Higher end chips such as found in military devices and even commercial crypto devices can contain anti-tamper devices to protect designs and keys even if someone has gone this far. This page is for protections that physically render the chip inoperable, not obscurification techniques. Most common is to put a wire mesh over the chip. The idea being that if someone were to open up the IC, the mesh would get disturbed and turns the chip off. However, it is usually somewhat trivial to defeat this simply by connecting the entry and exit point of the mesh and bypassing the entire mesh network.

Live analysis wiring protection

A number of chips contain a key. If the key can be sniffed from the live running chip, the cards are compromised. A common way to prevent live analysis is to put a wire interlock mesh over the top of the top metal layer to ensure any breakages in the mesh causes the chip to be non-functional. However, these can usually be re-connected using probes. Example wire mesh:

Another technique, as used in the IBM 4758 crypto accelerator (http://www.cl.cam.ac.uk/%7Ernc1/descrack/ibm4758.html) is to pot the entire system inside a rubberized material which has had conductive paths doped through it. Any attempt at removing the material will disturb the wires and cause the card to zeroize itself. (This technique is especially powerful with units like the 4758 which are expected to be under power 24/7, with battery backup as needed: keys may be stored in RAM so the wires cannot be cut even with power removed.)

Static analysis wiring protection

Obscurification techniques to make analyzing die images difficult. Most common is to make wires into a maze such that a human would get confused tracing them. However, computer aided techniques are largely immune to this.

UV metal shielding

Depending on technologies, circuits react differently to UV light. Metal shielding may be placed over circuitry to try to reduce the effectiveness of resetting/setting security fuses by UV light.

Die ID

National, Xilinx, and many other vendors have unique per-chip serial numbers stored in some sort of OTP memory on the chip. The user's firmware presumably uses this in a licensing scheme. Might make for a halfway decent anti-cloning system (until the check is found and nopped out) but is useless for preventing RE.

Physical self-destructs

Chemical protection

Very rare. I've been told that some high end military chips may have a thin layer of alkali metal put into them. The idea being if exposed to most techniques, it will react violently and destroy the chip. With proper chemical treatment and machining, such high end chip protections can usually be avoided. It may be best to destroy one chip to analyze protections and then attacking the actual chip to be imaged/tested.

We've read that some mil chips can have alkali metals to react with the strong acids typically used during decapsulation. This can be dangerous to the tech as well as destroy the specimen with the strong heat.

In our assessment, while it may look interesting at a first glance this is very unlikely to be used in practice simply because alkali metals diffuse very fast and destroy CMOS devices. The problems involved in keeping them separate are likely to be great enough that an alternative self-destruct method would be used.

Connoisseur Coating

Developed by LLNL as part of the “Connoisseur project”. Very little public information.

It's not clear what this material is. Various public sources give conflicting definitions:

  • A 1989 New York Times article describes it as “a resin about the consistency of peanut butter” … “is opaque and resists solvents, heat, grinding and other techniques that have been developed for reverse engineering” … “A second-generation coating is being developed that will automatically destroy the chip when an attempt is made chemically to break through the protective layer.”
  • 1995 MIT lecture slides reference another method which may be the referenced second-generation coating: “a layer of alumina, silicon bits, and even sodium coating” … “usually expensive”

Explosive

LOPPER

LOPPER was an experimental program to plant “tiny, non-violent, shaped charges in critical junctures in our circuits that could be triggered by the application of external voltage.” Originally intended for VINSON, but the added cost, questioned need, program delays caused it to stop after working prototypes [A history of US COMSEC, page 148]. So, unlikely the rumored nuclear systems this is not designed to harm a technician but rather to physically destroy information as needed.

They conclude by saying they are currently in pursuit of “burying a resistor in the chip substrates which will incinerate micro-circuitry with the application of external voltage” [A history of US COMSEC, page 149].

A recent NYT article cites a large rock in Iran exploding and throwing fragments of destroyed PCBs around. LOPPER, or a successor, is apparently alive and well as of 2012.

Guesses

NanoFoil maybe?

Would react explosively with all wet decap chemistries we're aware of. MSDS and safety documentation suggests it's sensitive to physical shock and heat as well (though perhaps not quite as much as, say, flash powder).

Much safer to the chip (until detonated) than alkali metals since it's based on heavy metals (Ni and Al) which don't diffuse nearly as easily. Could be treated much like a conventional metalization layer from the fab's perspective.

Without reading too much on the chemistry, it looks like it'd be triggered by heating regardless of the presence of oxygen. This means that even plasma-based etches would have to be done very carefully and slowly to prevent heating the sample to the point of detonation.

The best way of defeating such protection would most likely be something along these lines: (In all steps emphasis would be on slow, deliberate etches with a minimum of heat released or required.)

  1. Mill package to just above bond wires
  2. Slow SF6 + O2 plasma etch to remove remainder of packaging compound. (A typical RIE process for SiO2 given in “Etch Rates for Micromachining Processes, pt 2” uses 25sccm of SF6. Adding 10sccm of O2 increases the etch rate against SiO2 as well as making it attack organics like photoresist. Since typical chip encapsulation is ~80% by wt of SiO2 microspheres in an organic epoxy matrix, this is a desirable side effect.)
  3. Ni seems to lack any good RIE chemistries. The best option for removing the actual metal layers is likely a very dilute (1% or less) HCl solution, which will attack both Ni and Al while keeping the etch slow and cool. Toward the end it will be critical to avoid attacking aluminum/copper bond pads if the chip must be kept operational; the solution may need to be diluted even further at this point.

Patents

 
physical_protection.txt · Last modified: 2014/01/15 18:23 by azonenberg
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki