CONTENTS
1. ABSTRACT
2. INTRODUCTION
3. ATTACKING TECHNOLOGIES
4. NON-INVANSIVE ATTACKS
5. INVANSIVE ATTACKS
6. SEMI-INVANSIVE ATTACKS
7. MICROCONTROLLERS
8. SUGGESTIONS TO PROTECT MICROCONTROLLERS FROM ATTACKS
9. CONCLUSION
10. REFERNCES
ABSTRACT:-
A lot of microcontrollers are used in modern equipment and electronic devices. These are used for serious applications by the military, security services, banks, medical services etc. Each microcontroller executes the program that is uploaded into its memory. We can write the programs in high-level languages (like ‘C’,’C++’and Java etc). So that it will be translated into Assembler during compilation. In order to protect the data that is written into the microcontrollers, the manufacturers who invent new security solutions, learning their lessons from previous mistakes, and the hacker community, constantly trying to break implemented protections. In this situation, it is crucial for the designers to develop convenient and reliable microcontrollers.
INTRODUCTION:-
Now days, semiconductor chips are used in everywhere. With constantly growing demand for security, silicon chips started to be used not only for control purposes but also for protection. These days we have a continuous battle between manufacturers who invent new security solutions learning their lessons from previous mistakes, and the hacker community, which is constantly trying to break the protection in various devices. Unfortunately very little attention is paid to proper selection of microcontrollers for secure applications. Mainly this happens because information about the true level of security protection is not widely available from manufacturers or distorted. But it is crucial for the designers to develop convenient and reliable microcontrollers and secure chips.
In this paper there is a wide coverage about problems with the hardware security of silicon chips. But due to continuous technological progress, we’ve chosen a narrow area of security analysis in microcontrollers and smartcards with some attacks.
There is no guarantee that there is 100% of security for the data. Because a determined hacker can break any protection provided he/she has enough time and resources[3]. The question is what if your secure system was designed from insecure components? The obvious answer is no security for the data. Even if you implement a provably secure protocol, your system could be broken if the key can be easily extracted from the hardware by mechanical or optical probing. Therefore, whenever you design a secure system, proper security evaluation of all the components must be performed. Of course it is impossible to avoid all problems; but we’ve to make the attacks very expensive and time-consuming. So that, attackers will go to other products rather than spending money and time.
A new class of attack – the semi-invasive attack – was recently introduced. Using semi-invasive methods for security evaluation could expose more problems in the hardware design with less effort, and in a shorter time, compared to invasive or non-invasive methods.
ATTACKING TECHNOLOGIES:-
There are four major attack categories:
1. Microprobing: techniques can be used to access the chip surface directly, thus we can observe, manipulate, and interfere with integrated circuit.
2. Software attack: use normal communication interface of the processor and exploit security vulnerabilities found in the protocols, cryptographic algorithms, or their implementation.
3. Eavesdropping: techniques monitor, with high time resolution, the analog characteristics of all supply and interface connections and any other electromagnetic radiation by the processor during normal operation.
4. Fault generation: techniques use abnormal environmental conditions to generate malfunctions in the processor that provide additional access.
Basic microcontroller
All microprobing techniques are invasive attacks. They require hours or weeks in specialized laboratory and in the process they destroy the packaging. The other three are non-invasive attacks. The equipment is not physically harmed during these attacks but the internal functionality can be attacked.
Non-invasive attacks are particularly dangerous in some applications for two reasons. Firstly, the owner of the compromised card might not notice that the secret keys have been stolen; therefore it is unlikely that the validity of the compromised keys will be revoked before they are abused. Secondly, non-invasive attacks often scale well, as the necessary equipment can usually be reproduced and updated at low cost.
The design of most non-invasive attacks requires detailed knowledge of both the processor and software. On the other hand, invasive microprobing attacks require very little initial knowledge and usually work with a similar set of techniques on a wide range of products. Attacks therefore often start with invasive reverse engineering, the result of which then help to develop cheaper and faster non-invasive attacks.
NON-INVASIVE ATTACKS:-
The most widely used non-invasive attacks include playing around supply voltage and clock signal. Under-voltage and over-voltage attacks could be used to disable protection circuit or force processor to do wrong operation[1]. For these reasons, some security processors have voltage detection circuit, but as a rule this circuit does not react to transients. So fast signals of various kinds may reset the protection without destroying the protected information.
Power and clock transients can also be used in some processors to affect the decoding and execution of individual instructions. Every transistor and its connection paths act like an RC element with a characteristic time delay; the maximum usable clock frequency of a processor is determined by the maximum delay among its elements. Similarly, every flip-flop has a characteristic time window (of a few Pico seconds) during which it samples its input voltage and changes its output accordingly. This window can be anywhere inside the specified setup cycle of the flip-flop, but is quite fixed for an individual device at a given voltage and temperature. So if we apply a clock glitch (a clock pulse much shorter than normal) or a power glitch (a rapid transient in supply voltage), this will affect only some transistors in the chip. By varying the parameters, the CPU can be made to execute a number of completely different wrong instructions, sometimes including instructions that are not even supported by the microcode[2]. Although we do not know in advance which glitch will cause which wrong instruction in which chip, it can be fairly simple to conduct a systematic search.
Another possible way of attack is current analysis. Using 10 - 15 ohm resistor in the power supply, we can measure with an analog/digital converter the fluctuations in the current consumed by the card.
Other possible threat to secure devices is data remanence. This is the capability of volatile memory to retain information stored in it for some period of time after power was disconnected. Static RAM contained the same key for a long period of time could reveal it on next power on[3]. Other possible way is to 'freeze' state of the memory cell by applying low temperature to the device. In this case static RAM could retain information for several minutes at -20ºC or even hours at lower temperature.
Picture of the device having additional socket adapters
INVASIVE ATTACKS:-
Invasive attacks start with the removal of the chip package. Plastic over the chip could be removed by knife. Epoxy resin around the chip could be removed using fuming nitric acid[3]. Hot fuming nitric acid dissolves the package without affecting the chip. The procedure should preferably be carried out under very dry conditions, as the presence of water could corrode exposed aluminium interconnects. The chip is then washed with acetone in an ultrasonic bath, followed optionally by a short bath in deionized water and isopropanol. After that chip could be glued into a test package and bonded manually. Having enough experience it might be possible to remove epoxy without destroying bonding wires and smartcard contacts.
Most currently available microcontrollers and smartcard processors have feature sizes of 0.5 - 1 µm and only two metal layers. These can be reverse-engineered and observed with the manual and optical techniques. For future chip generations with more metal layers and features below the wavelength of visible light, more expensive tools additionally might have to be used
SEMI-INVASIVE ATTACKS:-
Semi-invasive attacks, like invasive attacks, require depackaging the chip to get access to the chip surface. But the passivation layer of the chip remains intact – semi-invasive methods do not require electrical contact to the metal surface, so there is no mechanical damage to the silicon. As invasive attacks are becoming constantly more demanding and expensive, with shrinking feature sizes and increasing device complexity, semi-invasive attacks become more attractive as they do not require very expensive tools and give results in a shorter time.
Using semi-invasive methods for hardware security analysis of semiconductor devices in postproduction testing could help avoid some security problems andsave time and money on expensive and time-consuming invasive methods[1]. Using semi-invasive methods for hardware security analysis of semiconductor devices in postproduction testing could help avoid some security problems andsave time and money on expensive and time-consuming invasive methods.
Advanced imaging techniques can be considered as semi-invasive as well. This includes various kinds of microscopy such as infrared, laser scanning and Thermoimaging. Some of them can be applied from the rear side of the chip which is very useful for modern chips with multiple metal layer design. Some of these techniques allow observation of the state of each individual transistor inside the chip.
One of the main contributions of this thesis is fault injection attacks done in a semi-invasive manner which can be used to modify the contents of SRAM and change the state of any individual transistor inside the chip. That gives almost unlimited capabilities to the attacker in getting control over the chip operation and abusing the protection mechanism
MICROCONTROLLERS:-
The microcontrollers can be divided into two types - ordinary and secure microcontrollers. Secure microcontrollers are designed for security applications like military, banks, medical service etc and used in Smartcards or security modules. They provide different modes of operation, different access levels, encryption of data communication not only outside the chip but also inside it by using bus encryption, signals hiding etc. Attacks on these microcontrollers require very sophisticated and expensive equipment, very high skill of knowledge.
Advanced microcontrollerAttacks:
It is commonly believed that invasive attacks are very complicated and require a lot of sophisticated equipment. Invasive attacks should cost more than non-invasive because involve depackaging of the chip and applying different physical methods. But sometimes they could be done quite easily without using expensive laboratory equipment[2]. It reveals a huge threat to a device based on microcontroller, which was assumed to be strong to non-invasive attacks, but nothing related with invasive attacks was evaluated.
In order to attack a microcontroller, firstly we have to depackage the chip. It could be done in two ways: dissolving everything around the chip or removing plastic only above the silicon die. The last one is more intelligent but requires some level of knowledge and experience, while the first way will force you to bond the chip on a test package and it is not possible to carry out it without having access to a bonding station. So the only convenient way for us is to remove plastic above the chip die[3]. It is possible to do this using fuming nitric acid, which dissolves epoxy plastic (material of the package) without affecting the chip and bonding wires.
Next stage is to expose protection fuses to UV light. In order to do this you have to find where they are. If you have a microscope with at least 100x magnification you can easily find them just tracing the wire from the pin for programming voltage input. If you do not have a microscope you can do simple search exposing different part of the chip to UV light and observing the result. Once you have found them you can apply it to protected chip. You should use opaque paper in order to protect Program memory from UV light. Five to ten minutes under UV light should give you proper result and you would be able to read Program memory using any available programmer unit.
The semi-invasive attack can be done in microcontrollers, by exposing EEPROM and Flash Memories under UV light. Most floating-gate memory devices are also susceptible to UV attack. Meantime, chip designers have more freedom in choosing different protections against such attacks.
There are five possible ways in which the UV light could affect the floating gate memory cell:
1. It changes the cell’s state from programmed to erase. This affects the security fuse if the erased state corresponds to the disabled security.
2. It changes the cell’s state from erased to program. This affects the security fuse if the programmed state corresponds to the disabled security.
3. It changes the cell’s state from programmed or erased to intermediate. Could possibly affect the security if the reference voltage in the cell control circuit depends upon the power supply voltage.
4. It shifts the threshold of the cell’s transistor out of its operating level thus locking up the cell. This provides reasonably good protection against UV attacks but may allow an attacker to locate the fuse.
5. It cannot shift the threshold of the cell’s transistor enough to change the state
(1) Before attacking.
(2) Attack by fuming nitric acid which dissolves epoxy plastic (material of the package) without affecting the chip and bonding wires
SUGGESTIONS TO PROTECT MICROCONTROLLERS FROM ATTACKS:-
If microcontroller/ smartcards are not vulnerable to attacks you have proper protection against copying of your code. The aim is to make developers to be aware that proper evaluation should be performed before using certain microcontroller/ smartcards.
1. A common and widely used technology for protecting sensitive information is data encryption.
2. One of the most effective methods of increasing the cost of attacking ordinary microcontrollers is burning some of the pins used for memory programming.
3. Modern smartcards provide protection against various attacks. Internal voltage sensors protect against under- and over-voltages used in power glitch attacks. A clock frequency sensor prevents attackers slowing down the clock frequency for static analysis and also from raising it for clock-glitch attacks.
CONCLUSION:-
The aim of this paper was to highlight the potential problems of hardware security in microcontrollers and smartcards, and give an introduction to various attack methods and possible protections against such attacks. In order to prevent these attacks from external, there should be a research in this area and the manufacturers should develop the security control systems with conscious.
REFERENCES:-
[1] Oliver Krling, Markus G. Kuhn: Design Principles for Tamper-Resistant Smartcard Processors, USENIX Workshop on Smartcard Technology, Chicago, Illinois, USA, May 10-11, 1999.
[2] Security-Enhanced Microcontroller, Advance Information Sheet.
[3] Steve H. Weingart, Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defenses, Workshop on Cryptographic Hardware and Embedded Systems (CHES 2000), LNCS, Vol. 1965, Springer-Verlag, 2000, pp. 302–317
1. www.people.msoe.edu
2. www.freepatentsonline.com
3. www.embeddedrelated.com/usenet/embedded/show/27290-1.php
very nice information. Thanks you for you post bloggers or Totally inspirational.
ReplyDeleteVisit this page