A Journey into Silicon Security presented by Texplained

Over the past decade (hardware) piracy has significantly evolved. In the past, attackers could perform analysis with simple methods for injecting transient faults, such as electrical glitching. More recently, such forms of analysis have been obsoleted by advanced analysis techniques that utilize capital-intensive failure analysis equipment and require extensive technical skills. One such technique, laser glitching, has recently been included into Common Criteria evaluations. The transient faults produced by laser glitching are similar in nature to electrical glitching. However, the spatial resolution provided by the positionable laser stage means such attacks offer far more precision and are far more potent than, for example, electrical glitching. Even if this technique is quite effective on some particular kind of devices, more efficient attacks are used by pirates that are willing to create emulators and clones so as to reach mass markets in the form of counterfeited products. IC vendors are well aware of such attacks and have implemented several layers of obfuscation to thwart straight-forward analysis. Modern ICs transfer exclusively encrypted or obfuscated data over on-die memory buses. With the help of sample reparation and imaging, sufficient information about the core logic implementation can be obtained. This includes identifying areas of the IC where data is processed in the clear. Such areas can then be abused to recover the entire memory content. This presentation will cover the evolution of silicon attacks from glitching to software assisted Reverse-Engineering based on real-world examples and will cover the process from sample preparation to the actual attack.

PDF of the presentation here : Evolution of the technical attacks on integrated circuits SD

Print Friendly