[[physical_protection]]
 
Trace:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
physical_protection [2012/06/19 04:14] – [Chemical protection] azonenbergphysical_protection [2014/01/15 14:23] (current) – [LOPPER] azonenberg
Line 17: Line 17:
  
 ====== Die ID ======  ====== Die ID ====== 
-National claims they have some sort of anti-reverse engineering protection with their die ID scheme. Who knows if it does anything useful. 
  
-====== Technician deterrents ====== +National, Xilinx, and many other vendors have unique per-chip serial numbers stored in some sort of OTP memory on the chip. The user's firmware presumably uses this in a licensing scheme. Might make for a halfway decent anti-cloning system (until the check is found and nopped out) but is useless for preventing RE. 
 + 
 +====== Physical self-destructs ====== 
  
 ===== Chemical protection ===== ===== Chemical protection =====
Line 27: Line 28:
  
 In our assessment, while it may look interesting at a first glance this is very unlikely to be used in practice simply because alkali metals diffuse very fast and destroy CMOS devices. The problems involved in keeping them separate are likely to be great enough that an alternative self-destruct method would be used. In our assessment, while it may look interesting at a first glance this is very unlikely to be used in practice simply because alkali metals diffuse very fast and destroy CMOS devices. The problems involved in keeping them separate are likely to be great enough that an alternative self-destruct method would be used.
 +
 +===== Connoisseur Coating =====
 +
 +Developed by LLNL as part of the "Connoisseur project". Very little public information.
 +
 +It's not clear what this material is. Various public sources give conflicting definitions:
 +  * A [[http://www.nytimes.com/1989/11/08/business/business-technology-a-new-coating-thwarts-chip-pirates.html|1989 New York Times article]] describes it as "a resin about the consistency of peanut butter" ... "is opaque and resists solvents, heat, grinding and other techniques that have been developed for reverse engineering" ... "A second-generation coating is being developed that will automatically destroy the chip when an attempt is made chemically to break through the protective layer."
 +  * [[http://web.mit.edu/6.857/OldStuff/Fall95/lectures/lecture2.ps|1995 MIT lecture slides]] reference another method which may be the referenced second-generation coating: "a layer of alumina, silicon bits, and even sodium coating" ... "usually expensive"
 ===== Explosive ===== ===== Explosive =====
 +
 +==== LOPPER ====
 +
 +LOPPER was an experimental program to plant "tiny, non-violent, shaped charges in critical junctures in our circuits that could be triggered by the application of external voltage."  Originally intended for VINSON, but the added cost, questioned need, program delays caused it to stop after working prototypes [A history of US COMSEC, page 148].  So, unlikely the rumored nuclear systems this is not designed to harm a technician but rather to physically destroy information as needed.
 +
 +They conclude by saying they are currently in pursuit of "burying a resistor in the chip substrates which will incinerate micro-circuitry with the application of external voltage" [A history of US COMSEC, page 149].
 +
 +[[http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html?hp&_r=2|A recent NYT article]] cites a large rock in Iran exploding and throwing fragments of destroyed PCBs around. LOPPER, or a successor, is apparently alive and well as of 2012.
 +==== Guesses ====
  
 NanoFoil maybe? NanoFoil maybe?
Line 43: Line 61:
   - Slow SF6 + O2 plasma etch to remove remainder of packaging compound. (A typical RIE process for SiO2 given in "Etch Rates for Micromachining Processes, pt 2" uses 25sccm of SF6. Adding 10sccm of O2 increases the etch rate against SiO2 as well as making it attack organics like photoresist. Since typical chip encapsulation is ~80% by wt of SiO2 microspheres in an organic epoxy matrix, this is a desirable side effect.)   - Slow SF6 + O2 plasma etch to remove remainder of packaging compound. (A typical RIE process for SiO2 given in "Etch Rates for Micromachining Processes, pt 2" uses 25sccm of SF6. Adding 10sccm of O2 increases the etch rate against SiO2 as well as making it attack organics like photoresist. Since typical chip encapsulation is ~80% by wt of SiO2 microspheres in an organic epoxy matrix, this is a desirable side effect.)
   - Ni seems to lack any good RIE chemistries. The best option for removing the actual metal layers is likely a very dilute (1% or less) HCl solution, which will attack both Ni and Al while keeping the etch slow and cool. Toward the end it will be critical to avoid attacking aluminum/copper bond pads if the chip must be kept operational; the solution may need to be diluted even further at this point.   - Ni seems to lack any good RIE chemistries. The best option for removing the actual metal layers is likely a very dilute (1% or less) HCl solution, which will attack both Ni and Al while keeping the etch slow and cool. Toward the end it will be critical to avoid attacking aluminum/copper bond pads if the chip must be kept operational; the solution may need to be diluted even further at this point.
 +
 +
 +
 ====== Patents ======  ====== Patents ====== 
 US5468990: Structures for Preventing Reverse Engineering of Integrated Circuits US5468990: Structures for Preventing Reverse Engineering of Integrated Circuits
Line 50: Line 71:
   - Hacking the PIC 18F1320: http://www.bunniestudios.com/blog/?page_id ======40   - Hacking the PIC 18F1320: http://www.bunniestudios.com/blog/?page_id ======40
   - http://www.trustedfoundry.com/   - http://www.trustedfoundry.com/
 +  - A history of US COMSEC: http://www.governmentattic.org/2docs/Hist_US_COMSEC_Boak_NSA_1973.pdf
  
  
 
physical_protection.1340079248.txt.gz · Last modified: 2013/10/20 14:59 (external edit)
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki