In embedded applications, it is often necessary to store a secret key in non-volatile memory (such as flash memory on an integrated circuit) in products that are widely distributed.
In certain applications, the same key needs to be stored in multiple integrated circuits, many of which are available to a potential attacker. For example, the integrated circuit can form part of a consumable such as an ink cartridge, which are widely distributed as replacements for empty cartridges.
One way in which an attacker can probe an integrated circuit (or chip) for a key or other secret information is to use a focussed ion beam FIB write attack. In this attack, encapsulant is carefully removed from the circuitry and a FIB used to change one or more bits in flash memory from an unknown state into a known state. Based on the effect the change has on the behaviour of the chip, an attacker may be able to deduce certain information about the state of the attacked bit or bits. For example, if the chip no longer works, it may be determined that the state of the bit or bits was changed by the FIB.
If the chip is disabled by the attack, the attacker merely obtains another chip that has an identical secret key, and attempts a similar attack on a different bit or combination of bits. By repeating the attack on different bits over a number of the chips, the attacker can either directly determine the key, or can build up a statistical model that vastly reduces the number of attempts needed to crack the security offered by the key on the chip. Of course, once the key is compromised in this way, it is compromised for all other chips having this key.