[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(fwd) Re: Clipper Chip Questions
Cypherpatriots,
Here's a fairly long posting I made to sci.crypt and comp.lsi about
reverse engineering the Clipper chip. Especially on the technical
issues about tamper-resistant modules and electron-beam probing.
-Tim
Newsgroups: sci.crypt,comp.lsi
From: [email protected] (Timothy C. May)
Subject: Re: Clipper Chip Questions
Date: Wed, 28 Apr 1993 20:26:51 GMT
(followup to comp.lsi added, as they may have something to say on
this)
allyn ([email protected]) wrote:
: My question is what is to prevent someone who has one of these chips
: (from a cellphone or computer or whatever) from taking the chip to
: a microelectronic facility with a decent scanning electron microscope and
: other equipment that is used to testing and analysis of microcircuits
: and taking the darn thing abart and reverse engineer it?
:
: There must be plenty of microelectronic facilities that are under
: relatively minimal security (such as universities) for someone to
: try to reverse engineer one of these classified chips that the government
: plans to put into the public's hands.
I ran an electron microscope/chip testing lab for Intel, circa
1981-84. (We built a kind of "time machine" for imaging the internal
states of complex chips--the 286 in those days--and displaying them on
an image processing system which "subtracted out" the states of bad
chips from known good chips and thus allowed us to analyze the
nucleation and propagation of logic faults through the chip. Very
useful for finding subtle speed and voltage problems, as well as gross
faults, of course.)
Analyzing the Clipper chip, or any "tamper-resistant module," will not
be trivial, but neither will it be impossible.
Some issues, questions, problems:
1. Getting through the package to the chip surface itself is
problematic. Proprietray molding compounds may be used to make this
tough. (For example, carborundum and sapphire particles are often
mixed in, so that mechanical grinding and lapping also destroys the
chip. And plasma ashing won't work.)
2. Sometimes the package itself has "traps" which wipe the chip (the
data) if breached (fiber optic lines mixed in the epoxy, for example).
This seems unlikely for a relatively low-cost solution like the
Clipper. Papers presented at the "Crypto Conference" have dealt with
this. (The main uses: nuclear weapons "Permissive Action Links" and
credit card "smart cards," which use less intensive measures, obviously.)
3. Once at the chip surface, via grinding, chemical etch, plasma
ashing, etc., the chip can be analyzed.
4. Carefully photographing the chip as layers are etched away (or even
carefully lapped away) can reveal much about the internal operation,
though not the data stored in internal ROM, EPROM, EEPROM, Flash
EPROM, etc. If the Clipper/Capstone algorithm is embedded in the
microcode and not apparent from the visible circuitry, then it must be
read by other means.
5. Voltage contrast electron microscopy allows internal chip voltages
to be read with good reliability. Cf. any of the the many papers on
this. Commercial e-beam probers are available. (How voltage contrast
works is itself an interesting issue, and there are many good
references on this.)
6. However, operating the chip is necessary to read the internal
states and voltage levels, and opening the chip under "hostile
conditions" (read: limited numbers of samples, no knowledge of the
molding compound, no help from the manufacturer) often destroys the
functionality. It can be done, but count on lots of trial and error.
7. Metal layers may be used to shield lower signal-carrying layers
from scrutiny by electron beam probes. Intel, for example, builds the
new Pentium on a 3-layer metal process in which the top layer almost
completely covers the lower layers. (Extremely sophisticated
measurements using lasers (Kerr effect) and magnetic field sensing may
be possible. Count on a very expensive set-up to do this.)
8. Other "tricks" may route parts of the key circuitry through buried
layers, polysilicon lines, several layers of metal, etc.
9. VLSI Technology, Inc., the company with the "tamper-resistant
technology" used by Mykotronx (VTI will fab the chips), may also be
storing bits in very small EEPROM cells, which are very hard to e-beam
probe (especially without disrupting them!). Note also that Intel
bought a partial stake in VLSI. (I'm not imputing anything and don't
know if Intel is somehow involved in the Clipper/Capstone effort. In
fact, I left Intel in 1986.)
10. The easiest way to get the Clipper/Skipjack/Capstone details is
probably the old-fashioned way: offer money for it. With anonymous
remailers and digital cash, this may be much easier.
Just some thoughts on this extremely interesting issue of
reverse-engineering the Clipper.
-Tim May
--
..........................................................................
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: PGP and MailSafe available.