"Scan design called portal for hackers"

Ian Farquhar ianf at dreamscape.com.au
Thu Nov 4 00:10:19 EST 2004


At 09:30 PM 2/11/2004, Peter Gutmann wrote:
>The JTAG interface is your (that is, the reverse engineer's) friend.  This is
>why some security devices let you disconnect it using a security-fuse type
>mechanism before you ship your product.  Of course that only works if (a) the
>device allows it, (b) you remember to activate it, and (c) your attacker isn't
>sufficiently motivated/funded to use something like microprobing or a FIB
>workstation to bypass the disconnect.

I've heard comments about using laser scribes (ie. the types which used to 
be used to program fuse links on nonce-style "serial number" registers) 
being used to totally disconnect and/or destroy BIST circuitry from the 
rest of the chip in "sensitive" devices.

Of course, this wouldn't prevent a microprobing attack, but it certainly 
makes sure the security fuse hasn't been forgotten.

Ian. 



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list