"Scan design called portal for hackers"

Ian Farquhar ianf at dreamscape.com.au
Thu Nov 4 00:10:19 EST 2004

At 09:30 PM 2/11/2004, Peter Gutmann wrote:
>The JTAG interface is your (that is, the reverse engineer's) friend.  This is
>why some security devices let you disconnect it using a security-fuse type
>mechanism before you ship your product.  Of course that only works if (a) the
>device allows it, (b) you remember to activate it, and (c) your attacker isn't
>sufficiently motivated/funded to use something like microprobing or a FIB
>workstation to bypass the disconnect.

I've heard comments about using laser scribes (ie. the types which used to 
be used to program fuse links on nonce-style "serial number" registers) 
being used to totally disconnect and/or destroy BIST circuitry from the 
rest of the chip in "sensitive" devices.

Of course, this wouldn't prevent a microprobing attack, but it certainly 
makes sure the security fuse hasn't been forgotten.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list