EETimes 25 Oct 04 has an article about how the testing structures on ICs makes them vulnerable to attacks. The basic idea is that to test a chip, you need to see inside it; this can also reveal crypto details (e.g., keys) which compromise the chip. This has been known to us with an interest in both crypto and IC design for some time, but its nice to see it exposed in the public lit. There are methods that avoid this, such as BIST, but they are less popular. ================================================= 36 Laurelwood Dr Irvine CA 92620-1299 VOX: (714) 544-9727 (home) mnemonic: P1G JIG WRAP ICBM: -117.7621, 33.7275 PGP PUBLIC KEY: by arrangement Send plain ASCII text not HTML lest ye be misquoted. Really. ------ "Don't 'sir' me, young man, you have no idea who you're dealing with" Tommy Lee Jones, MIB --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
David Honig <dahonig@cox.net> writes:
EETimes 25 Oct 04 has an article about how the testing structures on ICs makes them vulnerable to attacks.
A link (http://www.eetimes.com/showArticle.jhtml?articleID=51200146) would have been useful...
The basic idea is that to test a chip, you need to see inside it; this can also reveal crypto details (e.g., keys) which compromise the chip.
The JTAG interface is your (that is, the reverse engineer's) friend. This is why some security devices let you disconnect it using a security-fuse type mechanism before you ship your product. Of course that only works if (a) the device allows it, (b) you remember to activate it, and (c) your attacker isn't sufficiently motivated/funded to use something like microprobing or a FIB workstation to bypass the disconnect. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
At 09:30 PM 2/11/2004, Peter Gutmann wrote:
The JTAG interface is your (that is, the reverse engineer's) friend. This is why some security devices let you disconnect it using a security-fuse type mechanism before you ship your product. Of course that only works if (a) the device allows it, (b) you remember to activate it, and (c) your attacker isn't sufficiently motivated/funded to use something like microprobing or a FIB workstation to bypass the disconnect.
I've heard comments about using laser scribes (ie. the types which used to be used to program fuse links on nonce-style "serial number" registers) being used to totally disconnect and/or destroy BIST circuitry from the rest of the chip in "sensitive" devices. Of course, this wouldn't prevent a microprobing attack, but it certainly makes sure the security fuse hasn't been forgotten. Ian. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
participants (3)
-
David Honig -
Ian Farquhar -
pgut001@cs.auckland.ac.nz