[16397] in cryptography@c2.net mail archive
Re: "Scan design called portal for hackers"
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Tue Nov 2 17:26:29 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@metzdowd.com, dahonig@cox.net
Cc: cypherpunks@al-qaeda.com
In-Reply-To: <3.0.5.32.20041028232133.00867a30@pop.west.cox.net>
Date: Tue, 02 Nov 2004 23:30:36 +1300
David Honig <dahonig@cox.net> writes:
>EETimes 25 Oct 04 has an article about how the testing structures on ICs
>makes them vulnerable to attacks.
A link (http://www.eetimes.com/showArticle.jhtml?articleID=51200146) would
have been useful...
>The basic idea is that to test a chip, you need to see inside it; this can
>also reveal crypto details (e.g., keys) which compromise the chip.
The JTAG interface is your (that is, the reverse engineer's) friend. This is
why some security devices let you disconnect it using a security-fuse type
mechanism before you ship your product. Of course that only works if (a) the
device allows it, (b) you remember to activate it, and (c) your attacker isn't
sufficiently motivated/funded to use something like microprobing or a FIB
workstation to bypass the disconnect.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
