Extraction of Secrets from 40nm CMOS Gate Dielectric Breakdown Antifuses by FIB Passive Voltage Contrast
Andrew D. Zonenberg, Antony Moor, Daniel Slone, Lain Agan, Mario Cop
TL;DR
The paper challenges the prevailing belief that CMOS antifuse memories are highly secure by demonstrating a practical attack using focused ion beam passive voltage contrast to read antifuse states in a 40 nm RP2350 device. By extracting the bitwise OR of adjacent bitcells and reconstructing an address map, the authors show that significant secrets, including firmware keys, can be recovered in realistic lab timelines. The work provides detailed methodologies for sample prep, PVC imaging, data analysis, and address-map reversal, and discusses broader implications for antifuse security and mitigations such as cryptographic protections and per-device keys. This study highlights that antifuse-based security is not inherently robust and motivates risk assessments and defense strategies across semiconductor IP and devices employing gate-dielectric breakdown antifuses.
Abstract
CMOS one-time-programmable (OTP) memories based on antifuses are widely used for storing small amounts of data (such as serial numbers, keys, and factory trimming) in integrated circuits due to their low cost, requiring no additional mask steps to fabricate. Device manufacturers and IP vendors have claimed for years that antifuses are a ``high security" memory which is significantly more difficult for an attacker to extract data from than other types of memory, such as Flash or mask ROM - however, as our results show, this is untrue. In this paper, we demonstrate that data bits stored in a widely used antifuse block can be extracted by a semiconductor failure analysis technique known as passive voltage contrast (PVC) using a focused ion beam (FIB). The simple form of the attack demonstrated here recovers the bitwise OR of two physically adjacent memory rows sharing common metal 1 contacts, however we have identified several potential mechanisms by which it may be possible to read the even and odd rows separately. We demonstrate the attack on a commodity microcontroller made on the 40nm node and show how it can be used to extract significant quantities of sensitive data, such as keys for firmware encryption, in time scales which are very practical for real world exploitation (1 day of sample prep plus a few hours of FIB time) with only a single target device required after initial reconnaissance has been completed on blank devices.
