Differences

This shows you the differences between two versions of the page.

--- physical_protection [2012/11/22 19:16] – mcmaster
+++ physical_protection [2014/01/15 14:23] (current) – [LOPPER] azonenberg
@@ Line 17: / Line 17: @@
 ====== Die ID ======
-National claims they have some sort of anti-reverse engineering protection with their die ID scheme. Who knows if it does anything useful.
-====== Technician deterrents ======
+National, Xilinx, and many other vendors have unique per-chip serial numbers stored in some sort of OTP memory on the chip. The user's firmware presumably uses this in a licensing scheme. Might make for a halfway decent anti-cloning system (until the check is found and nopped out) but is useless for preventing RE.
+====== Physical self-destructs ======
 ===== Chemical protection =====
@@ Line 28: / Line 29: @@
 In our assessment, while it may look interesting at a first glance this is very unlikely to be used in practice simply because alkali metals diffuse very fast and destroy CMOS devices. The problems involved in keeping them separate are likely to be great enough that an alternative self-destruct method would be used.
+===== Connoisseur Coating =====
+Developed by LLNL as part of the "Connoisseur project". Very little public information.
+It's not clear what this material is. Various public sources give conflicting definitions:
+  * A [[http://www.nytimes.com/1989/11/08/business/business-technology-a-new-coating-thwarts-chip-pirates.html|1989 New York Times article]] describes it as "a resin about the consistency of peanut butter" ... "is opaque and resists solvents, heat, grinding and other techniques that have been developed for reverse engineering" ... "A second-generation coating is being developed that will automatically destroy the chip when an attempt is made chemically to break through the protective layer."
+  * [[http://web.mit.edu/6.857/OldStuff/Fall95/lectures/lecture2.ps|1995 MIT lecture slides]] reference another method which may be the referenced second-generation coating: "a layer of alumina, silicon bits, and even sodium coating" ... "usually expensive"
 ===== Explosive =====
 ==== LOPPER ====
-LOPPER was an experimental program to plant "tiny, non-violent, shaped charges in critical junctures in our circuits that could be triggered by the application of external voltage."  Originally intended for VINSON, but the added cost, questioned need, program delays caused it to stop after working prototypes. [A history of US COMSEC, page 148]
+LOPPER was an experimental program to plant "tiny, non-violent, shaped charges in critical junctures in our circuits that could be triggered by the application of external voltage."  Originally intended for VINSON, but the added cost, questioned need, program delays caused it to stop after working prototypes [A history of US COMSEC, page 148].  So, unlikely the rumored nuclear systems this is not designed to harm a technician but rather to physically destroy information as needed.
+They conclude by saying they are currently in pursuit of "burying a resistor in the chip substrates which will incinerate micro-circuitry with the application of external voltage" [A history of US COMSEC, page 149].
+[[http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html?hp&_r=2|A recent NYT article]] cites a large rock in Iran exploding and throwing fragments of destroyed PCBs around. LOPPER, or a successor, is apparently alive and well as of 2012.
 ==== Guesses ====