http_www.insecure.org_stf_tamperproof_smartcards - Page 1...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
From [email protected] Sat Nov 15 03:29:23 1997 Date: Mon, 08 Sep 1997 16:28:05 -0500 From: Travis Hassloch <[email protected]> To: [email protected] Subject: BoS: Tamperproofing of Chip Cards Resent-Date: Thu, 11 Sep 1997 02:12:19 +1000 (EST) Resent-From: [email protected] I found this in our database. I've never seen it before. I found it pretty interesting, despite being somewhat old. Truncation in original. * * * * * TAMPERPROOFING OF CHIP CARDS Ross J. Anderson Cambridge University Computer Laboratory Pembroke Street, Cambridge CB2 3QG Email: [email protected] Abstract There are two ways of attacking smartcards - destructive reverse engineering of the silicon circuit (including the contents of ROM), and discovering the memory contents by other means; a well equipped laboratory can do both. Persistent amateurs have often managed the latter, and may shortly be able to do the former as well. 1 Reverse engineering the chip A recent article[1] gives a good introduction to how reverse engineering can be carried out in a moderately well equipped academic microelectronics laboratory (there are three such in the UK, and perhaps two hundred academic or industrial facilities worldwide which can carry out such work). We will start off by summarising it and giving some background. 1.1 How attacks are done The authors of the article cited above worked at the Cambridge University microelectronics lab, which is part of the department of physics. They got interested in reverse engineering chips five years ago to help an industrial client locate manufacturing defects. They built an apparatus which consists of a slightly modified electron beam lithography machine (this functions in effect as an electron microscope) and a PC with an image processing system (a DCT chip and locally written software). They then developed techniques for etching away a layer at a time without doing too much damage. Conventional wet etching causes too much havoc with half micron chips, so dry etching is used in which gases such as CF4 or HF strip off layers of silica and aluminium in turn. One of their innovations is a technique to show up N and P doped Page 1 of 9 8/7/2010
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
layers in electron micrographs. This uses the Schottky effect: a thin film of a metal such as gold or palladium is deposited on the chip creating a diode effect which can be seen with the electron beam. Finally, image processing software has been developed to spot the common chip features and reduce the initially fuzzy image of the metal tracks into a clean polygon representation. There are also routines to get images of successive layers, and of adjacent parts of the chip, in register. The system has been tested by reverse engineering the Intel 80386
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/02/2011 for the course SECURITY 2354 taught by Professor Morganjones during the Spring '11 term at Ucla Venezuela.

Page1 / 9

http_www.insecure.org_stf_tamperproof_smartcards - Page 1...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online