The present invention generally relates to integrated circuits, and more particularly, to a system for preventing tampering of an integrated circuit.
Integrated circuits (ICs), such as those used in set-top boxes, engine control units (ECUs), and cryptographic systems, often store sensitive information including personal data, financial transaction authorization codes, security passwords, and secure session keys, and thus are prone to unauthorized access. A known technique to gain access to information stored in an IC is micro-probing. Micro-probing involves forming an electrical contact with the IC by placing fine-tipped probe needles directly on the point of interest of the IC, or on an area of the IC to which the point of interest is connected. The probe needles are held by a micro-manipulator that is controlled to precisely land the probe needle on the IC.
To protect ICs from micro-probing, static wire meshes have been designed that are placed close to the ICs. In a static wire mesh, first and second wires are respectively connected to power and ground, laid out in a mesh pattern, and monitored by a tamper detection module, which detects if either of the wires is broken, which it takes as an indication of an unauthorized attempt to probe the integrated circuit. For example, contact of the a probe needle with either of the wires causes corresponding tampering lines to be activated, which in turn sets off a self-erase sequence that erases the sensitive information in the IC.
Certain ways have been devised to bypass the static wire mesh in order to probe the integrated circuit, so active wire meshes have been deployed, where a serial bit stream is run through wires that form a mesh. It is much more difficult to compromise an active wire mesh. Even so, it would be advantageous to have a more robust circuit protection system.
The following detailed description of the preferred embodiments of the present invention will be better understood when read in conjunction with the appended drawings. The present invention is illustrated by way of example, and not limited by the accompanying figures, in which like references indicate similar elements. As will be understood by those of skill in the art, the drawings are not to scale in order to highlight certain features of the invention.
The detailed description of the appended drawings is intended as a description of the currently preferred embodiments of the present invention, and is not intended to represent the only form in which the present invention may be practiced. It is to be understood that the same or equivalent functions may be accomplished by different embodiments that are intended to be encompassed within the spirit and scope of the present invention.
In one embodiment, in a multi-layer integrated circuit (IC), the present invention provides a tamper detection system for protecting one or more circuits of the IC from being accessed by micro-probing. The tamper detection system comprises a first, static wire mesh formed in a first layer overlying the one or more circuits to provide static protection to the one or more circuits. The static wire mesh comprises first wires connected to a power supply and second wires connected to ground. A second, active wire mesh comprises at least a third wire formed in a second layer overlying the one or more circuits to provide active protection to the one or more circuits. A tamper detection module is connected to the first and second wire meshes for detecting breaks in the meshes. A first terminal of the third wire of the second mesh is connected to a first output terminal of the tamper detection module for receiving a first serial bit stream therefrom, and a second terminal of the third wire is connected to a first input terminal of the tamper detection module for providing the first serial bit stream back to the tamper detection module, where the transmitted and received bit streams are compared. The tamper detection module generates a tamper detection signal if either of the active or static meshes is compromised. The tamper detection signal triggers zeroization of data stored by the protected circuits.
Various embodiments of the present invention provide a system for generating a tamper detection signal indicating tampering with one or more circuits of an IC. The system includes a tamper detection module and both static and active wire meshes connected to the tamper detection module. The wire meshes are placed at predefined distances from the protected circuits of the IC. The protected circuits are associated with memory modules, e.g., memory arrays, register arrays, etc., of the IC used to store sensitive information. The tamper detection module generates serial bit streams based on a predetermined algorithm. The serial bit streams comprise a random pattern of bits that are repeated at a predefined frequency. The serial bit streams traverse the active wire mesh and are returned to the tamper detection module for comparison to determine if the active wire mesh has been altered. That is, a difference in the input and output serial bit streams implies an unauthorized attempt to access the contents of the protected circuits or a breach in the wire mesh. The static wire mesh, comprising an array of wires connected to a power supply and an array of wires connected to ground, also is monitored by the tamper detection module to determine if the meshes have been broken. The tamper detection module generates a tamper detection signal, which sets-off an erase sequence for erasing contents of the protected circuits.
Referring now to
In this embodiment, the first and second wires 210 and 212 run parallel with each other and are connected to the tamper detection module by way of vias (not shown). The first and second wires 210 and 212 preferably are separated by a distance such that if a probe tip tried to breach the mesh 202, the tip would contact one of the first wires 210 and an adjacent second wire 212, thereby causing a short circuit detectable by the tamper detection module 214. In a preferred embodiment, the wires 210 and 212 are wide wires. That is, in one preferred embodiment, the wires used to form the mesh 202 have a maximum width as defined for the technology node (e.g., C55, C40, C28, etc.) of the IC 200, and it also is preferred that the wires 210 and 212 are routed at minimum pitch for the technology node of the IC 200.
The IC 200 also has a second, active wire mesh 216 formed in a second metal layer 218 and overlying the one or more circuits 206 of the IC 200. In this embodiment, the second metal layer 218 is different than the first metal layer 204, and the active wire mesh 216 comprises at least a third wire 220 that may be a continuous wire that runs from one side of the layer 218 in a zig-zag pattern to an opposing side of the layer 218, with spacing between the lengths of the third wire 220 are parallel with each other and running along a length of layer 218 being such that a microprobe trying to breach the mesh will contact the third wire 220. One end of the third wire 220 is connected to an output terminal of the tamper detection module 214 (by way of vias, not shown) and the other end of the wire 220 is connected to an input terminal of the tamper detection module 214. Like the first and second wires 210 and 212, in a preferred embodiment the third wire 220 is a wide wire routed at minimum pitch for the technology node of the IC 200.
As discussed in U.S. Pat. No. 8,689,357 of Freescale Semiconductor, Inc., which is hereby incorporated in its entirety, a serial bit stream may be transmitted over the third wire 220 to/from the tamper detection module 214, and the tamper detection module compares the transmitted bit stream with the received bit stream to determine if an attempt has been made to compromise the mesh 216. As previously noted, the tamper detection module 214 is formed in a lower layer 208 of the IC 200 and connected to the static and active meshes 202 and 216 for detecting breaks in the meshes. If the tamper detection module detects that one of the meshes 202 and 216 has been breached or tampered with, then the tamper detection module 214 activates a tamper detection signal that is used to initiate a memory erase sequence for erasing one or more values stored in the memory modules (including any memory circuits like flip-flops or registers that store protected data).
In another embodiment, the third and fourth wires 510 and 512 are formed in two separate, spaced layers, for example, as shown in
By providing a plurality of smaller meshes, less power is consumed by the tamper detection system, and less physical area is required.
While various embodiments of the present invention have been illustrated and described, it will be clear that the present invention is not limited to these embodiments only. Numerous modifications, changes, variations, substitutions, and equivalents will be apparent to those skilled in the art, without departing from the spirit and scope of the present invention, as described in the claims.
Number | Name | Date | Kind |
---|---|---|---|
5383143 | Crouch et al. | Jan 1995 | A |
5389738 | Piosenka et al. | Feb 1995 | A |
5446864 | Burghardt | Aug 1995 | A |
5457748 | Bergum | Oct 1995 | A |
6002501 | Smith | Dec 1999 | A |
6646565 | Fu | Nov 2003 | B1 |
6946960 | Sisson | Sep 2005 | B2 |
7065656 | Schwenck | Jun 2006 | B2 |
7180008 | Heitman | Feb 2007 | B2 |
7498644 | Shapiro | Mar 2009 | B2 |
7868441 | Eaton | Jan 2011 | B2 |
7923830 | Pope | Apr 2011 | B2 |
7947911 | Pham | May 2011 | B1 |
7953989 | Hsiang | May 2011 | B1 |
8127151 | Nelson | Feb 2012 | B2 |
8240038 | Pham | Aug 2012 | B1 |
8689357 | Arora et al. | Apr 2014 | B2 |
8896086 | Arora | Nov 2014 | B1 |
20020002683 | Benson | Jan 2002 | A1 |
20030008432 | Kux et al. | Jan 2003 | A1 |
20040227205 | Walmsley | Nov 2004 | A1 |
20040236961 | Walmsley | Nov 2004 | A1 |
20040252053 | Harvey | Dec 2004 | A1 |
20070126100 | Mizuno | Jun 2007 | A1 |
20090077669 | Buer | Mar 2009 | A1 |
20100192014 | Mejdrich | Jul 2010 | A1 |
20120179921 | Christianson | Jul 2012 | A1 |
20130104252 | Yanamadala | Apr 2013 | A1 |
20150114122 | Soles | Apr 2015 | A1 |
Entry |
---|
Xavier Charvet, Herve Pelletier, “Improving the DPA attack using Wavelet transform”, downloaded from http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-3/physec/physecdoc.html, undated (downloaded Mar. 5, 2012). |
Maxim: “Secure supervisor IC has active tamper detection”, EE Times, Feb. 5, 2009. |
Anon, “Infineon / ST Mesh Comparison”, Flylogic's Analytical Blog, http://www.flylogic.net/blog/?p=86, May 9, 2013. |