You are currently viewing SemiWiki as a guest which gives you limited access to the site. To view blog comments and experience other SemiWiki features you must be a registered member. Registration is fast, simple, and absolutely free so please, join our community today!

  • How to protect my wallet against hackers? NVM IP solutions…

    If you need securely storing in your SoC a data which is by nature unique, like encryption key, or a software code update, then you will probably decide to implement a Non Volatile Memory (NVM) block, delivered as an IP function, instead of using an expensive CMOS technology with embedded Flash capability. For example, Synopsys DesignWare non-volatile memory (NVM) AEON®/multiple-time programmable (MTP) EEPROM IP delivers EEPROM-level performance in standard CMOS processes. The target applications for NVM IP range from Multimedia SoC (for Digital Right Management purpose), to Analog chips calibration and trimming. The silicon-proven DesignWare NVM IP is delivered as a hard GDSII block and includes all the required control and support circuitry including the charge pump and high voltage distribution circuits. As we will see, NVM IP should be available in multiple technology nodes, and multiple process flavors.



    NVM IP are frequently used in wireless (Bluetooth, digital radio, NFC) and digital home (HDMI port processors) SoCs to store customer configuration and calibration data. In this case, the NVM IP should be available in the most advanced nodes, in order to support the technologies in use for wireless and digital home application. Such applications do not require very high endurance, a maximum of 10, 000 writes cycle is largely enough. As well, a temperature range of -40°C, +125°C is well suited for digital home type of SoC, as indicated in the table below (click to get a better view):



    For NVM to be used in High Voltage technologies, like HV CMOS or Bipolar-CMOS-DMOS, to support power management (battery fuel gauge, digital power) for performance tracking or configuration settings type of application, the requirements are different. The IP need to be qualified over a wider temperature range, -40°C, +150°C, and the design on more mature technology node allow providing a higher endurance, up to 1,000,000 write cycles in 250 nm technologies. Read and Programming voltages can be much higher as well, as you can see on the table below:




    For a third family of NVM IP is specifically dedicated to analog or mixed-signal designs, like encryption or authentication, EEPROM replacement, customization or calibration settings. The target technologies are ranging from 180 nm down to 90 nm, allowing supporting high endurance, or 100,000 write cycles minimum, and up to 1,000,000 in some case.




    You will learn much more about all of the DesignWare NVM IP and start integrating MTP capabilities into your advanced SoCs by going to the above link, and download one of these papers:






    Comparison of data storage methods in floating gate and antifuse NVM IP technologies


    As far as I am concerned, I would recommend the White Paper titled “Protect your Electronic Wallet Against Hackers”. This paper will not only teach you about the different data storage methods, like “floating gate” or “antifuse” NVM IP technologies, it will also explain what protection level these different design approaches are offering. Even more exciting, the paper will precisely describe three common reverse engineering techniques used by hackers to get access to the supposedly safely stored information – your wallet.

    The aim of the paper is to direct you to the most resistant NVM IP technology, as you can see per this extract:

    The Most Resistant NVM IP Technology to Reverse Engineering Schemes
    Both antifuse and floating gate NVM IP technologies are relatively immune to reverse engineering and both require someone with the right equipment and right level of skill to extract the contents. But there are several advantages to floating gate for MTP applications over antifuse for OTP applications that designers should consider when developing SoCs for data storage application that have higher security requirements:

    • Floating gate technology makes no physical change to the silicon structure and thus is more resistant to techniques such as top-down planar inspection
    • The contents of a floating gate technology can be disturbed or erased by plasma etch techniques during the preparation process. Antifuse technology is not affected by plasma etch and samples can be prepared easily
    • The act of attempting to reverse engineer a floating gate technology using voltage contrast will erase the data contents after one attempt. Antifuse technology allows for multiple attempts without disturbing the data contents.


    The paper show you, step by step, how hackers proceed to reverse engineer NVM IP (I don’t think we are talking about 15 years old geek…), like for example with this voltage contrast measurement technique:



    De-processing required for effective voltage contrast measurements

    Just have a look at the beginning of the paper summary here:

    The capability to protect personal information from hackers through a secure element is critical to the continued development of the NFC ecosystem. Design engineers and system architects who most effectively implement data security from the start will have a competitive advantage in the marketplace. One of the key aspects of data security in NFC is the NVM in which the data is stored. There are two main technologies in use today for NVM IP in SoC applications, antifuse for OTP and floating gate for MTP. Understanding the basic differences between the two technologies and the impact that they have on which reverse engineering techniques is critical to making the right NVM IP technology choice for the end application. After reviewing three common reverse engineering techniques, the conclusion is … (just go to Protect your Electronic Wallet Against Hackers to get the final words…)


    Eric Esteve from IPNEST