"Scan design called portal for hackers"
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Nov 2 05:30:36 EST 2004
David Honig <dahonig at cox.net> writes:
>EETimes 25 Oct 04 has an article about how the testing structures on ICs
>makes them vulnerable to attacks.
A link (http://www.eetimes.com/showArticle.jhtml?articleID=51200146) would
have been useful...
>The basic idea is that to test a chip, you need to see inside it; this can
>also reveal crypto details (e.g., keys) which compromise the chip.
The JTAG interface is your (that is, the reverse engineer's) friend. This is
why some security devices let you disconnect it using a security-fuse type
mechanism before you ship your product. Of course that only works if (a) the
device allows it, (b) you remember to activate it, and (c) your attacker isn't
sufficiently motivated/funded to use something like microprobing or a FIB
workstation to bypass the disconnect.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list