[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [NOISE] Cable-TV-Piracy-Punks



[email protected] (Timothy C. May) writes:

 > The surface layers above the active portion of a chip can
 > be stripped away and chip remains functional. This includes
 > the outer packaging layers (epoxy, or of course, ceramic
 > with metal lids) and parts of the so-called "scratch
 > protection," usually a type of silicate glass.

 > The active capacitors are not affected by removal of these
 > layers.

True, but removing packaging materials and protective layers is a
long way from imaging the charges tunneled to and from the
floating gates of EEPROM cells, which is the particular
application we are discussing.

Also bear in mind that in a real device, the tamper-resistant
packaging will be considerably more intractable than conventional
semiconductor packaging, and these devices are often designed to
automatically erase all data if signs of tampering are detected.

 > Actually, we did it all the time in my lab at Intel, and I
 > understand from my former co-workers that the technology has
 > only gotten better. (This does not mean voltage contrast is
 > easy. For one thing, modern chips have 3-5 metal layers, due
 > to spectacular advances in chem-mechanical polishing, and
 > each metal layer acts as a ground plane shielding the lower
 > layers from visibility and inspection with electron beams.

Yes.  This is truely impressive technology which continues to
improve with leaps and bounds.  SEM/TEM/STEM voltage-contrast
techniques are a major tool for failure analysis of semiconductor
devices, and AFM instruments can do voltage measurements on
running devices down to nanometer and picosecond resolutions.

 > And EPROM and EEPROM cells are effectively impossible to
 > analyze, for various reasons.)

Correct.  Which is one of the reasons why they are currently the
favored mode of storage for smart card applications.

 > This does not mean I think reverse-engineering of smart
 > cards or satellite boxes is easy.

While I don't necessarily disagree with Perry that sufficiently
advanced technology can reverse-engineer almost anything (the
kind of advanced technology that is indistinguishable from
magick), I think there are practical engineering difficulties in
doing such things today which are either insurmountable or at the
very least a strong indication that there are better ways to
approach the problem.

 > SQUIDs won't do it, either.

At the risk of offending Mr. Squid, I must say that SQUIDs were a
big disappointment given the initial hype and expended research
funds.

BTW, I attempted to read all your writings on "Tamper-Resistant
Modules" in the list archives, but as fate would have it, hks.net
has taken the archives offline for a few days to do some sort of
upgrade.

I did get this very nice Cyber Wallet thing off their Web Page,
however, which uses "DES and Full 768 Bit RSA." Although I must
admit I'm not exactly sure what "full" means in this particular
context. :)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     [email protected]     $    via Finger.                      $