Various methods of preventing tampering with integrated circuits are known. One approach is to concentrate on the encapsulation material; for example, by adding glass particles to defeat attempts to mechanically grind away the coating. However, research has shown that any chip case can be attacked by some method (for example, acids, bases, solvents, plasma or reactive ion etch, focussed ion beam, laser or mechanical milling), and that the modification of the encapsulation to resist one of these methods tend to make it weaker against others. U.S. Pat. No. 5,369,299 discloses a tamper resistant coating in which etching the covering layer will damage the active device. U.S. Pat. No. 5,916,944 discloses a tamper resistant coating in which a reactive layer is used which will react exothermically, destroying the device beneath, when exposed to oxygen (on attack).
Another approach is to attempt to detect tampering with a chip using sensors. Once tampering is detected by the sensor, some protective action may be taken. However, whilst such approaches may protect a chip in the active state, they cannot protect a chip which is without power. In such a state, the sensors and control circuit are ineffective, and the encapsulation may be removed and any stored data may be read.
SGS-Thompson are believed to provide a protective mesh layer on the surface of their chips. Any crude attempt to penetrate the mesh results in a short circuit or break. Once such a short circuit is detected, the chip function is switched off. However, as noted, the protection is ineffective when the chip is without power. U.S. Pat. No. 5,861,662 discloses a similar technique.
A completely different approach, adopted by some smart card manufacturers, is to “scramble” the contents of the chip. For example, the Philips Visa card and the Siemens SLE66C160S bank card provide internal content scrambling (encryption) of their stored data, using an encryption/decryption unit on-board the chip.
Now, even if a “hacker” or “pirate” (these terms may be used interchangeably hereafter and denote any unauthorised individual attempting to gain access) attempts to read the data from memory in the chip, it will be scrambled; to convert the data into unencrypted or “clear text” form he must reverse engineer the encryption/decryption unit on the chip and also know the encryption key.
However, since the chip itself has to hold the encryption key in order to decrypt the data, this operation is possible for a serious hacker.
Various attacks, and techniques for defending against them, are described in “Design Principles for Tamper Resistant Smart Card Processors”, published in proceedings of the USENIX Workshop on Smart Card Technology (10–11 May 1999), and “Low cost attacks on tamper resistant devices”, Security Protocols 5th International Workshop Proceedings, 1997 p125–136.