16.6 PACTOR: A Variation-Tolerant Probing-Attack Detector for a 2.5Gb/s×4-Channel Chip-to-Chip Interface in 28nm CMOS

A probing attack on PCB signal traces poses a substantial threat, as it provides an avenue for eavesdropping on transmitted data between chips. This technique can even be exploited for a complete takeover of the victim system [1], wherein control over the entire DRAM of a server is achieved through a probing attack on the PCB traces linking the host and memory. While AES and DES can be employed to encrypt the data [2], [3], they incur added power consumption and latency [4], and always enabling data encryption could be inefficient considering the relatively low frequency of probing attacks during a system’s lifespan. It is imperative to selectively activate protective measures such as AES only when an attack is in progress. Consequently, detecting probing events on PCB traces is a pivotal concern. Despite its significance, the exploration of probing-attack detection remains relatively limited. A run-time probing-attack detector based on a time-to-digital converter (TDC) is proposed in [5]. However, the minimum detectable capacitance is only 2pF, which does not cover state-of-the-art sub-pF probes and only works in a narrow temperature range. Similarly, [6] has devised an FPGA-based detector, yet it relies on metastability and could be easily unstable across process, voltage, and temperature (PVT) variations.