Abstract

The silicon substrate backside of modern ICs is increasingly recognized as a critical hardware vulnerability, which opens a backdoor for laser/optical probing, fault injection and side-channel attacks. In this work, a novel multiphysics simulation framework is proposed to assess near-field electromagnetic (EM) side-channel leakage. By modeling cell-level power, chip logic functionality and layout geometry, this framework efficiently generates time-domain EM traces at any virtual probe above the surface of silicon substrate. Moreover, an ML-based automatic POI (point-of-interest) identification algorithm is proposed to predict the most vulnerable leakage location, which can be 10-100x faster than a conventional correlation-based side-channel simulation approach. The simulation accuracy is further validated by silicon measurements of an AES crypto testchip in 130nm technology, with a matching leakage location pattern quantified by the required number of EM side-channel traces to disclose the secret keys. Our simulation result uncovers several unexpected data leakage issues from the silicon substrate, which is confirmed by measurements, thus demonstrating an approach that can effectively help prioritize pre-silicon design fixes or security ECOs (Engineering Change Orders).