TAMPERPROOFING OF CHIP CARDS
Abstract
There are two ways of attacking smartcards - destructive reverse engineering of the silicon circuit (including the contents of ROM), and discovering the memory contents by other means; a well equipped laboratory can do both. Persistent amateurs have often managed the latter, and may shortly be able to do the former as well.
1 Reverse engineering the chip
A recent article[1] gives a good introduction to how reverse engineering can be carried out in a moderately well equipped academic microelectronics laboratory (there are three such in the UK, and perhaps two hundred academic or industrial facilities worldwide which can carry out such work). We will start off by summarising it and giving some background.
1.1 How attacks are done
The authors of the article cited above worked at the Cambridge University microelectronics lab, which is part of the department of physics. They got interested in reverse engineering chips five years ago to help an industrial client locate manufacturing defects.
They built an apparatus which consists of a slightly modified electron beam lithography machine (this functions in effect as an electron microscope) and a PC with an image processing system (a DCT chip and locally written software). They then developed techniques for etching away a layer at a time without doing too
much damage. Conventional wet etching causes too much havoc with half micron chips, so dry etching is used in which gases such as CF4 or HF strip off layers of silica and aluminium in turn. One of their innovations is a technique to show up N and P doped layers in electron micrographs. This uses the Schottky effect: a
thin film of a metal such as gold or palladium is deposited on the chip creating a diode effect which can be seen with the electron beam.
Finally, image processing software has been developed to spot the common chip features and reduce the initially fuzzy image of the metal tracks into a clean polygon representation. There are also routines to get images of successive layers, and of adjacent parts of the chip, in register.
The system has been tested by reverse engineering the Intel 80386 and a number of other devices. The 80386 took two weeks; it takes about six instances of a given chip to get it right. The output can take the form of a mask diagram, a circuit diagram or even a list of the library cells from which the chip was constructed.
翻译软件太垃圾了!第二位哥哥不是用那个吧
来帮我翻译吧!!!!!
晶片卡片摘要TAMPERPROOFING 那里是攻击smartcards - 破坏性的反向工程硅电路(包括内容ROM), 和发现记忆内容二种方式通过其它方法; 一个很好被装备的实验室可能做两个。坚持爱好者经常处理了后者, 和也许突然能做前。 1 反向工程芯片 最近article[1 ] 给好介绍怎样反向工程可能被执行在一个适度地好的被装备的学术微电子学实验室(有三这样在英国, 和可能执行这样的工作) 的或许二百学术或工业设施全世界。我们开始将由总结它和给一些背景。 1.1 怎么攻击完成 文章的作者被援引以上工作了在剑桥大学微电子学实验室, 是物理的部门的一部分。他们得到了对反向工程芯片感兴趣五年前帮助一个工业客户查出生产缺陷。他们修造了包括一个轻微地修改过的电子束石版印刷机器的用具(这起作用实际上作为电子显微镜) 并且一台个人计算机以图象加工系统(DCT 芯片和当地书面软件) 。他们然后开发了铭刻一次层数的技术没有造成许多损害。常规湿蚀刻导致许多浩劫与半微米芯片, 因此干燥蚀刻被使用在里气体譬如CF4 或HF 剥离层数硅土和铝反之。他们的创新的当中一个是技术出现N 和P 被掺杂的层数在电子显微照片里。这使用Schottky 作用: 一种金属的薄膜譬如金子或钯被放置在芯片创造能看以电子束的二极管作用。终于, 图象加工软件被开发察觉共同的芯片特点和缩小金属轨道的最初地模糊的图象入一个干净的多角形表示法。有并且惯例得到连续层的图象, 和的芯片的毗邻部份, 在记数器里。系统由反向工程测试了英特尔80386 和一定数量的其它设备。80386 需要了二个星期; 它采取大约一块指定的芯片的六个事例得到它正确。产品可能采取面具图、电路图甚至芯片被修建图书馆细胞的名单的形式。
温馨提示:答案为网友推荐,仅供参考
第1个回答 2006-12-10
芯片卡抽象方法有两个智能卡攻击破坏了硅电路逆向工程(包括内容光碟), 并发现了用其他方法记忆的内容; 一个装备精良的实验室都可以做. 坚持业余常常后者,并可能在短期内能做到前者为好. 一月逆向工程晶片[1]最近一篇文章介绍如何让一个好逆向工程可以进行适度精良微电子学实验室(有三个这样在英国, 也许全世界200学术或工业设施,可以进行这方面的工作). 我们将首先扼要介绍,然后给一些背景. 1月1日袭击如何做上述文章的作者,任职于剑桥大学微电子实验室 其中一部分物理系. 逆向工程有兴味芯片产业五年前帮助客户寻找制造缺陷. 他们建立了一个由仪器略加修改电子束曝光机(此职能作用作为电子显微镜)和微机图象处理系统与(DCT的芯片和软件局部书面). 然后走一层蚀刻技术开发的时间做太多的损害. 传统的湿法腐蚀造成太大冲击30微米芯片 它是用干法蚀刻等如CF4混合气体或高频脱掉硅和铝层更迭. 技术创新是他们的一赏光氮和磷掺杂层的电子显微. 利用这一肖特基效果: 一薄膜或金属钯金等是存放在半导体芯片制造中可以看出效果与电子束. 最后, 图像处理软件已发展到现场共同特点,降低芯片起初模糊形象变成一个清洁的金属轨多边形代表性. 还有套路形象得到历届层、相邻地区的芯片,在册. 该系统已通过测试的英特尔80386逆向工程和其他一些设备. 80386宣读了两个星期; 约需6某一芯片取得平衡. 输出形式可以口罩图 甚至有电路图名单图书馆细胞芯片构建的.
