From: mpd@netcom.com (Mike Duvos)
To: cypherpunks@toad.com
Message Hash: 998642c74956e04de4aee1dae54bc85719ef50ec1b9791dcdebe1e1e76600dbc
Message ID: <199604010508.VAA03496@netcom13.netcom.com>
Reply To: <ad847d2604021004131b@[205.199.118.202]>
UTC Datetime: 1996-04-01 08:59:52 UTC
Raw Date: Mon, 1 Apr 1996 16:59:52 +0800
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 1 Apr 1996 16:59:52 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
In-Reply-To: <ad847d2604021004131b@[205.199.118.202]>
Message-ID: <199604010508.VAA03496@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
tcmay@got.net (Timothy C. May) writes:
> The surface layers above the active portion of a chip can
> be stripped away and chip remains functional. This includes
> the outer packaging layers (epoxy, or of course, ceramic
> with metal lids) and parts of the so-called "scratch
> protection," usually a type of silicate glass.
> The active capacitors are not affected by removal of these
> layers.
True, but removing packaging materials and protective layers is a
long way from imaging the charges tunneled to and from the
floating gates of EEPROM cells, which is the particular
application we are discussing.
Also bear in mind that in a real device, the tamper-resistant
packaging will be considerably more intractable than conventional
semiconductor packaging, and these devices are often designed to
automatically erase all data if signs of tampering are detected.
> Actually, we did it all the time in my lab at Intel, and I
> understand from my former co-workers that the technology has
> only gotten better. (This does not mean voltage contrast is
> easy. For one thing, modern chips have 3-5 metal layers, due
> to spectacular advances in chem-mechanical polishing, and
> each metal layer acts as a ground plane shielding the lower
> layers from visibility and inspection with electron beams.
Yes. This is truely impressive technology which continues to
improve with leaps and bounds. SEM/TEM/STEM voltage-contrast
techniques are a major tool for failure analysis of semiconductor
devices, and AFM instruments can do voltage measurements on
running devices down to nanometer and picosecond resolutions.
> And EPROM and EEPROM cells are effectively impossible to
> analyze, for various reasons.)
Correct. Which is one of the reasons why they are currently the
favored mode of storage for smart card applications.
> This does not mean I think reverse-engineering of smart
> cards or satellite boxes is easy.
While I don't necessarily disagree with Perry that sufficiently
advanced technology can reverse-engineer almost anything (the
kind of advanced technology that is indistinguishable from
magick), I think there are practical engineering difficulties in
doing such things today which are either insurmountable or at the
very least a strong indication that there are better ways to
approach the problem.
> SQUIDs won't do it, either.
At the risk of offending Mr. Squid, I must say that SQUIDs were a
big disappointment given the initial hype and expended research
funds.
BTW, I attempted to read all your writings on "Tamper-Resistant
Modules" in the list archives, but as fate would have it, hks.net
has taken the archives offline for a few days to do some sort of
upgrade.
I did get this very nice Cyber Wallet thing off their Web Page,
however, which uses "DES and Full 768 Bit RSA." Although I must
admit I'm not exactly sure what "full" means in this particular
context. :)
--
Mike Duvos $ PGP 2.6 Public Key available $
mpd@netcom.com $ via Finger. $
Return to April 1996
Return to “tcmay@got.net (Timothy C. May)”