I'm looking for good references on micro code security. My reading leads me to various conclusions, including: 1. Mask-ROM parts are easiest to read-out intrusively, EPROM and flash are intermediate-difficulty (with EPROM being perhaps slightly easier) and RAM-based technologies are the hardest. 2. Any microcontroller that isn't specifically designed to resist invasive read-out techniques is going to have little or no resistance to such attacks. Unfortunately I can find little _formal_ research. I've found what amounts to several hobbyist/student papers on the topic, and lots that I found instructive and interesting, but nothing that I could really cite when choosing parts. I know that several vendors have come out with, or are planning to introduce, gas-gauge ICs for smart batteries that incorporate security technology so (say) cellphone manufacturers can lock-out fake batteries. Have there been any studies done on hacking these sorts of schemes yet, both from the POV of studying the data transfers and from messing with the chips themselves? (I'm not really interested in the raw mechanics of hacking any particular chip or scheme - I'm more interested in knowing who has the strongest scheme). I'm also interested to know some real numbers on what it costs to reverse-engineer secured micros used in applications like the one I just described. For example, what would be the approximate cost of decapsulating and reading out a 4K mask-ROM microcontroller, assuming the chip mfr didn't use any cunning or protective measures on the die, and that the attacker had access to a different micro of the same model, with known contents, that he could use to establish a bit-to-metal mapping for the die? Any pointers would be most appreciated.
Formal references on micro security
Started by ●September 23, 2004
Reply by ●September 24, 20042004-09-24
"Lewin A.R.W. Edwards" wrote:> I'm looking for good references on micro code > security.A rough pointer... Ross Anderson's book Security Engineering. http://www.amazon.com/exec/obidos/ASIN/0471389226/860710993-20 A section of the book covers secure chips and various ways they can be read out / hacked (probes, scans, voltage manipulation, etc.). There's also a very interesting analysis of an IBM crypto processor card that has several layers of defenses. I recall it has a fair number of links to external reference material. If nothing else, this may get you directed into the right community for more specific research. Cheers, Richard
Reply by ●September 27, 20042004-09-27
Lewin A.R.W. Edwards wrote:> I'm looking for good references on micro code security.You can find plenty of info and references on this site: http://www.cl.cam.ac.uk/Research/Security/tamper/ TonyF