Extract Chip Timing process need to input some value and secret key when operate the secure operation, make the comparison by differentiate the operation time length of semiconductor chip. Measure the timing and analysis carefully can regain the secret key. This kind of method has been mentioned in 1996 in the text book. Later this chip firmware extraction method has successfully attack the RSA signature smartcard practically.
For the purpose of microcontroller unlocking successfully, we need to collect the information about the device, and combine with the processing time to make the comparison, such as question-answer delay. Lots of password and algorithm can be susceptible to be attacked by timing chip unlock, the main reason is due to the algorithm are all operated by the software. Which also include jump up the branch and operation terms when the appropriate moment; use the cache memory and unfixed time processing order such as frequency doubling and frequency division; and tremendous other reason.
So in order to prevent this kind of chip unlock, we need to use blinding signatures technology. This method is using the chosen random digitals combine with input digitals and data to prevent the MCU cracker understand the mathmetic algorithm of operation when extract chip. Timing attack can be applied on those microcontroller chip in which the protection was base upon the password, or using the digital card or code to visit the control system, such as iButton product from Dallas.
Tüm bu sistemlerin ortak riski, veritabanına devam eden dijitalleri girmek ve çift doğrulamayı sürdürmektir. Sistem, veritabanına girilen gizli anahtarın her bitini incelemelidir, yanlış bit tespit edildiğinde, işlem derhal askıya alınmalı ve bir sonrakine geçmelidir. Böylece çip saldırganı, bir gizli anahtardan yenisini istemeye kadar geçen zaman uzunluğunu varsayabilir ve anahtarın benzerliğini bulabilir. Nispeten daha küçük dijitalleri koyarak eşleşenleri bulabilir.
The common risk of all of these systems is inputting the continue digitals in the database and proceed the double validation. The system must inspect the each bits of secret key which has been inputted into the database, once the incorrect bit has been spotted, the operation should suspended immediately and switch to the next one. So the chip attacker can assume the time length from one secret key to requesting a new one and found its similarity of the key. Put the relative smaller digitals can find the matched ones.
In order to prevent this kind of MCU extraction method, designer need to calculate the cycle of processor with great care. When the system compares the password, it needs to ensure the consuming time length are the same no matter the password is right or wrong. We need to add extra blank operation order in the program which will provide a lot of benefit for timing attack.
Некоторые микроконтроллерные микросхемы имеют внутренний резистивный генератор, который может способствовать связыванию рабочей частоты процессора с напряжением и температурой микросхемы. Это усложнит анализ временной последовательности, поскольку при извлечении микросхемы необходимо иметь относительно стабильную среду и температуру микросхемы, в то же время уменьшая шум на дорожках питания и вибрацию напряжения. Некоторые смарт-карты имеют внутренние случайные тактовые генераторы, которые делают расширение длительности времени при извлечении микросхемы недействительным.
Some microcontroller chip has internal resistance oscillator which can contribute to connect the working frequency of processor with voltage and chip temperature. It will bring difficulty to the time sequence analysis, since when extract chip need to have a relative stable environment and chip temperature, at the same time, reduce the noise on the power supply tracks and voltage vibration. Some smartcards have internal random timing clock which makes the extention of time length when extract chip become invalid.
