[16401] in cryptography@c2.net mail archive
Re: "Scan design called portal for hackers"
daemon@ATHENA.MIT.EDU (Ian Farquhar)
Thu Nov 4 17:36:31 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 04 Nov 2004 16:10:19 +1100
To: pgut001@cs.auckland.ac.nz (Peter Gutmann),
cryptography@metzdowd.com, dahonig@cox.net
From: Ian Farquhar <ianf@dreamscape.com.au>
Cc: cypherpunks@al-qaeda.com
In-Reply-To: <E1COvvw-0008Tz-00@medusa01>
At 09:30 PM 2/11/2004, Peter Gutmann wrote:
>The JTAG interface is your (that is, the reverse engineer's) friend. This is
>why some security devices let you disconnect it using a security-fuse type
>mechanism before you ship your product. Of course that only works if (a) the
>device allows it, (b) you remember to activate it, and (c) your attacker isn't
>sufficiently motivated/funded to use something like microprobing or a FIB
>workstation to bypass the disconnect.
I've heard comments about using laser scribes (ie. the types which used to
be used to program fuse links on nonce-style "serial number" registers)
being used to totally disconnect and/or destroy BIST circuitry from the
rest of the chip in "sensitive" devices.
Of course, this wouldn't prevent a microprobing attack, but it certainly
makes sure the security fuse hasn't been forgotten.
Ian.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
