Since the birth of MCU in the 1970s, the technology for cracking chips and the solutions to prevent chip cracking have been a constant pursuit of “the higher the road, the higher the devil,” with a never-ending competition.
This article shares the development history of microcontrollers in terms of security protection, and at the end of the article, summarizes the advantages and disadvantages of the smart card chips with the highest security level at present.
▌Single Board Machine Era
In the early 1970s, embedded systems were composed of separate components such as: CPU, ROM, RAM, I/O cache, serial ports, and other communication and control interfaces.
During this period, there were almost no protective measures, except for legal ones, to prevent intruders from copying data from the ROM area of single board machines.
▌Microcontroller Era
With the development of large-scale integrated circuit technology, the central processing unit (CPU), data memory (RAM), program memory (ROM), and other I/O communication ports were integrated into a single microcontroller chip, replacing the single board machine. As shown in the figure below:
During this period, the internal memory EEPROM and MCU were separately sealed inside the same package. Intruders could use microprobes to obtain data.
With the increase in intruders, MCUs later added security fuses to prohibit access to data for their own safety. As shown in the figure below:
Advantages: It is easy to implement and does not require a complete redesign of the MCU architecture; it only uses fuses to control data access.
Disadvantages: Fuses can be easily located and attacked. For example, the state of the fuse can be modified by directly connecting the bit output to power or ground. Some fuses can be cut using laser or focused ion beams to sever the sensing circuit. Non-invasive attacks can also succeed, as a separate fuse layout differs from the normal storage array, allowing external signals to force bits into a state that cannot be correctly read, thereby accessing information stored on the internal chip. Semi-invasive attacks can allow crackers to quickly succeed but require opening the chip package to access the die. A well-known method is to use ultraviolet light to erase the security fuse.
▌Security Fuse Becomes Part of Memory Array
Later, MCU manufacturers made security fuses part of the memory array, as shown in the figure below:
Typically, fuses are located very close to the main memory or share some control lines, manufactured using the same process as the main memory, making fuses difficult to locate. Non-invasive attacks can still be used, employing external signals to force the fuse bits into a state that cannot be correctly read. Similarly, semi-invasive attacks can also be employed.
Of course, crackers need more time to search for the security fuses or the part of the control circuit responsible for security monitoring, but these can be automated. Performing invasive attacks will be difficult and require manual operation, incurring higher costs to crack.
▌Using a Part of the Main Memory to Control External Data Access
Utilizing information that locks specific address areas upon power-up as security fuses, or using passwords to control access to memory. For example, Texas Instruments’ MSP430F112 only allows read-back operations after entering the correct 32-byte password. If not entered, only after erasing the password can read-back operations be performed.
Although this protection method seems more effective than previous ones, it has some disadvantages that can be exploited using low-cost non-invasive attacks, such as timing analysis and power consumption. If the state of the security fuse is part of the memory after power-up or reset, it gives crackers the opportunity to exploit power noise to crack, forcing the path into an erroneous state in the memory.
Using top metal network design to increase the difficulty of intrusion. All grids are used to monitor short circuits and open circuits; once triggered, they will cause the memory to reset or clear. As shown:
Ordinary MCUs do not use this protection method because the design is difficult, and it may also trigger under abnormal operating conditions, such as high-intensity electromagnetic field noise, low or high temperatures, abnormal clock signals, or poor power supply. Therefore, some ordinary MCUs use cheaper pseudo-top metal grids, which can be attacked by very efficient optical analysis through micro-probes.
Additionally, these grids cannot prevent non-invasive attacks. They also cannot effectively prevent semi-invasive attacks because there is capacitance between the wires, and light can reach the effective area of the circuit through the wires. In smart cards, some such grid lines are laid between power and ground. Some programmable smart cards go further, simply cutting off the standard programming interface, even eliminating the EEPROM read interface, replacing it with a boot module that can erase or shield itself after code loading, only responding to functions supported by the user’s embedded software. This effectively prevents non-invasive attacks.
▌Smart Card Chip Security Design
In recent years, some smart cards have used memory bus encryption technology to prevent probing attacks. As shown in the figure below:
Data is stored in encrypted form in memory. Even if intruders obtain data from the data bus, they cannot know the key or other sensitive information (such as data restoration methods). This protection measure effectively prevents invasive and semi-invasive attacks. Some smart cards can even achieve different bus encryption keys for each card, so even if an intruder completely cracks it, they cannot produce a chip with the same functionality because each smart card chip has a unique ID number that cannot be purchased with the same ID number.
Additionally, it is worth mentioning that some smart cards use standard modular structures such as decoders, register files, ALU, and I/O circuits designed with ASIC-like logic. These designs are referred to as mixed logic designs. Mixed logic makes it practically impossible to obtain information from the card through manual signal or node searching for physical attacks. This greatly enhances the performance and security of the CPU core. Mixed logic designs make it almost impossible to know the physical location of the bus, effectively preventing reverse engineering and micro-probing attacks.
▌Advantages and Disadvantages of Smart Card Chip Encryption Solutions
For developers, choosing a more secure design microcontroller can provide better protection. Compared to most microcontrollers, even smart cards designed ten years ago can offer better protection. Modern smart cards provide more anti-attack protection, with internal voltage sensors protecting against power noise attacks (Power Glitch attacks), over-voltage, and under-voltage protection. Clock frequency sensors prevent attacks that lower clock frequency from static analysis; they can also prevent clock noise (Clock glitch attacks) that increase clock frequency attacks. Top metal grids and internal bus hardware encryption can prevent micro-probing attacks.
However, compared to microcontrollers, smart card chips also have disadvantages, such as high chip prices and difficulty obtaining small batches. Development tools are expensive and require signing confidentiality agreements with manufacturers, and even manuals must be treated this way. Many manufacturers only sell large batches of smart cards to specific customers.
Another drawback is the limited functionality of I/O; ordinary smart card chips usually only have ISO7816 interfaces, with very few having separate I/O ports. This makes it impossible to replace microcontrollers in most applications, and they can only be used in industries with very high security requirements, such as pay-TV set-top boxes, bank cards, SIM cards, second-generation ID cards, high-end encryption chips, and so on.
Applications of smart card chips in the field of encryption chips will be a good direction. Because smart card chips have a high security level and low IO resources. The hardware resources of ordinary MCUs are very rich, but the security level is not high, so some key algorithms and operating parameters in the MCU can be stored in a special form in the smart card chip, thus achieving powerful functionality with high security strength.
The ongoing struggle between groups attempting to break protective mechanisms and manufacturers continuously introducing new security measures is endless. “The higher the road, the higher the devil,” or “the evil cannot suppress the righteous,” will continue to unfold between the two sides!
Source: Blog Garden, Author: Wu Zhe
Original link: www.cnblogs.com/walta99/p/8484414.html
Copyright belongs to the original author. If there is any infringement, please contact for deletion.
Closed-Door Meeting Guests
