The present invention relates generally to data communication security with respect to integrated circuit (IC) devices and, more particularly, to a system for implementing chip lockout protection and an insertion method thereof.
Security in data communications is a major concern in each of the military, financial, and consumer sectors. Regardless of whether such communications are facilitated through wireless networks, satellite links, smartcards, (automated teller machines (ATMs) and electronic funds transfer (EFT) transaction networks, data encryption has become a necessity. Presently, the most popular and effective encryption algorithms are too computationally expensive to be implemented as software when used in embedded devices as the cost, size, and power consumption of a high-speed, general purpose processor needed for executing the algorithms is too great. Instead, hardware based custom solutions are used.
In addition, the concept of obfuscation (also referred to in the cryptographic and computer security arts as “security through obscurity”) is often relied upon along with these encryption algorithms as a means of enhancing the security benefits. This somewhat controversial technique is intended to hide the implementation of the encryption algorithm from both users and potential attackers. In other words, a system relying on security through obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that the flaws are not known, and that attackers are unlikely to find them. However, obfuscation can be difficult to ensure in hardware-based implementations due to the many techniques available for reverse engineering IP designs.
Other existing chip protection solutions utilize a simple, password based lockout mechanism in which a password is inputted to a security circuit, which in turn outputs an enable bit whenever the correct password is detected. Using the state of this enable bit, the security circuit provides a method of disabling the protected circuit. However, this feature does not prevent or provide protection from password “cracking” techniques. Accordingly, there is a need for a hardware developer to be able to protect the IP in a hardware design in an automated fashion that does not significantly impact performance, die size, power consumption, or testability of the device. Moreover, given a fixed length password, there is also a need for preventing or limiting the ability of an attacker to determine the password using high speed, automated trial and error techniques.