>
curriculum/Digital IC Applications
section 7 of 93 min read

7. Hardware Security: Putting It Together

Each technology in this chapter has its own attack surface. A consolidated view.

7.1 Logic-family attacks

  • Bus contention as fault injection. Forcing two tri-state outputs to drive the same line shorts the supply briefly, droops the rail, and corrupts computations. Glitching attacks on smartcards exploit this with carefully timed bus enables.
  • Power-trace side channels. A chip's instantaneous current depends on what bits are switching. Differential Power Analysis (DPA) reads power traces and correlates them with hypotheses about the secret key. Bipolar logic (TTL, ECL) leaks less because it draws constant current; CMOS leaks more because P=CV2fP = CV^2 f scales with switching activity. Defenses: dual-rail logic, current-balanced standard cells, decoupling, masking.
  • Clock glitching. Pulsing the clock too fast pushes flip-flops past their setup time and corrupts state. Many secure microcontrollers detect this with on-die clock-monitor circuitry.

7.2 Memory attacks

  • Cold-boot attacks (SRAM/DRAM remanence). Cool RAM with freeze spray, transplant, dump. Recovers FDE keys, session keys, decrypted secrets.
  • Rowhammer (DRAM cell coupling). Hammer rows to flip bits in adjacent rows. Used to escalate privileges, escape sandboxes (Project Zero on Linux, NaCl, Chrome).
  • Flash data remanence. Erased flash retains residual charge readable by lab techniques. Mitigation: secure-erase commands, multiple overwrites, cryptographic erase.
  • EPROM UV defeat. Shine UV through the package to clear protection fuses. Defeated 1980s-90s "secure" microcontrollers.
  • DRAM DMA attacks. PCIe devices with bus-master DMA can read all of memory unless an IOMMU restricts access. Defeats firmware password locks, encryption keys, anti-cheat measures.
  • NVDIMM persistence attacks. Battery-backed NVDIMM holds data through power-off. Attacker takes the DIMM home and reads it.

7.3 PLD/FPGA attacks

  • Bitstream cloning. Read external configuration flash, copy bitstream, clone the FPGA's behavior. Mitigated by bitstream encryption (AES with on-die key).
  • DPA on bitstream decryptor. Side-channel against the AES decryption block during bitstream load. Has broken Xilinx Virtex-II (2011) and 7-series (2020).
  • JTAG dump. If JTAG is unlocked, read out the FPGA's configured fabric or the embedded ARM core's memory. Fix: blow JTAG-lock eFuses on production parts.
  • Hardware Trojans in HDL. Malicious modifications to the RTL during third-party IP integration. Hard to detect because synthesis maps to gates; the trojan is buried in the netlist.
  • Time-of-check-time-of-use (TOCTOU) on partial reconfiguration. Reconfigure part of the FPGA mid-operation and slip in an alternate logic path.

7.4 HDL-level attacks

  • Trojan in IP cores. A licensed IP block contains hidden activation logic. Triggered by a magic input, it leaks data or disables security.
  • Trojan in EDA tools. Modified place-and-route tools that introduce backdoors. Discussed in academic papers; a real-world example is unknown.
  • Untrusted foundry. The mask sent to the fab is modified on-site. Detection by post-silicon imaging and electrical characterization. The reason high-assurance designs use trusted foundries (DARPA Trusted Foundry program; Intel's defense fab).