Click on "Uncle Wheat" above and select "Top/Star Public Account"
Welfare dry goods, delivered as soon as possible
Since the birth of MCU in the 1970s, the chip cracking technology and the solution to prevent the chip from being cracked have been constantly performing "the road is one foot high, the devil is one foot high", and a mountain is even higher than a mountain.
This article will share the development process of single chip microcomputer in security protection with you, and at the end of the article, summarize the advantages and disadvantages of the smart card chip with the highest security level at this stage.
01
Single Board Computer Era
In the early 1970s, an embedded system was a control board consisting of separate components such as CPU, ROM, RAM, I/O cache, serial port, and other communication and control interfaces.
During this period, except for the law, there were almost no protection measures to prevent intruders from copying the data in the ROM area of the single-board computer.
02
The era of single chip microcomputer
With the development of large-scale integrated circuit technology, the central processing unit (CPU), data memory (RAM), program memory (ROM) and other I/O communication ports are integrated on a single-chip microcomputer chip, and the microcontroller MCU replaces the Single board machine. As shown in the figure:
During this period, the internal memory EEPROM and MCU were packaged separately in the same package. Intruders can use microprobes to obtain data.
03
Security Fuse
With the increase of intruders, the MCU added a security fuse (Security Fuse) to prohibit access to data for its own safety. As shown in the figure:
Advantages: It is easy to do, does not require a complete redesign of the MCU architecture, and only uses fuses to control data access.
Disadvantages: The fuse is easy to be located and attacked.
For example, the state of a fuse can be modified by connecting the bit output directly to power or ground. Some induction circuits that simply use a laser or focused ion beam to cut the fuse will do. Using non-intrusive attacks is equally successful, because a separate fuse layout is different from normal memory arrays. Combining external signals can be used to make bits in states that cannot be read correctly, so that information stored on the internal chip can be accessed. . Using a semi-invasive attack allows crackers to achieve quick success, but requires opening the chip's package to gain access to the die. A well-known method is to wipe off the safety fuse with UV light.
04
Security fuses become part of memory array
Later, MCU manufacturers made security fuses part of the memory array, as shown in the figure:
The general fuse is very close to the main memory, or simply shares some control lines. It is manufactured with the same process as the main memory, and the fuse is difficult to locate. A non-intrusive test attack can still be used, and a combination of external signals can be used to leave the blown bits in a state that is not read correctly. Likewise, semi-intrusive attacks are also available.
Of course, the cracker needs more time to find the safety fuse or the part of the control circuit responsible for safety monitoring, but these can be done automatically. Doing an intrusive attack would be difficult and would require manual operations, which would cost more to crack.
05
Use a portion of main memory to control external access to data
Use the information that locks the address of a specific area at power-on as a security fuse. Or use a password to control access to memory. For example: Texas Instruments MSP430F112 can only read back after entering the correct 32-byte password.
If not entered, the readback operation can only be performed after erasing the byte password. Although this protection method appears to be more effective than the previous one, it has some drawbacks that can be broken with low-cost non-intrusive attacks such as timing analysis and power consumption.
If the security fuse state is part of the memory after power-up or reset, this gives the cracker an opportunity to crack with power noise, forcing the circuit to enter the in-memory error state.
06
Use the top metal network
Use the top metal network design to increase the difficulty of intrusion. All grids are used to monitor shorts and opens, which, when triggered, cause the memory to be reset or cleared. As shown in the figure:
Ordinary MCUs do not use this protection method because it is difficult to design and can also be triggered under abnormal operating conditions, such as: high-intensity electromagnetic field noise, low or high temperature, abnormal clock signal or poor power supply. Therefore, some common MCUs use cheaper pseudo-top metal grids, which can be attacked by microprobing with very efficient optical analysis.
Additionally, these grids do not protect against non-intrusive attacks. It is also not effective against semi-invasive attacks because there is capacitance between the wires and light can pass through the wires to reach the active area of the circuit. In smart cards, some of these grid lines are also laid between power and ground. Some programmable smart cards go further, simply cut off the standard programming interface, or even kill the read EEPROM interface, and replace it with a startup module, which can be erased or shielded after the code is loaded, and then can only respond to use features supported by the user's embedded software. Effectively prevent non-intrusive attacks.
07
Smart Card Chip Security Design
In recent years, some smart cards use memory bus encryption (Bus Encryption) technology to prevent detection attacks. As shown in the figure:
Data is stored in memory in ciphertext. Even if the intruder obtains the data of the data bus, it is impossible to know the key or other sensitive information (such as data recovery method). This protection is effective against intrusive and semi-intrusive attacks.
Some smart cards can even make the bus encryption key different for each card, so even if the intruder completely cracks it, they cannot produce chips with the same function, because each smart card chip has a unique ID number and cannot buy the same ID number. smart card.
It is also worth mentioning that some smart cards design standard module structures such as decoders, register files, ALU and I/O circuits with ASIC-like logic. These designs are called Gle Logic designs.
Hybrid logic makes it practically impossible to physically attack by manually finding signals or nodes to obtain card information. Greatly improves the performance and security of CPU cores. Mixed logic designs are almost impossible to know the physical location of the bus, effectively preventing reverse engineering and microprobing attacks.
08
Advantages and disadvantages of smart card chip encryption scheme
For developers, choosing a microcontroller with a more secure design may be better protected. Even smart cards designed ten years ago offer better protection than most microcontrollers. Modern smart cards offer more protection against attacks, with internal voltage sensors protected from Power Glitch attacks, overvoltage and undervoltage protection.
The clock frequency sensor protects against the lowering of the clock frequency by static analysis; it also prevents the attack of the higher clock frequency by the clock glitch attack. The top metal grid and internal bus hardware encryption make it possible to prevent microprobing attacks.
However, compared with microcontrollers, smart card chips also have disadvantages, such as: chips are expensive, and it is difficult to buy in small quantities. Development tools are expensive and require a non-disclosure agreement with the manufacturer, even the instructions. Many manufacturers only sell high-volume smart cards to specific customers.
Another shortcoming is that the function of I/O is limited. Ordinary smart card chips usually only have ISO7816 interface, and there are very few independent I/O ports.
This makes it impossible to replace microcontrollers in most applications, but can only be used in industries with very high security requirements, such as: payment set-top boxes, bank cards, SIM cards, second-generation ID cards, high-end encryption chips and other fields. The application of smart card chips in the field of encryption chips will be a good direction. Because the security level of the smart card chip is high, the IO resources are few.
However, the hardware resources of ordinary MCU are very rich, but the degree of security is not high. Some key algorithms and operating parameters in the MCU can be stored in the smart card chip in a special form, so as to achieve powerful functions with high security strength.
09
postscript
There is no end to the battle between the cracking groups that are persistently trying to break through the protection mechanisms and the manufacturers who are constantly introducing new security solutions. "The Tao is one foot higher, the devil is one foot higher", or "Evil does not overwhelm the righteous", will continue to be staged between the two factions!
Disclaimer: The source network copyright of this article belongs to the original author. If it involves copyright issues, please contact me to delete it.
—— The End ——
Recommended in the past
I advise you to stop being a traffic slave...
7 C programs summarized in actual combat, good things are not hidden
Demystifying, how complicated is embedded OTA technology?
Join the embedded technology exchange group and make progress together
Click on the card above to follow me
Everything you ordered looks good , I take it seriously as I like it