Author Topic: Methodology for silicon die protection  (Read 1452 times)

Destroyer

  • Administrator
  • Jr. Member
  • *****
  • Posts: 60
  • Karma: +2/-0
    • Hardcore forensics
Methodology for silicon die protection
« on: June 28, 2011, 11:48:53 PM »
Companies spend significant amounts of money on developing firmware for embedded  CPU's or silicon designs, other companies spend money on ripping off the firmware and designs out of these chips.
This has been the situation for the last few decades, however now a new threat has risen.

What if you could supply hardware to the  government of a country, but  have control of that hardware from a spying point of view?

There are two main issues:

1. Protecting hardware.
2. Removing protection, embedding hidden back doors.

The irony of the situation is that many silicon suppliers build in systems to protect both the integral designs & firmware, which in turn actually defeats their own efforts to discover if one of their chips/designs has been ripped off.
This same protection also allows  backdoors/Trojans to be hidden within a chip.


There is an excellent source of information within our download section, it's a substantial bit of research and most of todays attempts  at chip hacking are derivatives from this paper, though some authors fail to correctly cite this reference and earlier work.
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf Sergei P. Skorobogatov(2005) >10mb

Sergei  has some earlier works than this, but this document is basically updated and a combination of his earlier work, which is still well worth reading since it gives good background into his various efforts.

However there are a number of serious safety concerns with various techniques, (Acid etching/ laser pointers), so it is essential that any readers/experimenters are fully aware of the various hazards associated with these tools BEFORE they attempt any of the work listed in the paper.





« Last Edit: June 29, 2011, 12:36:17 AM by Destroyer »