We have built up a lot of devices. Here is how each one shows up at the attack/defense layer.
- Diodes as ESD-protection double as charge-injection paths in fault attacks. An attacker can sometimes inject current through the protection diodes in ways that flip internal state.
- Transistor threshold variation. Manufacturing variation makes every chip slightly different. Physically Unclonable Functions (PUFs) exploit this: they use mismatched threshold voltages across pairs of supposedly-identical transistors as a unique chip fingerprint, used to derive cryptographic keys without storing them.
- Voltage glitching exploits the temperature/voltage dependence of transistor thresholds. Briefly drop the supply, transistors do not switch quite right, instructions get corrupted, authentication checks fail open.
- Power analysis exploits the vs exponential — different operations consume slightly different currents, and the chip's power line waveform leaks information about what is being computed.
- Photodiode-based attacks: laser fault injection uses focused light pulses to flip individual bits in decapped chips.
- BJT-based bandgap references are used as on-die temperature sensors. Old vulnerabilities in chips (e.g., Pentium III) included reading these sensors to attempt thermal side-channel.
- MOSFET gate leakage at advanced nodes (below ~22 nm) leaks key-dependent information through static power.
- Radiation-induced soft errors: cosmic rays striking transistors generate electron-hole pairs that can flip bits — a continuous low-level threat against high-altitude or space electronics, mitigated with ECC and redundant computation.