David Samyde, S. Skorobogatov, Ross J. Anderson, J. Quisquater
{"title":"一种从内存中读取数据的新方法","authors":"David Samyde, S. Skorobogatov, Ross J. Anderson, J. Quisquater","doi":"10.1109/SISW.2002.1183512","DOIUrl":null,"url":null,"abstract":"This paper explains a new family of techniques to extract data from semiconductor memory, without using the read-out circuitry provided for the purpose. What these techniques have in common is the use of semi-invasive probing methods to induce measurable changes in the analogue characteristics of the memory cells of interest. The basic idea is that when a memory cell, or read-out amplifier, is scanned appropriately with a laser, the resulting increase in leakage current depends on its state; the same happens when we induce an eddy current in a cell. These perturbations can be carried out at a level that does not modify the stored value, but still enables it to be read out. Our techniques build on it number of recent advances in semi-invasive attack techniques, low temperature data remanence, electromagnetic analysis and eddy current induction. They can be used against a wide range of memory structures, from registers through RAM to FLASH. We have demonstrated their practicality by reading out DES keys stored in RAM without using the normal read-out circuits. This suggests that vendors of products such as smartcards and secure microcontrollers should review their memory encryption, access control and other storage security issues with care.","PeriodicalId":183673,"journal":{"name":"First International IEEE Security in Storage Workshop, 2002. Proceedings.","volume":"71 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2002-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"160","resultStr":"{\"title\":\"On a new way to read data from memory\",\"authors\":\"David Samyde, S. Skorobogatov, Ross J. Anderson, J. Quisquater\",\"doi\":\"10.1109/SISW.2002.1183512\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper explains a new family of techniques to extract data from semiconductor memory, without using the read-out circuitry provided for the purpose. What these techniques have in common is the use of semi-invasive probing methods to induce measurable changes in the analogue characteristics of the memory cells of interest. The basic idea is that when a memory cell, or read-out amplifier, is scanned appropriately with a laser, the resulting increase in leakage current depends on its state; the same happens when we induce an eddy current in a cell. These perturbations can be carried out at a level that does not modify the stored value, but still enables it to be read out. Our techniques build on it number of recent advances in semi-invasive attack techniques, low temperature data remanence, electromagnetic analysis and eddy current induction. They can be used against a wide range of memory structures, from registers through RAM to FLASH. We have demonstrated their practicality by reading out DES keys stored in RAM without using the normal read-out circuits. This suggests that vendors of products such as smartcards and secure microcontrollers should review their memory encryption, access control and other storage security issues with care.\",\"PeriodicalId\":183673,\"journal\":{\"name\":\"First International IEEE Security in Storage Workshop, 2002. Proceedings.\",\"volume\":\"71 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2002-12-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"160\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"First International IEEE Security in Storage Workshop, 2002. Proceedings.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SISW.2002.1183512\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"First International IEEE Security in Storage Workshop, 2002. Proceedings.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SISW.2002.1183512","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
This paper explains a new family of techniques to extract data from semiconductor memory, without using the read-out circuitry provided for the purpose. What these techniques have in common is the use of semi-invasive probing methods to induce measurable changes in the analogue characteristics of the memory cells of interest. The basic idea is that when a memory cell, or read-out amplifier, is scanned appropriately with a laser, the resulting increase in leakage current depends on its state; the same happens when we induce an eddy current in a cell. These perturbations can be carried out at a level that does not modify the stored value, but still enables it to be read out. Our techniques build on it number of recent advances in semi-invasive attack techniques, low temperature data remanence, electromagnetic analysis and eddy current induction. They can be used against a wide range of memory structures, from registers through RAM to FLASH. We have demonstrated their practicality by reading out DES keys stored in RAM without using the normal read-out circuits. This suggests that vendors of products such as smartcards and secure microcontrollers should review their memory encryption, access control and other storage security issues with care.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
