[NIIBE Yutaka] STM32F103 flash ROM read-out service

NdK ndk.clanbo at gmail.com
Thu Jun 7 14:16:22 CEST 2018

Il 07/06/2018 02:01, Leo Gaspard via Gnupg-users ha scritto:

>> The only secure (even against decapping attacks) device I know of is a
>> very old parallel-port "key" a friend described me ~25y ago.
>> It was made of 3 silicon layers: the outer ones only contained interface
>> circuits and 'randomness' while the keys and the logic were in the
>> central layer. Trying to remove the outer layers destroyed the random
>> patterns that were used as 'internal master key', rendering the rest
>> completely useless.
> Some people do reverse-engineering based on photons emitted by
> transistors switching. These would get through this shielding.
> Unfortunately, I can't find again the link to the conference talk where
> I heard people explaining they did that… sorry.
I think I've seen it. But IIRC it does not work with such a big slice
(whole depth of the silicon slice, ~200micron IIRC).
But now that you made me think about it, I remember I've seen another
article where the attack was carried out from "behind" the chip.

> Another kind of attack would be EM pulses / lasers for error-ing a
> crypto computation, that would get through this shielding too.
Fault-injection. But for cheap chips it's probably way easier to "just"
use FIB (or a laser) to change the state of the protection fluses
(usually just normal flash cells) then read the whole contents.

> There are defenses against these attacks (well, for the
> transistors-emitting-photons attack I'm not really sure), that are
> deployed in secure elements. Attacks like this are tested by CC/EAL
> evaluation laboratories.
Hope so :)
But I stay cautious when trusting certification. See the ROCA
vulnerability in Infineon "secure" (smartcard) chips.

> All that to say: hardware security, to me, is a way to increase the cost
> of the attacker to perform an attack. All devices are eventually
> vulnerable, given the right price, the point is to make attack more
> costly than the benefit from breaking the card and/or than finding a way
> around the card. (I'm not going to extend this point to software
> security, but I'd think it most likely holds there too)
Then, instead of "this chip is secure" they should just say "this chip
can be cracked spending X in equipement (una tantum) and Y for every
chip"... Marketing would never allow that :)

> Oh, and also to say: choosing between a non-secure-element open-source
> token and a secure-element NDA-ed-and-thus-non-open-source token is not
> an obvious choice.
As always it depends on the attack scenario.
GnuK IIUC targets all those users who think a targeted attack is quite
improbable or that rubber-hose cryptanalysis is end of game.
If I know that extracting my key from the token costs $500, then I can
choose what to do. But with a non-secure and open chip it's easier to
estimate that cost (being easier and cheaper, it's more probable it gets
used in universities by security students for their first attacks,
usually the most fantasious ones). Quite surely it will be lower than
the cost of attacking a secure chip, but probably by not that much.


More information about the Gnupg-users mailing list