Author Topic: protection in MCU  (Read 10262 times)

0 Members and 1 Guest are viewing this topic.

Offline abyrvalg

  • Frequent Contributor
  • **
  • Posts: 395
  • Country: ru
Re: protection in MCU
« Reply #25 on: December 07, 2013, 05:38:43 pm »
not to forgot that that protection service you need to send your chip to the bad guy  |O

That's what my post was about - their protection methods are no rocket science, we had discussed them all here. So no need neither to send the chips nor to pay for that, all those things can be implemented even by a home hobbyst.

As I understand, probing full flash bus will require some 20+ micropositioner needles (data, address, control) instead of just 1+ for security bit - more expensive equipment setup, more complex work. So rather cheap and easy tinkering with programming pins can make some difference too.
 

Offline Alphatronique

  • Regular Contributor
  • *
  • Posts: 129
  • Country: ca
    • Alphatronique Inc.
Re: protection in MCU
« Reply #26 on: December 07, 2013, 06:20:48 pm »
Hi

blowing the input pin or drill into it  will not remove the rest of circuit on the die itself
still may probe before pin buffer or some were else in the logic block ,also that may damage chip and lower down the MTBF of your design ,just use knot ESD damaged part   

not to mention that it have also trick that not need to have more that 2 -3 probe
as exemple read it one bit at the time  so need to read the flash array 32 time and move to next bit of data each time for a 32 bit bus  8)

but it have also many other way to do it .. and dump code from a chip like glitch ,study current draw on every clock cycle  etc etc .... (the even not require to expose die )

so if you need protection from average joe just sand part number of every chip  and pour it into epoxy , but if you need to protect from bit bigger or motivated people you need  big artillery ..
4-5 time a year was hore a hardware security consultant by company that got clone issue
that more current that most people thing ..  now money was in soft IP not longer in PCB/SCH design

p.s. best trick was never show your stuff in a trade show if your not 100% production ready
that a fatal error ,some guy will buy one unit then copy it and mass produce it before you
during time you try to setup your prod and complete certification ...
i see it just to much often ... 
the one that win was the one that able to fill the market before it competitor ..

 

« Last Edit: December 07, 2013, 06:37:17 pm by Alphatronique »
Marc Lalonde CID.  IPC Certified PCB Designer.
Alphatroniqe inc.   www.alphatronique.com
 

Offline westfw

  • Super Contributor
  • ***
  • Posts: 3246
  • Country: us
Re: protection in MCU
« Reply #27 on: December 08, 2013, 05:17:03 am »
Quote
the one that win was the one that able to fill the market
I'm not convinced that IP theft is necessary or sufficient for this.  Perhaps if the original vendor spent more time learning how to manufacture his product, serve his market, and support his customers, and less time being paranoid, "protecting his IP", and sanding the markings off the chips in his PCB, his customers wouldn't have been "stolen."

"Can't deliver" is a MUCH deadlier sin than "your version is slightly more expensive than this no-name vendor with the same product."

I knew a guy who was selling an rs232 thermometer (for machine room monitoring), and sanding the numbers off his chips.  I mean, really?
 

Offline Alphatronique

  • Regular Contributor
  • *
  • Posts: 129
  • Country: ca
    • Alphatronique Inc.
Re: protection in MCU
« Reply #28 on: December 08, 2013, 04:23:19 pm »
Hi , not sure someone what to clone a thermometer ?    and no real IP here to

this is a example of that o talk about ,http://www.gedigitalenergy.com/MD/catalog/BMT300.htm
it take 6 year in R&D whit a team of ~10 full time staff (ING ,Physics ,math,electic etc)
so you end up whit a product that sold for price of car  ,90% of that was firmware IP
hardware was similar to a 4 x 125MHZ + 8 x 12MHz Scope ..

if company "X" what to buy 10 system  and it cost 1000$ for read from the code from the DIE
what did you think it do ...  for price of one system it may recover the code and reverse engineering the hardware    , so if gouvernement "Y" what 1000 system ?

same apply to any specialised and expensive tool  ,optic fiber ,medical ,diagnostic tool

now if you look into consumer market like cell phone ,tablet ,set-up box ,game console etc etc
on every one you will find at least one  SOC or ASIC ,ok first reason was reduce BOM cost
but that also effective protection system  like iphone that use it own in-house CPU

and finally raspberry pi it sold over 2-million unit no copy  ,again main cpu was custom

i bet that if arduino was not open source will end up whit clone instead of copy
so put it open source was also a kind of protection , you may copy it but not use name
end user knot what it have on hand ...

not forget that when some one clone a product most of the time it also a fake
so legitimate company got support\warranty call to  ,until it realise that it service
unit that it never build itself ..   and end customer was not aware that it have but a clone

so think that in any product encrypted boot-loader ,and disable jtag in software was a minimum
even for rs232 thermometer  8)   but for more aggressive mesure need to set proportionally whit unit sale price or volume of sale ..
 

Marc Lalonde CID.  IPC Certified PCB Designer.
Alphatroniqe inc.   www.alphatronique.com
 

Offline Jeroen3

  • Super Contributor
  • ***
  • Posts: 3516
  • Country: nl
  • Embedded Engineer
    • jeroen3.nl
Re: protection in MCU
« Reply #29 on: December 10, 2013, 08:36:31 pm »
There are mcu's that can run code encrypted with AES, and the key is write only by design, not accesible by bus matrix. Sometimes even dummy circuits are added around that part of otp to fool the die readers.
But AES parts come with a price and export limitations.
 

Offline Alphatronique

  • Regular Contributor
  • *
  • Posts: 129
  • Country: ca
    • Alphatronique Inc.
Re: protection in MCU
« Reply #30 on: December 20, 2013, 08:17:54 pm »
Hi

hi just grab that thesis paper from hackaday post

read encryption key only by sound of PCB ....

http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf

same was already done in past whit supply current  of cpu/micro
naturally it may also serve to dump code when combined with glitching of supply...

original post
http://hackaday.com/2013/12/20/ambient-computer-noise-leaks-your-encryption-keys/


Marc Lalonde CID.  IPC Certified PCB Designer.
Alphatroniqe inc.   www.alphatronique.com
 

Offline SArepairman

  • Frequent Contributor
  • **
  • Posts: 885
  • Country: 00
  • wannabee bit hunter
Re: protection in MCU
« Reply #31 on: January 07, 2014, 04:08:49 pm »


just give me some plane tickets and a bottle of vodka and I will "protect" your MCU  :box:
 

Offline SeanB

  • Super Contributor
  • ***
  • Posts: 15402
  • Country: za
Re: protection in MCU
« Reply #32 on: January 07, 2014, 04:45:56 pm »
Nice musical interlude there.....

Thumbs up for that!
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf