Professional Documents
Culture Documents
In CMOS
In CMOS
In CMOS
_1.ll
lll Raising the Bar for Hardware Security:
Physical Layer Security in Standard CMOS
Introduction
As the sophistication of attacks on secured systems extends to the international electronic borders, there exists
an increased need for enhanced physical layer security in silicon in order to protect sensitive information such
as encryption keys used in most security systems. With hardware security as one of the new primary
requirements for many, if not most, system architectures, new questions are being asked of various memory
technologies in order to prohibit the reverse engineering or break down of the overall system for the life of that
security system, standard, and/or protocol.
One of the most relevant questions to the topic of hardware security is, "How physically secure is the
underlying memory technology?" Equally important is the question of securing sensitive encryption keys
throughout the manufacturing process. These two hardware security factors are important since encryption is
only as robust as the ability for any encryption based system to keep the encryption key hidden.
A new embedded permanent memory technology based on a standard logic CMOS antifuse provides
unprecedented physical layer security for security applications such as HDCP (High bandwidth Digital Content
Protection) and AACS (Advanced Access Content System), both of which require unique encryption keys for
each hardware device. While these are commercial security standards used to protect digital media in the
consumer marketplace, the same principals apply to the public sector. A CMOS logic antifuse technology,
developed and patented by Kilopass, when combined with a robust key distribution, tracking, and management
system, tailored for semiconductor manufacturing, provides end-to-end security for sensitive encryption keys
from the author or originator of the encryption key through to the end product.
SKU
Eri'ryptio6Key
-E-
2 A Cryptanalysis of the High-bandwidth Digital Content Protection System -- Scott Crosby, Ian Goldberg,
Robert Johnson, Dawn Song, and David Wagner; Carnegie-Mellon University, Zero Knowledge Systems, and
University of California at Berkeley.
265
maintain security for the hardware system or device. The nature of consumer hardware products is such that it
is difficult to assure possession of each hardware device or system by a trusted person.
For those involved in hardware security or attacks on hardware security, traditional methods of attack include
the following methods:
1. Passive Attacks
* Glitching
* Power Analysis
* Data Permanence
2. Semi-Invasive Attacks
* UV Attacks
* Microscopy
* Fault Injection
* Voltage Contrast
* Magnetic Scan
3. Invasive Attacks
* Chip Modification
* Micro-probing
* Reverse-engineering
* Rear-side Approach
While designing for system level security may protect against many of these various forms of attack, there are
a number of attacks at the device level that are more difficult to defend. De-processing of the device,
microscopy, and side-channel attacks (such as power analysis) are sure methods for most hackers. Those
with a higher degree of sophistication may resort to Voltage Contrast and Magnetic Scan, leaving invasive
forms of attack for those with the highest levels of sophistication and budgets.
As indicated in Figure 3, due to the nature of Kilopass' patented CMOS Logic Antifuse or Extra Permanent
Memory (XPM) bit cell, the checker board pattern used to program the devices used in all three photographs
above do not show up under physical3 or electrical4 observation. This is due to the inherently small size of
physical changes that occur to the CMOS transistor's gate oxide when programmed from its original "0" state
to a programmed "1" state. Since the oxide break-down (antifuse) occurs in a random location within a
bounded enclosure, and is extremely small, the state of the bit cell stays well hidden in the CMOS antifuse's
silicon atoms. Likewise, because there is no charge stored as with Flash, EPROM, or E2PROM technologies,
there is no charge to externally detect as a "1" state.
Most security experts highly prefer OTP memory technologies. This is due to the fact that state changes or
programming "0"s to "1Is are destructive, as is the case with XPM. This may be used at the system level to
prohibit tampering as well as to protect against side channel attacks and glitching.
Cross Section (top) and Top View (middle) represent TEM/SEM and a de-processed XPM cell, respectively.
FIB Voltage Contrast (bottom) represents the top view using this method of observation with only metal vias
showing.
266
Figure 3. Lack of Physical Observe-ability of XPM Bit Cell State
This level of physical layer security at the non-volatile memory device level is unique to antifuse based
technologies such as Kilopass' proprietary XPM technology.
267
Figure 4. Securing Encryption Keys in Semiconductor Mfg. Supply Chain
The combination of Certicom KeylnjectTm and XPM XtendTM for the secure key manufacturing, management,
and tracking of devices with embedded encryption keys defends against key exposure and any liabilities
assumed through the licensing of industry standard keys. Security keys are encrypted by Keylnject and
communicated through secure server technology within the semiconductor manufacturer's supply chain. The
XPM Xtend embedded IP decrypts sensitive information for processing by device that contains the XPM Xtend
IP. All keys are tracked and managed for auditing by the manufacturer or Certificate Authority as needed.
Summary
For hardware security, these combined technologies provide an effective solution for both hardware security
imperatives. While legal protections may protect sensitive information and IP, as experienced with the DVD
case, the rapidly expanding global nature of technology raises the bar for security requirements by chip
manufactures. As the importance of hardware security increases with high worth liabilities and broken security
costs on both the chip manufacturers' side as well as with their customers, an effective technology based
solution to this problem is needed.
The proprietary CMOS Logic Antifuse technology provided by Kilopass' XPM IP provides unprecedented
physical layer security for embedded encryption keys. For the secure manufacturing of devices with
embedded encryption keys, Certicom KeylnjectTm and XPM XtendTM provide end-to-end security throughout a
chip manufacturer's supply chain.
© 2008 Kilopass Technology Inc. All rights reserved. XPM, the Kilopass name and the Kilopass logo are registered trademarks.
Certicom, Certicom Keyinject, and Keyinject are all registered trademarks of Certicom Corp. All other trademarks and registered
trademarks are the property of their respective owners.
268