PostHeaderIcon Clone IC firmware

Another possible IC firmware clone uses current analysis. We can measure with an analog-to-digital converter the fluctuations in the current consumed by the device. Drivers on the address and data bus often consist of up to a dozen parallel inverters per bit, each driving a large capacitive load. They cause a significant power-supply short circuit during any transition. Changing a single bus line from ‘0’ to ‘1’ or vice versa can contribute in the order of 0.5–1mA to the drain current right after the clock edge. So a 12-bit ADC is sufficient to estimate the number of bus bits that change at anyone time. SRAM write operations often generate the strongest signals.

Another possible threat to secure devices is data remanence. This is the capability of volatile memory to retain information for some time after power is disconnected. Static RAM storing the same key for a long period of time can reveal it on next power on. Another possibility is to ‘freeze’ the memory by applying low temperature. In this case, static RAM can retain information for enough time to get access to the memory chip and read its contents. Data remanence can take place in non-volatile memories as well; the residual charge left on a floating gate transistor may be detected. For example, it could affect a threshold level or time-switching characteristics.

Comments are closed.