Nano-Enigma: Uncovering the Secrets Within eFuse Memories

Presented at DEF CON 32 (2024), Aug. 10, 2024, 5:30 p.m. (45 minutes).

For years, eFuse-based memories were used to store sensitive information such as encryption keys, passwords, and other potentially confidential pieces of information. This practice was encouraged by several vendors who leverage such memory types for protecting the debugging interfaces using a password or for official way to store encryption keys for external flash memories. However, with the advances in technology and threat actors’ creativity, eFuse-based memories may take a hard hit on their confidentiality assurance as their physical properties could allow for a relatively easy extraction of the stored information. In this talk we will walk you through the journey of revealing one such data storage from decapsulating the chip itself, delayering it using common household items all the way to using advanced tools such as Scanning Electron Microscope (SEM) to read value of an encryption key and thus break the confidentiality of the encrypted flash memory. 1. "Solving Chip Security's Weakest Link." Design & Reuse, April 1, 2023, [link](https://www.design-reuse.com/articles/51232/solving-chip-security-s-weakest-link.html) 2. Laurie, Adam. "Fun with Masked ROMs - Atmel MARC4." Adams Blog, rfidiot.org, 1 Jan. 2013, [link](http://adamsblog.rfidiot.org/2013/01/fun-with-masked-roms.html) 3. Hoover, William. "Looking Inside a 1970s PROM Chip That Could Change Computing." RightO, 19 July 2019, [link](http://www.righto.com/2019/07/looking-inside-1970s-prom-chip-that.html) 4. Chen, Nick. "The Benefits of Antifuse OTP." Semiconductor Engineering, 19 Dec. 2016, [link](https://semiengineering.com/the-benefits-of-antifuse-otp/)

Presenters:

• Martin Petran - Embedded Systems Security Engineer at Accenture
  Martin is an embedded systems security engineer with 9+ years of professional experience working at Accenture in Prague, Czech Republic. His main areas of focus are reverse engineering, fuzzing and exploit development. Throughout his career, he has created/contributed to several open-source projects and presented at security focused conferences.
• Hayyan Ali - Security Delivery Senior Analyst at Accenture
  Hayyan Ali brings over a decade of expertise in mobile communication, radio planning, and optimization to the forefront of cutting-edge technological advancements. Currently pursuing a Ph.D. at the Czech Technical University in Prague, Hayyan's research focuses on the integration of Machine Learning within mobile networks' radio interfaces. In addition to his academic pursuits, Hayyan serves as a Security Delivery Senior Analyst at Accenture, where he spearheads initiatives to fortify mobile communication infrastructures. Leveraging his extensive knowledge, he specializes in detecting vulnerabilities within radio interface protocols, conducting penetration testing on wireless interfaces in IoT devices, and deploying Machine Learning algorithms to automate pen testing processes.
• Michal Grygarek - Security Architect at Accenture
  Michal has 20+ years of experience in the development of electronic systems and radio engineering. He specializes in cyber security of embedded systems, especially with relation to nanometer scale attack. His key expertise includes the methodology of decapsulation, delayering of silicon chips and their subsequent analysis using optical and electron microscopy.

Similar Presentations:

• DEF CON 32 (2024) / Laundering Money
• DEF CON 32 (2024) / Social Engineering Like you’re Picard
• DEF CON 32 (2024) / Defeating EDR Evading Malware with Memory Forensics