Security chips (sometimes referred to as security integrated circuits) are used in many products where assets need to be protected. These assets include information, personal details, value (typically monetary), data transmissions and access rights. The assets are protected by various defensive means, each designed to foil attacks on the chip and its assets.
Recently, fault induction attacks on the operation of chips, including differential fault analysis (DFA), have been gaining prominence. A fault induction attack is an attack where the chip is forced to make an error in an operation. Some errors that a chip can be forced to make can be exploited to reveal secret information and the attack is then successful.
A typical fault induction attack uses a flash or pulse of light (e.g. from a pulsed laser) aimed at a small section of the circuit with the aim of disrupting some function, calculation or other operation of the chip. The laser pulse is aimed at a precise location on the chip and within a specific time period during the chip operation. It is speculated that the light pulse causes the CMOS gates in the chip circuit to have an indeterminate output for any determined input. This indeterminate output might, for example, make a branching instruction take the wrong branch, leading to the execution of the wrong software. This incorrect execution might then be exploited to reveal secret information (sensitive data) or to bypass authorisation checks, for example.
One of the main defences against attacks such as those described above is the use of a passive shield.
Passive shields are large flat areas of metal over all or part of the chip circuit and are designed to prevent viewing and probing and make attacks more time consuming. Passive shields are often made from an upper layer of metal interconnects in a multi-layer circuit.