Military Embedded Systems

Ensuring data security in logic non-volatile memory applications: Floating-gate versus oxide rupture

Story

September 23, 2009

Todd Humes

Virage Logic

Military and other high-security applications demand data storage that cannot be compromised by methods such as reverse engineering. A comparison of methods for reverse engineering oxide rupture memories traditionally used for one-time programmable applications versus floating-gate technologies will be examined. Oxide rupture technologies will be shown to be more susceptible to attack by classic reverse engineering techniques than floating-gate technologies.

The requirement for embedded Non-Volatile Memory (NVM) in secure applications continues to grow, primarily in key storage applications for encryption and content protection. Commercial applications, such as High-Definition Multimedia Interface (HDMI)/High-bandwidth Digital Content Protection (HDCP) for authenticating and encrypting digital audio and video streams, continue to emerge. For HDMI licensees, steep financial consequences result from having the encryption key compromised. More secure applications, such as secure encryption of personal, financial, or military data, require a much more robust solution to avoid compromise. Common reverse engineering schemes for determining embedded memory contents and a comparison of two types of NVM in logic processes – oxide rupture versus floating-gate – are presented, illustrating that oxide rupture technologies are more susceptible to reverse engineering attacks and resulting security breaches than floating-gate technology.

Comparison of floating-gate and oxide rupture technologies

The differences between the data storage encoding methods of floating-gate and oxide rupture technologies present unique opportunities for reverse engineering. For floating-gate devices, oxides surround all sides of the gate and electrically isolate the charge-storing poly-silicon gate. The presence, or absence, of electrons stored on the poly-silicon gate encodes the data stored within the memory’s bit cell. In the logic NVM approach, the current through the CMOS transistor’s drain differentiates the data states, with high current or no current representing the data. Writing to floating-gates uses common techniques such as Fowler-Nordheim tunneling (electron tunneling through a barrier by the application of a high electric field) or hot carrier injection, where electrons gain sufficient kinetic energy to overcome a barrier.

In contrast, for oxide rupture technologies, a physical change to the CMOS transistor’s gate oxide encodes the data. This physical change results from intentional damage to the gate oxide. The gate oxide damage creates a conduction path from the poly-silicon gate to the silicon substrate. Programming occurs when a silicon filament forms due to self-heating within the gate oxide, connecting the gate to the silicon surface. For an unprogrammed gate, only normal device leakage current exists within the CMOS transistor. As such, a difference in resistance between gates encodes the data state.

A reverse engineering primer

Although many reverse engineering techniques exist, engineers use three primary methods: device cross-sections, top-down planar inspection using optical microscopy or Scanning Electron Microscope (SEM), and voltage contrast (also using a SEM). In order to appreciate their applicability for use on embedded NVM, an understanding of the fundamentals of each approach is necessary, as follows:

  • Device cross-sectioning uses physical deprocessing to cut the devices vertically for examination. Cross-sections typically reveal larger features such as poly-silicon gates, Shallow Trench Isolation (STI), spacers, contacts and vias, and oxides above and below the poly-silicon using Transmission Electron Microscopy (TEM). They are generally useful for determining larger defects related to processing rather than smaller defects such as pinholes in gate oxides used in oxide rupture technologies.
  • Top-down planar inspection reveals features using techniques such as optical microscopy or Scanning Electron Microcopy (SEM). To be effective, deprocessing removes one or more of the layers that obstruct the feature being examined. Deprocessing involves many different methods including Focused Ion Beam (FIB) milling, chemical etching, backside or frontside grinding (polishing), plasma etching, and other means. Required physical changes in the devices limit the effectiveness of this method.
  • Voltage contrast utilizes a scanning electron beam to place charge on various circuit nodes. Depending on the circuit topology and other devices connected to the node, the charge either remains or gradually decays from the node. Using digital imaging, nodes appear brighter or darker depending on their charge. Voltage contrast also requires physical deprocessing down to the layer of interest, similar to top-down planar inspection. By using this passive voltage contrast technique properly, operators read an NVM’s contents.

Deprocessing and inspection

Device cross-sectioning and top-down planar inspection rely on the fact that a physical change occurs and therefore represent useful techniques only for oxide rupture memories since floating-gate memories do not create any observable physical damage.

First, consider the first two methods for oxide rupture memories. For large arrays, an engineer would need to cross-section and image every single anti-fuse transistor in order to determine the contents of NVM. The rupture site for each device occurs randomly over the transistor’s area; thus, reading the contents would require copious amounts of time and luck in large arrays in order to find the memory’s contents. Cross-sectioning alone will not suffice as a technique for determining oxide rupture memory contents. Additionally, since there is no physical change in floating-gate memories, this technique will not work.

Next, microscopy techniques for oxide rupture memories may reveal the device’s contents. In order to start, the devices must be de-processed down to the poly-silicon layer. Once the device has been de-processed down to the poly-silicon layer either through plasma or wet-etching techniques or grinding or a combination of various techniques, the physical difference between devices with intact gate oxide compared against ones with ruptured gate oxide can be enhanced by doing a silicon wet etch.

Recall that during programming, programmed oxide rupture bit cells create a silicon filament between the gate and silicon surface. Silicon selective etching removes the poly-silicon gate as well as the filament through the silicon dioxide. The silicon etch will continue down through the silicon filament in the gate oxide and etch the silicon substrate surface, while the gate oxide will protect the silicon substrate surface wherever it is intact. Top-down inspection will show a divot in the gate area of programmed oxide rupture bit cells. Top-down inspection easily reveals the contents of the memory array. Figure 1 shows the results of top-down inspection of a device with ruptured gate oxide.

 

Figure 1: Silicon deprocessing highlights ruptured gate oxide.

(Click graphic to zoom by 1.3x)


21
 

 

Finally, for both floating-gate and oxide rupture memories, voltage contrast techniques may reveal NVM contents. For this technique to be effective, the devices must be deprocessed down to the poly-silicon gate as shown in Figure 2 below. Floating-gate memories must be de-processed down to poly-silicon gate. In anti-fuse memories, one poly-silicon gate can have many fuses on it. To electrically isolate the fuses from each other, the poly-silicon gates must be etched or polished back to at-or-below STI level. This deprocessing isolates the gates of the devices from other circuit elements so optimizing the voltage contrast eases.

 

Figure 2: Deprocessing is required for effective voltage contrast measurements.

(Click graphic to zoom by 1.9x)


22
 

 

To guarantee the results, the deprocessing cannot disturb memory contents. Floating-gate memories present unique challenges in this step, as the most effective techniques use plasma etching to remove the majority of the material. However, plasma etching often charges circuit nodes and could change the floating-gates charge and thus the NVM contents. Anytime the floating-gate is exposed, it is susceptible to having its contents disturbed or erased. To expose the floating-gate bit cells, only wet etch techniques guarantee minimum charge disturb. In contrast, oxide rupture technologies do not suffer from this limitation.

Next, once the samples have been successfully deprocessed, passive voltage contrast, either from a scanning electron microscope or focused ion beam, scans the memory arrays, bombarding the gates with charge. This process presents problems for floating-gate memories. Recall that in floating-gate memories, charge stored on the gate represents the digital state of the data: A floating-gate may be negatively charged (electron rich) or completely discharged (hole rich). In scanning the floating-gates with an electron beam, the negatively charged gates will repel the beam while positively charged gates will attract the electrons in the beam and, unfortunately, collect those electrons on the isolated gate. Those electrons will then rapidly become negatively charged. Thus, the beam disturbs the contents of the floating-gate memory. Effectively, no contrast optimization may be done prior to reading the memory, as the deprocessor has one shot at reading the entire memory array.

The same limitation does not apply for oxide rupture memories. In these memories, a ruptured oxide gate represents one data state while an unruptured gate represents the other data state. By deprocessing, the gates all become isolated, and thus ruptured gates look like leaky, resistive paths while unruptured gates electrically float. While scanning an electron beam over these memories, the deprocessor can raster scan the beam as long as necessary to optimize the contrast between ruptured and unruptured gates. Ruptured gates will draw the charge away while unruptured gates retain the charge. In this way, voltage contrast represents a very effective technique for determining an oxide rupture memory’s contents.

The best choice for secure applications

Security applications demand the highest level of robustness and protection from physical attacks and deprocessing, especially in military applications. Three reverse engineering techniques have been examined: device cross-sectioning, top-down planar inspection, and voltage contrast for oxide rupture and floating-gate memories. Of these methods, floating-gates represent the most robust storage against these types of attacks.

Todd Humes is senior director of engineering, embedded NVM group, at Virage Logic. He joined Virage Logic following its acquisition of Impinj’s IP products group. At Impinj, he served as chief technical officer and vice president, engineering. He currently holds 36 patents and more than 40 U.S. and foreign patent applications. Todd can be contacted at [email protected].

Virage Logic 206-336-4000 www.viragelogic.com

 

Featured Companies

Virage Logic

690 East Middlefield Road
Mountain View, CA 94043
Website
Categories
Comms - Encryption
Topic Tags
Avionics
Story
Case study: LiDAR system provides helicopter pilots a clear line of sight in brownouts

June 24, 2008

More Avionics
Radar/EW
Story
Streaming real-time video with CPUs/GPUs

October 12, 2011

More Radar/EW
A.I.
Photo credit: Advanced Brain Monitoring
News
DARPA surveillance system uses EEG for image filtering

September 20, 2012

More A.I.
Comms
Story
Hermetic power packaging vs. PEMs for mil electronics: No power issues here

July 27, 2011

More Comms