—This paper shows that optical emissions from an operating chip have a good correlation with power traces and can therefore be used to estimate the contribution of different areas within the chip. I present a low-cost approach using inexpensive CCD cameras. The technique was used to recover data stored in SRAM, EEPROM and Flash of a 0.9 µm microcontroller. The result of a backside approach in analysing a 0.13 µm chip is also presented. Practical limits for this analysis in terms of sample preparation, operating conditions and chip technology are also discussed. Optical emission analysis can be used for partial reverse engineering of the chip structure by spotting the active areas. This can assist in carrying out optical fault injection attacks later, thereby saving the time otherwise required for exhaustive search.
Sergei P. Skorobogatov