From: Brian D Williams <talon57@well.sf.ca.us>
To: cypherpunks@toad.com
Message Hash: f2ab584fc5381a41018b4131e38b8b1a146d883063ed144992129e1f8c6ee764
Message ID: <199401272054.MAA10952@well.sf.ca.us>
Reply To: N/A
UTC Datetime: 1994-01-27 20:57:42 UTC
Raw Date: Thu, 27 Jan 94 12:57:42 PST
From: Brian D Williams <talon57@well.sf.ca.us>
Date: Thu, 27 Jan 94 12:57:42 PST
To: cypherpunks@toad.com
Subject: clipper cracking
Message-ID: <199401272054.MAA10952@well.sf.ca.us>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Tim May says;
>Yeah, I guess Duncan is right. I did write some comments about the
>procedures that would be needed to reverse-engineer the Clipper
>chip (having started Intel's electron-beam analysis lab in 1981),
>but I don't think I ever advocated it as a Cyperpunks project,
>that's for sure!
>(If I'm misremembering, someone will correct me.)
>Might I suggest first spending several thousand dollars to buy--if
>you can--some Clipperphones, then tear them apart to see how the
>chips are mounted (rumor: surface mount, hard to get at) and what
>kind of encapsulization is used. I'll be happy to provide a few
>hours or more of free consulting on what kind of plasma asher
>you'll need to get to the chip surface, some approaches to
>voltage-contrast analysis, and other "peeling" steps to consider.
>--Tim May
I remember that post, in fact I have it right here <digital
rummaging sounds>
Here's a fairly long posting I made to sci.crypt and comp.lsi about
reverse engineering the Clipper chip. Especially on the technical
issues about tamper-resistant modules and electron-beam probing.
(followup to comp.lsi added, as they may have something to say on
this)
allyn (allyn@netcom.com) wrote:
I ran an electron microscope/chip testing lab for Intel, circa
1981-84. (We built a kind of "time machine" for imaging the
internal states of complex chips--the 286 in those days--and
displaying them on an image processing system which "subtracted
out" the states of bad chips from known good chips and thus allowed
us to analyze the nucleation and propagation of logic faults
through the chip. Very useful for finding subtle speed and voltage
problems, as well as gross faults, of course.)
Analyzing the Clipper chip, or any "tamper-resistant module," will
not be trivial, but neither will it be impossible.
Some issues, questions, problems:
1. Getting through the package to the chip surface itself is
problematic. Proprietray molding compounds may be used to make this
tough. (For example, carborundum and sapphire particles are often
mixed in, so that mechanical grinding and lapping also destroys the
chip. And plasma ashing won't work.)
2. Sometimes the package itself has "traps" which wipe the chip
(the data) if breached (fiber optic lines mixed in the epoxy, for
example). This seems unlikely for a relatively low-cost solution
like the Clipper. Papers presented at the "Crypto Conference" have
dealt with this. (The main uses: nuclear weapons "Permissive Action
Links" and credit card "smart cards," which use less intensive
measures, obviously.)
3. Once at the chip surface, via grinding, chemical etch, plasma
ashing, etc., the chip can be analyzed. Carefully photographing
the chip as layers are etched away (or even carefully lapped away)
can reveal much about the internal operation, though not the data
stored in internal ROM, EPROM, EEPROM, Flash EPROM, etc. If the
Clipper/Capstone algorithm is embedded in the microcode and not
apparent from the visible circuitry, then it must be read by other
means.
5. Voltage contrast electron microscopy allows internal chip
voltages to be read with good reliability. Cf. any of the the many
papers on this. Commercial e-beam probers are available. (How
voltage contrast works is itself an interesting issue, and there
are many good references on this.)
6. However, operating the chip is necessary to read the internal
states and voltage levels, and opening the chip under "hostile
conditions" (read: limited numbers of samples, no knowledge of the
molding compound, no help from the manufacturer) often destroys the
functionality. It can be done, but count on lots of trial and
error.
7. Metal layers may be used to shield lower signal-carrying layers
from scrutiny by electron beam probes. Intel, for example, builds
the new Pentium on a 3-layer metal process in which the top layer
almost completely covers the lower layers. (Extremely sophisticated
measurements using lasers (Kerr effect) and magnetic field sensing
may be possible. Count on a very expensive set-up to do this.)
8. Other "tricks" may route parts of the key circuitry through
buried layers, polysilicon lines, several layers of metal, etc.
9. VLSI Technology, Inc., the company with the "tamper-resistant
technology" used by Mykotronx (VTI will fab the chips), may also be
storing bits in very small EEPROM cells, which are very hard to
e-beam probe (especially without disrupting them!). Note also that
Intel bought a partial stake in VLSI. (I'm not imputing anything
and don't know if Intel is somehow involved in the Clipper/Capstone
effort. In fact, I left Intel in 1986.)
10. The easiest way to get the Clipper/Skipjack/Capstone details is
probably the old-fashioned way: offer money for it. With anonymous
remailers and digital cash, this may be much easier.
Just some thoughts on this extremely interesting issue of
reverse-engineering the Clipper.
- -Tim May
No, you clearly did not advocate this as a Cypherpunk project, but
feel free to elaborate....
Brian Williams
Extropian
Cypherpatriot
"Cryptocosmology: Sufficently advanced comunication is
indistinguishable from noise." --Steve Witham
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLUgn+tCcBnAsu2t1AQEVLgP8DVxH2AJgk/6M8+Xj2i6L+GIJCRahkg5A
pjKIFQcE++nQwqmnOnAAl/zr7jR8hezLl/e5CNaD4Chjo21MDuoj8+ZQZPOAF85s
lxhBxmy6prME36EA4cOpgwOvZrKpMeEskRUmXoLJfd9DVcJKhMImHbsDrNNaplij
cm4BJIC0ch8=
=FHiQ
-----END PGP SIGNATURE-----
Return to January 1994
Return to “Brian D Williams <talon57@well.sf.ca.us>”
1994-01-27 (Thu, 27 Jan 94 12:57:42 PST) - clipper cracking - Brian D Williams <talon57@well.sf.ca.us>