Camp 2007 - 1.01

Chaos Communication Camp 2007
To infinity and beyond

Speakers
Lorenz
Schedule
Day 2
Room Shelter Foo
Start time 17:00
Duration 01:00
Info
ID 1933
Event type Lecture
Track Science
Language English
Feedback

Hacking on the Nanoscale

Dual Beam Devices for Rapid Prototyping and Reverse Engineering

Dual beam systems are a research and development tool widely used in semiconductor industry. They integrate a scanning electron microscope with a focused ion beam and allow to image, remove, and deposit nanometer size structures. The lecture introduces the basic principles, shows application examples, and explains how these devices can be used for hacking on the hardware level.

At the headquarter of the worlds largest microchip manufacturer the atmosphere in the executive meeting is tensed. The competitor has just revealed a new processor with far superior performance. The own R&D has been working on the same technology but is at least one year behind. They seem to be just not able to figure out how to get the thing working. But there is this early prototype the guy they managed to poach last month brought with him. They should get to work. Within a few hours the guys at the lab had managed to cut through the packaging. The circuitry on the surface of the chip was already visible. They quickly figured out at which locations they had to dig deeper to get to the sweet secret. They milled out several of the transistors with nanometer precision. With the remote controlled arm of a micromanipulator they took the tiny parts out for final preparation. Once the pieces were in the microscope it was only a matter of waiting. The next morning the tomography was done and a 3d model of the transistor was rotating on the computer screen. Now with the elemental mappings in front of them it would be a piece of cake to copy the process.

What would have sounded like science fiction only a few years ago is nowadays a standard application in companies. With more than a hundred deployed devices, sales rising, new vendors entering the market, and prices dropping dual beam systems will become as commonly available as scanning electron microscopes are today. However, this will not only propel research in science and industry but it has also the potential to deeply impact present security paradigms. It is the end of the hardware black box. Since it allows to image, dissect, and rewire on-chip circuitry statements like the following about the trusted platform module: "The endorsement key is a 2,048-bit RSA public and private key pair, which is created randomly on the chip at manufacture time and CANNOT be changed."*) might need to be reconsidered.

*)Safford, David (2006-10-27). Take Control of TCPA. Linux Journal. Retrieved on 2007-02-07.