify signals to target. Once the attacker finds a targeted signal and can map them to coordinates on a device, they can begin milling. By milling they expose the internal wires of the device. They can then form an electrical connection and begin extracting information. In order to protect against such attacks, it is important for a designer to identify possible targets and take appropriate measures. Examples of such targets can include the following:

  • Encryption keys
  • Firmware and configuration bitstreams
  • On-device protected data
  • Cryptographic random numbers

Some common countermeasures include shields and t-private circuits. Shields contain a layer of wires whose signals are monitored for disturbances caused by milling. T-private circuits aim to split signals up in order or exhaust an attacker’s resources by requiring them to use t + 1 number of probes to extract 1 bit of information. Other methods include light sensors to detect decapsulation and scrambling wire signals to prevent repetitive patterns.

Related Tools


Meade, Travis; Portillo, Jason; Zhang, Shaojie; Jin, Yier

NETA: When IP Fails, Secrets Leak Proceedings Article

In: Proceedings of the 24th Asia and South Pacific Design Automation Conference, pp. 90–95, Association for Computing Machinery, Tokyo, Japan, 2019, ISBN: 9781450360074.

Abstract | Links | BibTeX

Facon, Adrien; Guilley, Sylvain; Lec'hvien, Matthieu; Marion, Damien; Perianin, Thomas

Binary Data Analysis for Source Code Leakage Assessment Proceedings Article

In: Innovative Security Solutions for Information Technology and Communications, pp. 391–409, Springer International Publishing, Cham, 2019, ISBN: 978-3-030-12942-2.

Abstract | Links | BibTeX

Souissi, Youssef; Facon, Adrien; Guilley, Sylvain

Virtual Security Evaluation Proceedings Article

In: Carlet, Claude; Guilley, Sylvain; Nitaj, Abderrahmane; Souidi, El Mamoun (Ed.): Codes, Cryptology and Information Security, pp. 3–12, Springer International Publishing, Cham, 2019, ISBN: 978-3-030-16458-4.

Abstract | Links | BibTeX

Meade, Travis; Shamsi, Kaveh; Le, Thao; Di, Jia; Zhang, Shaojie; Jin, Yier

The Old Frontier of Reverse Engineering: Netlist Partitioning Journal Article

In: Journal of Hardware and Systems Security, vol. 2, no. 3, pp. 201-213, 2018.

Abstract | Links | BibTeX

Mathieu, Brandon L.; McCue, Jamin J.; Duncan, Lucas; Dupaix, Brian; Lavasani, Hossein Miri; Khalil, Waleed

A Capacitively Coupled, Pseudo Return-to-Zero Input, Latched-Bias Data Receiver Journal Article

In: IEEE Journal of Solid-State Circuits, vol. 53, no. 9, pp. 2500-2511, 2018, ISSN: 1558-173X.

Abstract | Links | BibTeX

Takarabt, Sofiane; Chibani, Kais; Facon, Adrien; Guilley, Sylvain; Mathieu, Yves; Sauvage, Laurent; Souissi, Youssef

Pre-silicon Embedded System Evaluation as New EDA Tool for Security Verification Proceedings Article

In: 2018 IEEE 3rd International Verification and Security Workshop (IVSW), pp. 74-79, 2018.

Abstract | Links | BibTeX

Meade, Travis; Jin, Yier; Tehranipoor, Mark; Zhang, Shaojie

Gate-Level Netlist Reverse Engineering for Hardware Security: Control Logic Register Identification Proceedings Article

In: 2016 IEEE International Symposium on Circuits and Systems (ISCAS), pp. 1334-1337, IEEE, Montreal, QC, Canada, 2016.

Abstract | Links | BibTeX

Meade, Travis; Zhang, Shaojie; Jin, Yier

Netlist Reverse Engineering for High-Level Functionality Reconstruction Proceedings Article

In: 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC), pp. 655-660, ASP-DAC IEEE, Macau, 2016, (Best Paper Award).

Abstract | Links | BibTeX