THIS ARTICLE IS BASED ON THE RESEARCH MADE FROM 2000 TO 2003

NOW IT IS PUBLISHED IN THE FORM OF PHD THESIS WHICH I SUBMITTED ON 22 SEPTEMBER 2004:

Semi-Invasive Attacks - A New Approach to Hardware Security Analysis



FOR UP-TO-DATE INFORMATION ABOUT MY ONGOING RESEARCH SEE:

Latest news on my Hardware Security Research




Using Semi-Invasive Attacks for Reverse Engineering and Semiconductor Testing Purposes

Sergei Skorobogatov
sps32 (at) cl.cam.ac.uk

Semiconductor chips are used today not only to control systems, but also to protect them against security threats. A continuous battle is waged between manufacturers who invent new security solutions, learning their lessons from previous mistakes, and the hacker community, constantly trying to break implemented protections. Some chip manufacturers do not pay enough attention to the proper design and testing of protection mechanisms. Even where they claim their products are highly secure, they do not guarantee this and do not take any responsibility if a device is compromised. In this situation, it is crucial for the design engineer to have a convenient and reliable method of testing secure chips.

This article presents a wide range of attacks on hardware security in microcontrollers and smartcards. This includes already known non-invasive attacks, such as power analysis and glitching, and invasive attacks, such as reverse engineering and microprobing. A new class of attacks 'semi-invasive attacks' is introduced. Like invasive attacks, they require depackaging the chip to get access to its surface. But the passivation layer remains intact, as these methods do not require electrical contact to internal lines. Semi-invasive attacks stand between non-invasive and invasive attacks. They represent a greater threat to hardware security, as they are almost as effective as invasive attacks but can be low-cost like non-invasive attacks.

This article's contribution includes practical fault-injection attacks to modify SRAM and EEPROM content, or change the state of any individual CMOS transistor on a chip. This leads to almost unlimited capabilities to control chip operation and circumvent protection mechanisms. A second contribution consist of experiments on data remanence, which show that it is feasible to extract information from powered-off SRAM and erased EPROM, EEPROM and Flash memory devices.

A brief introduction to copy protection in microcontrollers is given. Hardware security evaluation techniques using semi-invasive methods are introduced. They should help developers to make a proper selection of components according to the required level of security. Various defence technologies are discussed, from low-cost obscurity methods to new approaches in silicon design.

Sergei Skorobogatov <Sergei.Skorobogatov (at) cl.cam.ac.uk> <Sergei.Skorobogatov (at) hushmail.com>
created 16-05-2005 -- last modified 24-11-2011 -- http://www.cl.cam.ac.uk/~sps32/