According to the Department of Commerce of the United States of America, all secure cryptographic application are classified according to one of four possible levels listed in the technical specification untitled “Security requirements for cryptographic modules” published in the Federal Information Processing Standards FIPS PUB 140-2 by the national Institute of Standards and Technology (NIST). This standard specifies the security requirements that must be satisfied by a cryptographic module to be utilized within a security system, protecting sensitive but unclassified information. The standard provides four increasing qualitative levels of security that are intended to cover a wide range of potential applications and environments in which cryptographic modules may be used.
Electronic packages to be used for FIPS certified applications have a very important function beyond the classical mechanical protection for the embedded semiconductor devices. They ultimately need to maintain the security of the cryptographic keys and algorithm stored within the module. One of the requirement of the highest level of security (FIPS 140 level 4) is the capability to detect and respond to physical intrusion attempts. Such security is provided, in particular, by using tamper proof layers avoiding the undetected penetration of microprobes that can be used to read information from outside of the secure boundaries of the electronic package.
Basically, tamper proof layers comprise a sequence of layers with a combination of different techniques and properties to allow detection by an electronic monitoring system of tamper attempts. When such event is sensed, a security system disables the module, clearing all sensitive information stored in a volatile memory within the electronic package. From the security point of view, the tamper attempts are detected when circuits change their electrical properties from a previous balanced and characterized level. These protection layers are capable of preventing the creation of holes, to introduce electrical microprobes, made by any kind of technique such as micro-drilling with ceramic drills or laser and selective layer ablation. They are also made difficult to work with, for example due to intrinsic material/layer fragility when tampered (very low thickness, brittle layers, not solderable) such as to prevent shunting of the electrical circuit.
To preserve and to extend the life of the battery back-ups, these circuits are preferably made of highly resistive conductive materials drawing low current versus the utilization of low ohmic conductive lines.
The engineering of these electronic packages can drive to solutions where several of the manufacturing steps can be updated to include features that, from the security point of view, are relevant in meeting specifics anti-tampering needs.
The secure module definition i.e., the structure of the implemented layers, is taking advantage of the different possible combinations of stacking these layers for meeting the different levels of security for more generic commercial applications beyond the FIPS requirements.
FIG. 1 illustrates an example of tamper proof layers combined with a printed circuit board. As shown, the whole electronic package 100 comprises a Printed Circuit Board (PCB) 105 carrying electronic devices or chips. For sake of illustration PCB 105 carries chips 110-1 and 110-2, a volatile memory 115 wherein sensitive information is stored, and a battery 120. PCB 105 is insulated by a dielectric layer 125 on top of which conductive tracks 135 can be designed in conductive layer 130. Likewise, conductive layer 130 is insulated by a dielectric layer 140 on top of which conductive tracks 150 can be designed in conductive layer 145. Conductive layer 145 is protected by the dielectric layer 155. According to this system, a short is established between conductive tracks 135 and 150 when inserting a conductive microprobe in a hole drilled in layers 155 to 125, as depicted by arrows 160. The use of wires 165-1 and 165-2, combined with battery 120, allows to reset volatile memory 115 so as to erase sensitive information contained therein.
However, if the system described by reference to FIG. 1 is adapted to detect shorts created between conductive tracks 135 and 150 when using conductive drills or microprobes, it can not detect a tamper attempt done with insulated tools. To detect such attempt, the conductive tracks 135 and 150 are generally very small in dimensions (line width and gaps between lines) and designed according to schemes similar to the one presented on FIG. 2 wherein an open can be easily detected.
The tamper layers as described above are efficient but are very expensive and cumbersome to produce. For example, a current application consists of a Peripheral Component Interconnect (PCI) card placed into a pair of copper covers that are then riveted together and gift-wrapped with a polymer film that carries a pattern of carbon ink defining a resistive network on its two sides. Once the film is placed all around, the package is placed into an Aluminum box, open on one side, and the whole assembly is then potted with a polyurethane resin. From the formed ‘brick’, only a flat cable is exiting to establish the electrical connection with the system's electronic.
False calls during the manufacturing operations and in the field show the limits of the current solution. The erasing of the cryptographic code causes the replacement of units at customer's sites. Furthermore, such solution presents several drawbacks such as bowing, that has been identified as one of the effects responsible for false tamper calls. There are few mechanism that can trigger the bowing of the secure package that at the end tears, breaks or rips the resistive carbon traces off from their flexible support.
A) The resin potting of the wrapped and the riveted covers, containing the card, creates a multi-materials combination with mutually induced effects on their own different physical properties, such as coefficient of thermal expansion (CTE), Young's or elastic module, Poisson's ratio and other physical properties. As all electronic products the functioning of the electronics will generate heat and consequently materials expansion that consequently will start applying various kind of stress to the package. One of higher concern is localized bowing that causes elongation and eventually failure of the highly resistive tracks of the secure mesh triggering a tamper-sensing.
B) the same mechanism of point (A) gets worsened with the possible presence of moisture. As all the plastic electronic packages using plastic polymers sealing that is not moisture proof, moisture is absorbed by the polymer in time, and gets desorbed with thermal cycles. Desorption is increasing the availability of water within a constrained air pockets. Rapid thermal cycle may generate steam, creating condition for sudden and localized formation of high pressure steam, this is also known as “Pop corn” effect, i.e. Inside air bubbles within the potting polymer, that trigger localized pressure/expansion of the material.
C) Along the same line of physics laws, another interesting effect is in the shipping procedures with transits or legs of journey in low pressure environment, like an airplane cargo where the outside depressurized environment poses a challenge in the shipping procedures. The polymer film with exposed resistive traces show limits during handling and the gift-wrapping of the box. The resulting lines abrasion breaks the resistive network. The resistive matrix folded around the box is using an electrically conductive isotropic adhesive that shows temperature dependencies and batch to batch performance changes.
Thus, there is a need to remedy the shortcomings of the prior art as described here above.