"Scan design called portal for hackers"
Ian Farquhar
ianf at dreamscape.com.au
Thu Nov 4 00:10:19 EST 2004
At 09:30 PM 2/11/2004, Peter Gutmann wrote:
>The JTAG interface is your (that is, the reverse engineer's) friend. This is
>why some security devices let you disconnect it using a security-fuse type
>mechanism before you ship your product. Of course that only works if (a) the
>device allows it, (b) you remember to activate it, and (c) your attacker isn't
>sufficiently motivated/funded to use something like microprobing or a FIB
>workstation to bypass the disconnect.
I've heard comments about using laser scribes (ie. the types which used to
be used to program fuse links on nonce-style "serial number" registers)
being used to totally disconnect and/or destroy BIST circuitry from the
rest of the chip in "sensitive" devices.
Of course, this wouldn't prevent a microprobing attack, but it certainly
makes sure the security fuse hasn't been forgotten.
Ian.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list