Talks and Poster Presentations (with Proceedings-Entry):
M. Kammerstetter, M. Müllner, D. Burian, Ch. Platzer, W. Kastner:
"Breaking Integrated Circuit Device Security through Test Mode Silicon Reverse Engineering";
Talk: 21st ACM Conference on Computer and Communications Security (ACM CCS),
Scottsdale, Arizona, USA;
2014-11-03
- 2014-11-07; in: "Proceeedings of the 21st ACM Conference on Computer and Communications Security (ACM CCS)",
(2014),
Paper ID 221,
9 pages.
English abstract:
Integrated Circuit (IC) device manufacturing is a challeng-
ing task and often results in subtle defects that can render
a chip unusable. To detect these defects at multiple stages
during the IC production process, test modes are inserted
(Design For Testability). On the downside, attackers can
use these test modes to break IC device security and extract
sensitive information such as the firmware implementation
or secret key material. While in high security smart cards
the testing circuits are physically removed during produc-
tion for this reason, in the majority of digital ICs the testing
modes remain intact. Often they are undocumented, well-
hidden and contain secret test commands. Utilizing search
algorithms and/or side channel information, several attacks
on secret testing modes have been presented lately. Accord-
ingly, countermeasures that frequently rely on obfuscation
techniques have been proposed as more advanced crypto-
graphic methods would require significantly more space on
the die and thus cause higher production costs. In this work,
we show that limited effort silicon reverse engineering can
be effectively used to discover secret testing modes and that
proposed obfuscation based countermeasures can be circum-
vented without altering the analysis technique. We describe
our approach in detail at the example of a proprietary cryp-
tographic game authentication chip of a well known gaming
console and present an FPGA implementation of the previ-
ously secret authentication algorithm.
Keywords:
Integrated Circuit, Security, Reverse Engineering, Test Modes
"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
http://dx.doi.org/10.1145/2660267.2660301
Related Projects:
Project Head Wolfgang Kastner:
Smart Grid Security Guidance