David Honig <dahonig@cox.net> writes:
EETimes 25 Oct 04 has an article about how the testing structures on ICs makes them vulnerable to attacks.
A link (http://www.eetimes.com/showArticle.jhtml?articleID=51200146) would have been useful...
The basic idea is that to test a chip, you need to see inside it; this can also reveal crypto details (e.g., keys) which compromise the chip.
The JTAG interface is your (that is, the reverse engineer's) friend. This is why some security devices let you disconnect it using a security-fuse type mechanism before you ship your product. Of course that only works if (a) the device allows it, (b) you remember to activate it, and (c) your attacker isn't sufficiently motivated/funded to use something like microprobing or a FIB workstation to bypass the disconnect. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com