Evaluation of Low-Cost Thermal Laser Stimulation for Data Extraction and Key Readout
This work makes TLS attacks more accessible to attackers by significantly lowering the cost barrier, posing an increased security threat to hardware devices like FPGAs and microcontrollers.
The researchers tackled the high cost of thermal laser stimulation (TLS) attacks for extracting cryptographic keys from hardware by evaluating a low-cost retrofitted system, demonstrating successful attacks at a hardware cost of around $100k, which is at least a fivefold reduction compared to professional equipment.
Recent attacks using thermal laser stimulation (TLS) have shown that it is possible to extract cryptographic keys from the battery-backed memory on state-of-the-art field-programmable gate arrays (FPGAs). However, the professional failure analysis microscopes usually employed for these attacks cost in the order of 500k to 1M dollars. In this work, we evaluate the use of a cheaper commercial laser fault injection station retrofitted with a suitable amplifier and light source to enable TLS. We demonstrate that TLS attacks are possible at a hardware cost of around 100k dollars. This constitutes a reduction of the resources required by the attacker by a factor of at least five. We showcase two actual attacks: data extraction from the SRAM memory of a low-power microcontroller and decryption key extraction from a 20-nm technology FPGA device. The strengths and weaknesses of our low-cost approach are then discussed in comparison with the conventional failure analysis equipment approach. In general, this work demonstrates that TLS backside attacks are available at a much lower cost than previously expected.