In this article, a methodology to extract Flash EEPROM memory contents is presented. Samples are first backside prepared to expose the tunnel oxide of floating gate transistors. Then, a Scanning Electron Microscope (SEM) in the so called Passive Voltage Contrast (PVC) mode allows distinguishing ‘0’ and ‘1’ bit values stored in individual memory cell. Using SEM operator-free acquisition and standard image processing technique we demonstrate the possible automating of such technique over a full memory. The presented fast, efficient and low cost technique is successfully implemented on 0.35μm technology node microcontrollers and on a 0.21μm smart card type integrated circuit. The technique is at least two orders of magnitude faster than state-of-the-art Scanning Probe Microscopy (SPM) methods. Without adequate protection an adversary could obtain the full memory array content within minutes. The technique is a first step for reverse engineering secure embedded systems.
CITATION STYLE
Courbon, F., Skorobogatov, S., & Woods, C. (2017). Reverse engineering flash EEPROM memories using scanning electron microscopy. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10146 LNCS, pp. 57–72). Springer Verlag. https://doi.org/10.1007/978-3-319-54669-8_4
Mendeley helps you to discover research relevant for your work.