Circuits and in particular integrated circuits which comprise processing unit and storage units are widely used, in particular in portable devices like bank or credit cards, identity cards, SIM card used in mobile telephone. Such portable devices generally enables a user to access to particular services or confidential data through electronic transaction (payment, identification, building access, use of telecommunication network . . . ) after a successful authentication proceeding. The authentication process is generally based on security related software means, cryptographic algorithms and also secret keys and confidential data stored and processed in the integrated circuit, or hardware means present in the integrated circuit. In the case of portable devices like smart-cards, hackers are interested in obtaining information regarding the functioning of the integrated circuits in order to manufacture cloned smart-cards and/or to fraudulently benefit of services for which they do not have the right. Such information can be obtained by studying the integrated circuits either passively or destructively or both.
Current circulating in the wires of an integrated circuit are creating magnetic fields in a frequency range between low frequencies (Hz range) to high frequencies (GHz range) depending on the current frequency. Local detection of these magnetic fields by a magnetic sensor is a direct measurement of circulating currents and hence of the local activity of an electrical device.
The use of a commercial hard disk reading head allows measuring directly the activity of particular subsystem constituting a part of an integrated circuit.
The use of such a measurement apparatus can be combined with mechanical or chemical abrasion and/or electromagnetic attack (EMA) in order to collect particular information. An EMA is based on the irradiation of the integrated circuit by electromagnetic waves, such as visible light, UV and near IR. The EMA is creating pairs (electron, hole) jumping the electronic gap up to the conducting level which can modify or substantially disturb the normal functioning of an integrated circuit.
The integrated circuit back side is particularly threatened because of the development of new integrated circuit debugging tools allowing working with high accuracy by modifying the integrated circuit, picking information using the IR transmission band in bulk silicon.
Smart-card standards impose to set-up protection against hardware attack through mask sensitive surfaces to optical inspection, probing and perturbations. The attack can be a mechanical attack during which the generator and/or the magnetic sensor are damaged. The attack can also be an electromagnetic attack for perturbing or spying the functioning of the circuit.
In order to prevent such intrusion or reading, it is known to use protective layers. In particular, magnetic shielding can be used to block radio and hyper-frequencies emissions of the integrated circuit. Further, metallic layers can be used to avoid light transmission to the integrated circuit. However, even with an extensive use of such type of hard layers, the variety of etching processes available today enables hackers to remove these protective layers and to access to the information stored in the integrated circuit by the above described means.
It is known to passively protect the integrated circuit.
In particular, WO 9912204 describes a device with security integrated circuit. The device comprises a mechanical layer attached on the active face of an integrated circuit. The back side of the integrated circuit is thinned in order to limit the physical attacks intended to access the integrated circuit surface. The mechanical layer constitutes a cover, i.e. a physical protection against attacks allowing pushing forward the electromagnetic radiation sensor from the integrated circuit surface and/or enabling to absorb the incoming light. The hacker sensor means can only be positioned far from the integrated circuit surface to accurately pick up signal that occurs on interesting working areas during integrated circuit functioning. However, the integrated circuit global emission may be read.
WO 0024058 relates to an integrated circuit chip secured against the action of electromagnetic radiation. A physical protection consisting in a complementary layer attached to the active face of the integrated circuit, the complementary layer being doped with Silicon doping element. Additionally, a metallic layer and irregularities on its surface can be added to enhance the physical protection.
WO 0063836 describes a cap for protecting an integrated circuit against physical attacks intending to access the layer of active semiconductor material of the integrated circuit by a controlled destruction of the cap protecting the active layer. However, it is still possible to grind this cap and removed it. Further, this protection is passive and does not guarantee an intrusive action from the back side.
It is also known to settle an active survey of hardware hacking by adding complex layers electrically connected to the integrated circuit.
In particular, WO 9616378 describes a security device comprising two chips stacked and interconnected face to face. The security device consists in erasing the secret information stored in one of the chips in the case of breaking or perturbation of the connection between the two chips. Such a device only guarantees a limited access to the layer of active semiconductor material while not giving any protection against electromagnetism reading.