Fight Against Optical Probing Attacks: Dummy Transistors

Fight Against Optical Probing Attacks: Dummy Transistors

Dummy transistors are placed beside active transistors to improve layout symmetry

Application-Specific Integrated Circuits (ASICs) are specialized computer chips designed to perform clearly defined tasks in fields like finance, healthcare, and military defense. Because ASICs handle sensitive data, securing them against attacks is essential. One increasingly common method attackers use to breach ASIC security is Optical Probing Attacks (OPA). OPA uses laser beams to extract data directly from the chip without damaging it by targeting its tiny transistors—switches controlling electrical currents—and identifying their electrical states. Addressing this threat is at the core of our collaborative research to develop practical defenses against these attacks.

A layout of an ASIC chip showing how tiny transistors are carefully arranged to perform specific tasks.


Our research, which is a collaborative work between University of Bremen researcher Sajjad Parvin and Drexel University's Assistant Professor Reza Moradinezhad and myself, Amaro Truong, attempts to strengthen ASIC security as a response with the addition of dummy transistors. Dummy transistors are non-functional transistors added to confuse or block attackers. This is done by clouding the image that the laser provides. Normally, by using a heatmap with the laser, you can see the hotspots and overlay them with the design to determine which transistors are being activated. This gives information about the chip's activity. However, with dummy transistors in place, the image becomes cloudy, making it much harder to tell which transistors are on or off.This presents a new and efficient method to resist such optical probing attacks.  

Figure: Visualization of a NAND2 standard cell layout. The left image shows a version enhanced with dummy transistors, while the right image depicts the same cell without any dummy placements. The inclusion of dummies improves optical uniformity, potentially reducing the risk of reverse engineering and optical probing attacks.


As attackers target specific transistor junctions on integrated circuits with precise optical probing attacks, they can extractsensitive data like private algorithms and cryptographic keys. Unlike invasive attacks, optical probing attacks leave very little physical footprint and are thus hard to detect and prevent.  Although placing dummy transistors seems like a promising defense, simply scattering them randomly or evenly across the chip doesn’t reliably stop focused probing attacks. Our research initially explored this random placement approach to reduce Reflectance Contrast Values (RCVs), but the results were inconsistent and ineffective in practice.

Therefore, strategic placement guided by well-thought-out and adaptive analytical techniques was needed to be used by lower RCV. An effective means of dealing with these deficiencies systematically is machine learning  (ML). ML algorithms provide an advantage by scanning transistor design patterns, forecasting weak spots, and placing dummy components intelligently, in a way that doesn’t compromise chip performance.

A multi-step technique is utilized in our research to determine which critical transistors are most vulnerable to optical probing attacks. We begin by measuring Reflectance Contrast Values (RCV), which measure the susceptibility of a transistor to optical probing; the smaller the RCV, the less susceptible the transistor is. This is measured using a tool that replicates the behavior of optical probing by simulating how light interacts with different transistor layouts, allowing us to identify which areas of the chip are most exposed to potential attacks.  We intentionally place dummy transistors to the left and right of the actual (non-dummy) transistors. This placement technique makes it significantly more difficult for attackers to locate and effectively probe real transistors because the dummy transistors create visual and signal-based interference. Under optical probing, they reflect light similarly to real transistors, masking the true targets and forcing attackers to guess. This increases the chances of error or detection.


To guide the placement of dummy transistors, we will use machine learning, specifically the Random Forest regression, known for its accuracy and ability to handle complex patterns in data. This algorithm analyzes large 2D gradient datasets that include various transistor layouts and potential dummypositions. By learning from these patterns, the model iteratively adjusts dummy transistor placements to minimize Reflectance Contrast Values (RCVs). It performs a full parameter sweep using placement distances of 1 unit for lower active transistors, 1.3 units for top active transistors, and 0 units for inactive regions. Through repeated training and validation cycles, our model identifies the most effective dummy placement strategies to reduce vulnerability to optical probing.



Figure: Region-constrained contrast visibility (RCV) analysis of a NAND2 cell layout.

This image illustrates the computed RCV value (0.003877 per nm²) within the circular region of interest, simulating optical probing sensitivity. Brighter features within the circle indicate higher contrast, revealing potential vulnerabilities where transistor details may be more easily resolved.

Our tailored strategy is particularly applicable to industries such as critical infrastructure, defense, finance, and healthcare. Dummy transistor placements offer enhanced security features that reduce the risk of advanced cyber-physical attacks, improve trust in hardware reliability, and safeguard critical information.


Now, let’s talk about some of the limitations of this technique. Despite the advantages we mentioned here, several constraints could limit large-scale adoption of this technique. Effective machine learning for semiconductor design requires access to extremely high computational resources, especially for complex schemas. This demand may prove a challenge for some organizations. Additionally, the integration of dummy transistor placements, while enhancing security, introduces design complexity that could affect manufacturing timelines and costs.


To recap, we examined the nature of optical probing attacks, the role of dummy transistors in disrupting them, and the value of machine learning in refining dummy placement strategies. This combined approach offers a promising path forward for enhancing ASIC security.

To improve dummy transistor placement strategies and significantly increase ASIC resistance to optical probing attacks, our research explores the integration of machine learning techniques, currently tested in a simulated environment. While our findings are simulation-based, they lay the groundwork for future validation in actual manufacturing contexts. A key next step is to evaluate these optimal placements through fabrication and real-world testing. We invite researchers, industry professionals, and security enthusiasts to engage with our work, offer feedback, and collaborate on advancing secure ASIC design. 

 

 - Amaro Truong


References


1. Parvin, S., Moradinezhad, R., & Truong, A. (2024). Ongoing research on dummy transistor placement for ASIC security. University of Bremen & Drexel University.


2. Skorobogatov, S. (2010). Semi-Invasive Attacks: A New Approach to Hardware Security Analysis. University of Cambridge.


3. Breiman, L. (2001). Random Forests. Machine Learning.

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.