Follow+Starred Public Account, don’t miss the exciting content
Source | IoVSecurity
Compilation | strongerHuang
Since the birth of MCUs in the 1970s, the technology for cracking chips and the solutions to prevent chip cracking have been in a constant chase of “the higher the road, the higher the devil,” with each mountain being higher than the last.
This article will share the development history of microcontrollers in terms of security protection, and at the end of the article, summarize the advantages and disadvantages of the currently highest security level smart card chips.
Single Board Computer Era
In the early 1970s, embedded systems were composed of separate components such as: CPU, ROM, RAM, I/O buffers, serial ports, and other communication and control interfaces.
During this period, there were almost no protective measures, apart from legal ones, to prevent intruders from copying data from the ROM area on single board computers.
With the development of large-scale integrated circuit technology, the central processing unit (CPU), data memory (RAM), program memory (ROM), and other I/O communication ports were integrated onto a single microcontroller chip, replacing single board computers. As shown:
During this period, internal memory EEPROM and MCU were separately sealed within the same package. Intruders could use microprobes to obtain data.
With the increase in intruders, MCUs later added security fuses to prohibit access to data for their own security. As shown:
Advantages: It is easy to implement, requiring no complete redesign of the MCU architecture, just using fuses to control data access.
Disadvantages: Fuses are easy to locate and attack. For example: The state of the fuse can be modified by directly connecting the output bit to the power or ground. Some can simply cut the sensing circuit of the fuse using laser or focused ion beams. Non-invasive attacks can also succeed, as a separate fuse layout differs from the normal storage array, allowing external signals to force bits into an unreadable state, thereby accessing information stored on the internal chip. Semi-invasive attacks can lead to quick success for attackers but require opening the chip package to access the die. A well-known method is to use ultraviolet light to erase security fuses.
Later, MCU manufacturers integrated security fuses as part of the memory array, as shown:
Generally, fuses are located very close to the main memory or share some control lines, manufactured using the same process as the main memory, making it difficult to locate the fuses. Non-invasive attacks can still be conducted, using external signals to force the fuse bits into an unreadable state. Similarly, semi-invasive attacks can be applied. Of course, attackers need more time to locate the security fuses or the control circuits responsible for security monitoring, but this can be automated. Conducting invasive attacks will be very difficult and require manual operation, which will incur higher costs to crack.
External Data Access Control
Later, a method using a portion of the main memory to control external access to data was developed.
By locking specific address areas during power-up, this information can serve as security fuses, or passwords can be used to control access to memory.
For example, Texas Instruments’ MSP430F112 only allows read-back operations after entering the correct 32-byte password. If not entered, the memory can only be read back after erasing the byte password.
Although this protection method appears more effective than previous ones, it has some disadvantages that can be exploited through low-cost non-invasive attacks, such as timing analysis and power consumption.
If the state of the security fuse is part of the memory after power-up or reset, this gives attackers an opportunity to exploit power noise to crack, forcing the circuit into an erroneous state.
Using top metal network design increases the difficulty of intrusion. All grids are used to monitor short circuits and open circuits, and once triggered, will cause the memory to reset or clear. As shown:
Ordinary MCUs do not use this protection method due to its design complexity, and it can also be triggered under abnormal operating conditions, such as high-intensity electromagnetic noise, low or high temperatures, abnormal clock signals, or poor power supply. Therefore, some ordinary MCUs use cheaper pseudo-top metal grids, which can be micro-probed by very efficient optical analysis. Additionally, these grids cannot prevent non-invasive attacks. They also cannot effectively prevent semi-invasive attacks due to capacitance between wires, and light can reach the effective area of the circuit through the wires. In smart cards, some grid lines are also laid between power and ground. Some programmable smart cards go further by eliminating standard programming interfaces, even removing EEPROM read interfaces, replacing them with boot modules that can erase or shield themselves after code is loaded, only responding to functionalities supported by the user’s embedded software. This effectively prevents non-invasive attacks.
In recent years, some smart cards have employed memory bus encryption technology to prevent probing attacks.As shown:
Data is stored in encrypted form in memory. Even if an intruder obtains the data from the data bus, it is impossible to know the key or other sensitive information (such as data restoration methods).
This protective measure effectively prevents both invasive and semi-invasive attacks. Some smart cards can even ensure that each card has a different bus encryption key, so even if an intruder completely cracks it, they cannot produce chips with the same functionality, as each smart card chip has a unique ID number, and the same ID number smart card cannot be purchased.
It is also worth mentioning that some smart cards design standard module structures such as decoders, register files, ALUs, and I/O circuits using similar ASIC logic. These designs are known as mixed logic designs. Mixed logic makes it virtually impossible to obtain information about the card through physical attacks by manually searching for signals or nodes.
This greatly enhances the performance and security of the CPU core. Mixed logic design makes it nearly impossible to know the physical location of the bus, effectively preventing reverse engineering and micro-probing attacks.
The endless struggle between groups attempting to break protective mechanisms and manufacturers continuously introducing new security measures is ongoing. “The higher the road, the higher the devil,” or “Evil cannot suppress righteousness,” will continue to unfold between the two sides!
Disclaimer: The materials in this article are sourced from the internet, and the copyright belongs to the original authors. If there are copyright issues, please contact me for deletion.
———— END ————
● Column “Embedded Tools”
● Column “Embedded Development”
● Column “Keil Tutorial”
● Selected Tutorials from Embedded Column
Follow the public account reply “Join Group” to join the technical exchange group according to the rules, reply “1024” to see more content.
Click “Read Original” to see more shares.
