The security of integrated circuits (ICs) can be broken by sophisticated physical attacks relying on failure analysis methods. Optical probing is one of the most prominent examples of such attacks, which can be accomplished in a matter of days, even with limited knowledge of the IC under attack. Unfortunately, few countermeasures are proposed in the literature, and none has been fabricated and tested in practice. These countermeasures usually require changing the standard cell libraries and, thus, are incompatible with digital and programmable platforms, such as field programmable gate arrays (FPGAs). In this work, we shift our attention from preventing the attack to detecting and responding to it. We introduce LaserEscape, the first fully digital and FPGA-compatible countermeasure to detect and mitigate optical probing attacks. LaserEscape incorporates digital delay-based sensors to reliably detect the physical alteration on the fabric caused by laser beam irradiations in real time. Furthermore, as a response to the attack, LaserEscape deploys real-time hiding approaches using randomized hardware reconfigurability. It realizes 1) moving target defense (MTD) to physically move the sensitive circuity under attack out of the probing field of focus to protect secret keys and 2) polymorphism to logically obfuscate the functionality of the targeted circuit to counter function extraction and reverse engineering attempts. We demonstrate the effectiveness and resiliency of our approach by performing optical probing attacks on protected and unprotected designs on a 28-nm FPGA. Our results show that optical probing attacks can be reliably detected and mitigated without interrupting the chip's operation.

翻译：集成电路（IC）的安全性可能受到利用失效分析方法的精密物理攻击的威胁。光学探测是此类攻击中最突出的例子之一，即便攻击者对受攻击IC的了解有限，也仅需数日即可实施。遗憾的是，现有文献提出的防护措施极少，且尚无实际制造并测试的方案。这些防护措施通常需要修改标准单元库，因此与数字及可编程平台（如现场可编程门阵列，FPGA）不兼容。本研究将关注点从预防攻击转向检测与响应攻击。我们提出LaserEscape——首款全数字且兼容FPGA的防护方案，用于检测并缓解光学探测攻击。LaserEscape集成基于数字延迟的传感器，可实时可靠地检测由激光束照射引起的晶圆物理变化。此外，作为攻击响应，LaserEscape利用随机硬件可重构性部署实时隐藏方法：1）移动目标防御（MTD）将受攻击的敏感电路物理移出探测聚焦区域以保护密钥；2）多态性在逻辑上混淆目标电路的功能，以对抗功能提取与逆向工程。我们通过在28纳米FPGA上对受保护与未受保护设计实施光学探测攻击，验证了本方法的有效性与鲁棒性。结果表明，光学探测攻击可在不中断芯片运行的情况下被可靠检测与缓解。