Séminaire sécurité des systèmes électroniques embarqués

Accueil     Présentation     Archives

Olivier Thomas

Hardware Security Evolution

Over the past decade (hardware) piracy has evolved significantly. In the past, attackers could perform analysis with simple methods for injecting transient faults, such as electrical glitching. More recently, such forms of analysis have been obsoleted by advanced invasive analysis techniques that utilize capital-intensive failure analysis equipment and require extensive technical skills. One such technique, laser glitching, has recently been included into Common Criteria evaluations. The transient faults produced by laser glitching are similar in nature to electrical glitching. However, the spatial resolution provided by the positionable laser stage means such attacks offer far more precision and are far more potent than, for example, electrical glitching.

The most viable option for analysis of modern ICs is to recover the secret contents of a secure device by directly probing on-die memory buses. Techniques, such as linear code extraction, are also widely used by pirates. IC vendors are well aware of such attacks and have implemented several layers of attack obfuscation to thwart straight-forward analysis. Modern ICs transfer exclusively encrypted or obfuscated data over on-die memory buses.

With the help of sample preparation and imaging, sufficient information about the core logic implementation can be obtained. This includes identifying areas of the IC where data is processed in the clear. For all these reasons, an automated tool that assists in much of the analysis can be very useful if device characteristics are not otherwise available.

This presentation will cover the evolution of invasive hardware analysis. Techniques such as laser glitching and linear code extraction will be presented along with several real-world examples. This research highlights how reverse engineering the logic implementation is a natural progression for anyone working in the field of IC analysis.