Enhanced Security through FLASH technology

1
Enhanced Security through FLASH technology

• Pertaining to
• Theseus microprocessors

2
Flash is inherently more secure than ROM

• Flash
• data stored as electrical charge
• presence of electrons nearly impossible to detect
• attempts to read will destroy data

ROM data stored as physical pattern
physical connections can be easily seen

• ROM can be physically reverse-engineered

3
Manufacturing process security improved with Flash

• Flash
• Code loaded during personalization
• Code never leaves smart card manufacturer
• Total flexibility, rapid changes at low cost

• ROM
• Code loaded during silicon manufacture
• Software provided to third party as mask
• Changes are slow, inflexible and expensive

4
System security improved through in-field upgrades

• Hacker learns code addressing !
• Physical locations of code can be changed
• Fraudulent attempts discover weak-spot ! ! !
• New code is written to counter-act this and
  software changed overnight

5
Common Attacks

• Manipulate Input Parameters
• Fluctuate voltage and frequency outside chip
  specifications
• Get chip to enter unstable state, extract
  information
• Reverse Engineering
• Back-grind silicon to read physical masked ROM
  code
• Probe data bus lines to read information
• Differential Power Attack (DPA)
• Measure current consumption of chip by measuring
  clock signal
• Able to extract secret-key by analyzing repeating
  current patterns

6
Theseus Protection

• Manipulate Input Parameters
• On-Chip Oscillator prevents frequency tampering
• On-Chip Voltage Regulator prevents external
  manipulation
• Reverse Engineering
• Code stored in floating gate transistor, attempts
  to read data destroys the data
• Presence of electrons nearly impossible to detect
• Glue logic, data bus scrambling makes probing
  extremely difficult
• Differential Power Attack (DPA)
• On-Chip Voltage Regulator smooths out current
  consumption
• On-Chip Oscillator can prevent extraction of
  internal clock signal, preventing DPA

TNO EIB (Netherlands) security commendation
7
TNO EIB evaluation

• Control logic and the processor core with the
  common data bus are comprised in the glue logic
  of the deviceand can therefore not be located.
• Without FIB modifications it is not likely to
  probe a group of data lines without damaging the
  device.
• The presence of a built-in asynchronous clock
  makes analysis in principle more difficult.
• Manipulation of the supply voltage to influence
  normal operation of the chip did not lead to
  undesired behaviour.
• No possibilities have been found for external
  manipulation of the chip in such a way, that the
  internally stored information can be read out or
  manipulated from the outside.
• The use of non-volatile memory for storage of
  the application program prevents an attack by
  optical ROM analysis.

From the investigation it can be concluded that
security has been one of the primary design
goals.
8
There are many technologies called Flash

• Theseus microprocessors use
• Split Gate cell reduced size, no over-erase
• Field-Enhanced Tunneling through thick oxide for
  Erase more reliable, better retention
• Source Side Injection for Programming more
  efficient, lower currents

Chosen specifically to target smart card
applications