Analysis on the attack technology of Single Chip Microcomputer
According to the current integrated circuit development technology, there are four main techniques for attacking single-chip microcomputer:
(1) software attacks
This technology usually uses processor communication interfaces and uses protocols, encryption algorithms, or security vulnerabilities in these algorithms for attacks. A typical case of successful software attack is the attack on the early ATMELAT89C series microcontroller. Attackers exploit this series of single-chip microcomputer erasure operation time series design vulnerabilities and use a self-developed program to erase the encrypted lock bit and then stop the next operation to erase the stored data of the program in the chip, in this way, the encrypted single-chip microcomputer is converted into an unencrypted single-chip microcomputer, and then the programmer is used to read the program in the chip.
(2) electronic attack detection
This technology usually monitors the Simulation Characteristics of all power supplies and interface connections when the processor is operating normally at high time resolution, and carries out attacks by monitoring its electromagnetic radiation characteristics. Because a single-chip microcomputer is an active electronic device, when it executes different commands, the corresponding power consumption also changes accordingly. By analyzing and detecting these changes using special electronic measuring instruments and mathematical statistical methods, you can obtain specific key information in the single chip microcomputer.
(3) fault generation technology
This technology uses abnormal working conditions to cause a processor error and then provides additional access for attacks. The most widely used fault-generating attack methods include voltage shock and clock shock. Low-voltage and high-voltage attacks can be used to prevent protection circuit work or force the processor to perform wrong operations. The clock transient hop may reset the protection circuit without breaking the protected information. Transient switching of power supply and clock may affect the decoding and execution of a single command in some processors.
(4) probe technology
This technology directly exposes the internal connection of the chip, and then observes, controls, and interferes with the microcontroller to achieve the attack. For convenience, the above four attack technologies are divided into two categories: Intrusion attacks (physical attacks), which need to destroy encapsulation, then, with the help of semiconductor testing equipment, microscope and micro positioner, it takes several hours or even weeks to complete in a specialized laboratory. All micro-probe technologies are intrusive attacks. The other three methods are non-intrusive attacks, and the attacked MCU will not be physically damaged. In some cases, non-intrusive attacks are especially dangerous, but they are very cheap because the devices required for non-intrusive attacks can be self-made and upgraded.
Most non-intrusive attacks require good processor knowledge and software knowledge. On the contrary, intrusive probe attacks do not require much initial knowledge, and a similar set of techniques are usually used to deal with a wide range of products.