Storage devices may be employed in various secure applications to store protected data. For example, a semiconductor memory circuit may be used in a smart card, set-top box, Subscriber Identity Module (SIM) card or banking card to store user identification information, account information, device preference information or electronic payment authorization information.
Because of the potential value of protected data stored in a storage device, hackers may employ various invasive and noninvasive techniques to access or corrupt the protected data. For example, a hacker may grind off a portion of the storage device packaging in order to access internal signals and bypass security measures that may be in place. As another example, a hacker may subject the storage device to various kinds of radiation (e.g., laser light directed to exposed internal circuits or x-ray or gamma radiation directed through packaging) in an attempt to corrupt protected data. In some devices, corruption of protected data at certain locations in the device may cause the device to bypass security measures (e.g., encryption algorithms) or to yield information to the hacker regarding device architecture or the protected data itself.
A hacker may also employ non-invasive, or “side channel” attacks to discover functional details of a storage device. In particular, a hacker may observe various aspects of the device in operation, and apply statistical analysis to the observed aspects to deduce operational details of the device or to extract sensitive information (e.g., encryption or decryption keys). For example, the hacker may use differential power analysis (DPA) to analyze power consumption during device operations. Since the power consumption may be directly related to particular operations, the hacker may be able to deduce, for example, particular bits of a key used in a decryption algorithm, by observing many instances of a particular operation and applying statistical analysis to the observations. Similarly, a hacker may employ electromagnetic analysis (EMA) to monitor radiation output of a device during particular operations; statistical analysis of the radiation may also reveal sensitive information. A hacker may also analyze timing between variations in power consumption or electromagnetic radiation to identify times at which key operations of known algorithms (e.g., encryption or decryption algorithms) are performed.
Once a hacker has extracted sensitive information from a device, the hacker may use the sensitive information for various nefarious purposes. For example, the hacker may obtain pay-per-view or video-on-demand services using another user's account; the hacker may access telecommunication services that are billed to another user; the hacker may steal another user's bank account funds; the hacker may steal another's identity; etc.