A. Technical Field
The present invention relates generally to an integrated circuit, and more particularly, to systems, devices and methods of incorporating a tamper detection countermeasure into a security ASIC to deter physical attacks. The tamper detection countermeasure architects an active mesh to cover a sensitive area in the security ASIC, and the active mesh is driven or configured by time-varying codes such that an adversary may not easily bypass the active mesh and attack the sensitive area.
B. Background of the Invention
An application specific integrated circuit (ASIC) may be used to process, store and communicate sensitive data in security-sensitive applications that involve trusted operations on valuable assets. This sensitive data may include account numbers, access codes, private information, financial transactions/balances, rights management, metering data (e.g., energy, units), confidential program algorithms and other information. To date, this type of security ASICs has been applied in a wide variety of applications, such as electronic banking, commercial transactions, and pay-TV access control, consumable authentication or any application that requires protection of sensitive data.
A thief or adversary may attempt to gain access to the sensitive data in the security ASIC through tampering sensitive areas within the ASIC. In order to deter these tampering attempts, the sensitive areas are either selectively covered by a shielding layers of metal, or contained within a shielding package that encloses the entire ASIC. The adversary has to probe through the shielding layer or package to gain unauthorized access to the sensitive areas and data.
In a conventional security ASIC, the shielding layer is configured as a network of conductive traces that covers the sensitive areas. Each of these traces has two end nodes, and one of the nodes is driven by a static logic level (e.g., high or low), while the other is monitored by a sense circuit. When the detected level is inconsistent with the static logic level, the trace is broken to open or is shorted to another trace, and thus, a physical attack is detected on the shielding layer.
However, the above tamper detection countermeasure only detects opens or shorts of the conductive traces in the shielding layer by monitoring the static logic level. This countermeasure is easy to defeat using a focused ion beam (FIB) machine in conjunction with invasive probing. When an adversary applies the FIB machine to probe the trace, the static logic level on each trace may be traced & deciphered, and thereafter, the adversary may apply the static logic level directly on the end node for sensing to bypass the conductive trace. More straightforwardly, the adversary may even short two ends of the trace to circumvent this countermeasure. As hacking techniques get increasingly sophisticated, such a simple countermeasure cannot be used to effectively deter tampering attempts. As a result, competitive tamper detection countermeasures are needed at a relatively low cost to prevent unauthorized accesses to a security ASIC, and particularly, to those involved in lucrative transactions.