According to the Department of Commerce of the United States of America, secure cryptographic applications are classified according to one of four possible levels listed in the technical specification entitled “Security requirements for cryptographic modules”, published in the Federal Information Processing Standards (FIPS) publication PUB 140-2 by the National Institute of Standards and Technology (NIST). This standard specifies the security requirements that must be satisfied by a cryptographic module intended to be utilized within a security system, protecting sensitive but unclassified information. The standard provides four increasing qualitative levels of security (“Level 1”, “Level 2”, “Level 3” and “Level 4”) that are intended to cover a wide range of potential applications and environments in which cryptographic modules may be used.
Packages for electronic modules to be used for FIPS-certified cryptographic applications have a very important function beyond the classical mechanical protection function for the embedded semiconductor devices. They ultimately need to ensure the security and secrecy of the cryptographic keys and algorithm stored within the electronic module.
One of the requirements of the highest level of security (Level 4) of the FIPS PUB 140-2 standard is the capability to detect and respond to physical intrusion attempts. Such security is provided, in particular, by using tamper-proof structures or protection structures, that should be adapted to prevent the undetected penetration into the electronic module of microprobes that can be used to fraudulently read information from outside of the secure boundaries of the electronic module package.
Basically, tamper-proof structures comprise a sequence of tamper-proof layers, possibly formed with a combination of different techniques and having similar or different properties, adapted to allow detection of tamper attempts by an electronic monitoring system. When such an event is sensed, a security control system disables the module, clearing all sensitive information stored in a (e.g., volatile) memory within the electronic module housed within the package.
Tamper-proof structures may for example be associated with Printed Circuit Boards (PCBs) and PCB stack-ups, Single-Chip Modules (SCMs), Multi-Chip Modules (MCMs), semiconductor devices and Integrated Circuits (ICs), Micro Electro-Mechanical Systems (MEMS) and Micro Opto-Electro-Mechanical Systems (MOEMS), just to cite a few.
From the security point of view, the tamper-proof structures implement electrical circuits, and the tamper attempts are detected when the circuits change their electrical properties departing from a balanced and characterized level; the change in the electrical properties is typically caused by an electrical short circuit or open circuit. The tamper-proof structures are capable of preventing the creation of holes, aimed at introducing electrical microprobes, made by techniques such as micro-drilling with ceramic drills or laser and selective layer ablation. The tamper-proof layers may also be designed in such a way that it is difficult to work with them, for example due to intrinsic material/layer fragility when tampered (very low thickness, brittle layers, not solderable), so as to prevent shunting of the electrical circuit.
In order to limit the power consumption of the electronic modules, for example to preserve and to extend the life of the battery back-ups, the circuits implemented by the tamper-proof structures are preferably made of highly resistive conductive materials, sinking low currents; the use of low resistance conductive lines, which would sustain relatively high currents, would indeed cause a fast draining of the batteries forming the power supply of the electronic module.
The construction of these kinds of secure electronic modules can exploit several manufacturing steps normally available to some manufacturers, which can be tuned or updated so as to define the special features that are relevant in meeting specifics security needs.
The construction of the tamper-proof structures takes advantage of the different possible combinations of stacking of several tamper-proof layers for meeting the different levels of security for more generic commercial applications beyond the FIPS requirements.
A conventional approach to create a tamper-proof structure for an electronic module calls for implementing long linear circuits, in the form of conductive traces, having different directions (usually placed orthogonally to each other) formed in two or more different overlapping layers; in this way, a sort of fence is created over the electronic module, or part thereof, to be protected. Such tamper proof layers are for example described in the published U.S. patent application US-A-2006/0086534.
For example, FIG. 1 pictorially shows a tamper proof layer combined with a PCB. An electronic module package, denoted 100 as a whole, comprises a PCB 105 carrying electronic devices or chips 110-1 and 110-2, a volatile memory 115 wherein sensitive information to be protected against fraudulent tampering is stored, and a battery 120. The PCB 105 is insulated by a dielectric layer 125, on top of which conductive tracks 135 are formed in a conductive layer 130. Likewise, the conductive layer 130 is insulated by a dielectric layer 140, on top of which conductive tracks 150 are formed in a conductive layer 145. The conductive layer 145 is protected by the dielectric layer 155. According to this system, an electrical short-circuit is established between the conductive tracks 135 and 150 when inserting a conductive microprobe in a hole drilled into the layers 155 to 125, as depicted by arrows 160. The use of wires 165-1 and 165-2, combined with battery 120, allows to reset the volatile memory 115 when the short-circuit occurs, so as to erase sensitive information contained therein.
In order to detect a tamper attempt done with insulated tools, the conductive tracks 135 and 150 are generally very small in dimensions (line width and gaps between lines) and designed according to schemes similar to the one presented in FIG. 2, wherein an open circuit can be detected.
In the above-cited US-A-2006/0086534, it is stated that improvements in the security level are obtained in creating a non-predictable pattern of the secure tamper matrix, such as even if a localized analysis is done, it cannot effectively predict the pattern in a nearby area as well. To this purpose, changes in direction of the line pattern deviating from repetitive and constant pattern configurations are proposed, as illustrated in FIG. 5 of the cited document, wherein two close-by lines are part of the same net but in very distant positions from the resistive value.