To avoid missing my updates, remember to visit the public account in the upper right corner and set it as a star, and give me a star.
Since the birth of the MCU in the 1970s, the technology for cracking chips and the solutions to prevent chip cracking have been in a constant chase of ‘the higher the road, the higher the devil’, with one mountain higher than another.This article shares the development history of microcontrollers in terms of security protection, and at the end of the article, summarizes the advantages and disadvantages of the currently highest security level smart card chips.
The Single Board Computer Era
In the early 1970s, embedded systems consisted of separate components such as: CPU, ROM, RAM, I/O cache, serial ports, and other communication and control interfaces.During this period, there were almost no protective measures to prevent intruders from copying the data in the ROM area of the single board computer, except for legal measures.
The Microcontroller Era
With the development of large-scale integrated circuit technology, the Central Processing Unit (CPU), data memory (RAM), program memory (ROM), and other I/O communication ports have been integrated into a single microcontroller chip, replacing the single board computer. As shown:During this period, the internal memory EEPROM and MCU were sealed separately within the same package. Intruders could use micro-probes to obtain data.
Security Fuses
With the increase of intruders, the MCU later added security fuses to prohibit data access for its own safety. As shown:Advantages: It is easy to implement, requiring no complete redesign of the MCU architecture, only using fuses to control data access.Disadvantages: Fuses can be easily located and attacked. For example, the state of the fuse can be modified by directly connecting the output bit to power or ground. Some can be cut by using a laser or focused ion beam to interrupt the sensing circuit of the fuse. Non-invasive attacks can also succeed, as a separate fuse layout differs from a normal storage array, allowing external signals to cause the bit to be in an unreadable state, thus accessing information on the internal chip. Semi-invasive attacks can allow attackers to succeed quickly, but require opening the chip package to access the die. A well-known method is to erase the security fuse with ultraviolet light.
Fuse Memory Array
Later, MCU manufacturers incorporated security fuses as part of the memory array, as shown:Generally, fuses are very close to the main memory or even share some control lines, manufactured using the same process as the main memory, making it difficult to locate the fuses. Non-invasive attacks can still be used, using external signals to cause the fuse bit to be in an unreadable state. Similarly, semi-invasive attacks can also be used. Of course, attackers need more time to locate the security fuses or the control circuits responsible for security monitoring, but this can be automated. Conducting invasive attacks will be very difficult and require manual operation, which will cost more to crack.
External Data Access Control
Later, a method using part of the main memory to control external data access was developed.
By locking specific area addresses during power-up, it can be used as a security fuse. Or use a password to control access to the memory.
For example, Texas Instruments’ MSP430F112 can only perform read-back operations after entering the correct 32-byte password. If not entered, it can only perform read-back operations after erasing the password.
Although this protection method seems more effective than previous ones, it has some drawbacks that can be cracked using low-cost non-invasive attacks, such as timing analysis and power consumption.
If the state of the security fuse is part of the memory after power-up or reset, it gives attackers the opportunity to crack using power noise, forcing the memory into an erroneous state.
Top Metal Network
Using top metal network design increases the difficulty of intrusion. All grids are used to monitor short circuits and open circuits; once triggered, it will cause the memory to reset or clear. As shown:Ordinary MCUs do not use this protection method because the design is difficult and may also trigger under abnormal operating conditions, such as high-intensity electromagnetic noise, low or high temperatures, abnormal clock signals, or poor power supply. Therefore, some ordinary MCUs use cheaper pseudo-top metal grids, which can be attacked by highly efficient optical analysis through micro-probing. Additionally, these grids cannot prevent non-invasive attacks. They also cannot effectively prevent semi-invasive attacks because there is capacitance between the wires, and light can reach the effective area of the circuit. In smart cards, some grid lines are also laid between power and ground. Some programmable smart cards go further, eliminating standard programming interfaces or even removing EEPROM read interfaces, replacing them with boot modules that can erase or shield themselves after code is loaded, responding only to the functions supported by the user’s embedded software. This effectively prevents non-invasive attacks.
Smart Card Chips
In recent years, some smart cards have used memory bus encryption technology to prevent probing attacks. As shown:Data is stored in encrypted form in the memory. Even if intruders obtain the data from the data bus, they cannot know the key or other sensitive information (such as data restoration methods).This protective measure effectively prevents invasive and semi-invasive attacks. Some smart cards can even ensure that each card has a different bus encryption key, so that even if attackers completely crack it, they cannot produce a chip with the same functionality, as each smart card chip has a unique ID number, making it impossible to obtain a smart card with the same ID number.Additionally, it is worth mentioning that some smart cards design standard module structures, such as decoders, register files, ALUs, and I/O circuits using similar ASIC logic. These designs are called hybrid logic designs. Hybrid logic makes it practically impossible to physically attack by manually searching for signals or nodes to obtain information from the card.Greatly improves the performance and security of the CPU core. Hybrid logic design makes it almost impossible to know the physical location of the bus, effectively preventing reverse engineering and micro-probing attacks.
In Conclusion
The relentless attempts of cracking groups to break protective mechanisms and the constant introduction of new security measures by manufacturers are an endless struggle. ‘The higher the road, the higher the devil’, or ‘Evil cannot suppress justice’, will continue to be staged between the two sides!
Disclaimer: The materials of this article are sourced from IoVSecurity, and the copyright belongs to the original author. If there are any copyright issues, please contact us for deletion.
