Spider. datasheet V 1.0. Communication and fault injection of embedded chips. rev 1

Similar documents
SignalTap Plus System Analyzer

JTAG-SMT1 Programming Module for Xilinx FPGAs. Overview. 23 mm. 21.5mm. Revised November 21, 2017 This manual applies to the JTAG-SMT1 rev.

MSO-28 Oscilloscope, Logic Analyzer, Spectrum Analyzer

Low-speed serial buses are used in wide variety of electronics products. Various low-speed buses exist in different

Logic Analyzer Auto Run / Stop Channels / trigger / Measuring Tools Axis control panel Status Display

LMH0340/LMH0341 SerDes EVK User Guide

SECU-16. Specifications Power: Input Voltage 9-12V DC or AC Input Current Max 200mA. 8 2-wire inputs, Analog (0 5VDC) or Supervised

HDMI Over IP Extender Kit - 4K

PicoScope 6407 Digitizer

Displays Open Frame Monitor Model Number: AND-TFT-150Bxx

LadyBug Technologies, LLC LB5908A True-RMS Power Sensor

Logic Analysis Basics

Logic Analysis Basics

3. Configuration and Testing

NanoCom ADS-B. Datasheet An ADS-B receiver for space applications

Mini Gateway USB for ModFLEX Wireless Networks

SXGA096 DESIGN REFERENCE BOARD

Alice EduPad Board. User s Guide Version /11/2017

USB Smart Power Sensor

DPD80 Visible Datasheet

Technical data. General specifications. 60 ma Power consumption P 0. 1 W Time delay before availability t v. 120 ms Interface. Protocol IO-Link V1.

Technical data. General specifications. Indicators/operating means

Embedded Master Module

DPD80 Infrared Datasheet

Jalapeno. Data sheet. Jalapeno is a very powerful quad-core CPU based module with dual band concurrent radio supporting ac Wave 2 technology

WISOL / SFM20R4. DATASHEET Rev 0.1. WISOL 28-40, Gajangsaneopdong-ro, Osan-si, Gyeonggi-do Republic of Korea.

GFT channel Time Interval Meter

JTAGcable II In Circuit Emulator for Atmel AVR microcontrollers. User s Guide REV 1.0. Many ideas one solution

Dish Diversity Switch

In-process inspection: Inspector technology and concept

HAMEG. Oscilloscopes. Innovation right from the start. Oscilloscopes

FLAT DISPLAY TECHNOLOGY

Troubleshooting EMI in Embedded Designs White Paper

BTW03 DESIGN CONSIDERATIONS IN USING AS A BACKPLANE TEST BUS International Test Conference. Pete Collins

UNIIQA+ NBASE-T Monochrome CMOS LINE SCAN CAMERA

Debugging a Mixed Signal Design with a Tektronix Mixed Signal Oscilloscope

USB Smart Power Sensor

MS-32. Oscilloscope Mixed Signal Option. Add 32 Digital Channels to a 4 Channel Oscilloscope

@DonAndrewBailey

DX-10 tm Digital Interface User s Guide

How to overcome/avoid High Frequency Effects on Debug Interfaces Trace Port Design Guidelines

12. IEEE (JTAG) Boundary-Scan Testing for the Cyclone III Device Family

FCPM-6000RC. Mini-Circuits P.O. Box , Brooklyn, NY (718)

Universal ByteBlaster

Ethernet to VGA over IP Converter

Connecting To and Programming the LPC2148 Blue Board. Method 1 ISP (In-System Programming) w/ Flash Magic

Hardware Guide BrightSign, LLC Version:.1 Los Gatos, CA, USA. MODELS: XD Product Line

PicoScope 6407 Digitizer

LAUREL. Laureate Digital Panel Meter for Load Cell & Microvolt Input ELECTRONICS, INC. Features. Description

WAVEJET 300 SERIES OSCILLOSCOPES. New Cover to Come. Unmatched Performance, Portability, and Value

Using SignalTap II in the Quartus II Software

Hello and welcome to this presentation of the STM32L4 Analog-to-Digital Converter block. It will cover the main features of this block, which is used

AZ DISPLAYS, INC. COMPLETE LCD SOLUTIONS SPECIFICATIONS FOR 15.0 OPEN FRAME MONITOR

Portable Performance for Debug and Validation

EdgeConnect Module Quick Start Guide ITERIS INNOVATION FOR BETTER MOBILITY

HAL Series. Versatile range of production line testers.

SC26 Magnetic Field Cancelling System

The Haply Development Kit

1 Terasic Inc. D8M-GPIO User Manual

LD-V4300D DUAL STANDARD PLAYER. Industrial LaserDisc TM Player

HDMI Extender via Single SC Fiber Support 3D/4K2K Up to 200m in one Single-mode Fiber

MTP200B WLAN / BT LE Tester

WAVEJET 300 SERIES OSCILLOSCOPES. Unmatched Performance, Portability, and Value

PROFESSIONAL GRADE TOOLS THAT ARE EASY TO USE REVOLUTIONARY TECHNOLOGY (YOU CAN AFFORD) BYTE BROTHERS 2010 PRODUCT CATALOG

YAMAHA 03D SERIAL AUDIO MIXER

EECS145M 2000 Midterm #1 Page 1 Derenzo

GFT Channel Digital Delay Generator

CoLinkEx JTAG/SWD adapter USER MANUAL

Scan. This is a sample of the first 15 pages of the Scan chapter.

HDMI Extender via Single SC Fiber Support 3D/4K2K Up To 10Km In One Single-mode Fiber

the Boundary Scan perspective

ARM JTAG Interface Specifications

SC24 Magnetic Field Cancelling System

6.4 Chassis Monitor Model Number: LCM0642xx. SPEC No.: SAS Version: 0.0 Issue Date: April 16, Introduction:

Doc: page 1 of 5

Error connecting to the target: TMS320F28379D. 1 Error message on connecting the target.

AUDIO/VIDEO CONNECTIVITY

WyreStorm NetworkHD HD Over IP with HDMI Pass-through, RS232

SC24 Magnetic Field Cancelling System

Sitronix ST CH Segment Driver for Dot Matrix LCD. !"Dot matrix LCD driver with two 40 channel

Modular Block Converter Systems

LAUREL ELECTRONICS, INC.

7000 Series Signal Source Analyzer & Dedicated Phase Noise Test System

SWITCH: Microcontroller Touch-switch Design & Test (Part 2)

Large Area, High Speed Photo-detectors Readout

Contents: 1 LANsmart Pro Main Unit 4 Remote Unit: ID1, ID2, ID3, ID4

MS-32 OSCILLOSCOPE MIXED SIGNAL OPTION. Add 32 Digital Channels to a 4 Channel Oscilloscope

Solutions to Embedded System Design Challenges Part II

USB Smart Power Sensor

Section 24. Programming and Diagnostics

HDMI over IP Extender Kit with Video Wall Support p

Agilent 5345A Universal Counter, 500 MHz

AD9884A Evaluation Kit Documentation

KVE vector Vector Impedance Antenna analyzer User's Manual ( V for Kve60C and Kve520A )

Features of the 745T-20C: Applications of the 745T-20C: Model 745T-20C 20 Channel Digital Delay Generator

Make technology more simple, Make life more intelligent. Firefly-PX3-SE. Product. Specifications. Version Date Updated content

DC-105 Quick Installation Guide

QSFP+ 40GBASE-SR4 Fiber Transceiver

innovative technology to keep you a step ahead Tailored to Simplify Installation and Troubleshooting of RF Signals

GDB-03 Demo Module USER MANUAL GW INSTEK PART NO. 82DB-03000M01 ISO-9001 CERTIFIED MANUFACTURER

Transcription:

Spider Communication and fault injection of embedded chips datasheet V 1.0 rev 1

Contents Page 3 Page 8 The product Context The challenge it solves Unique features Example use case JTAG unlocking Fault injection with two lasers Page 12 Technical details User control Technical specifications The package 2

The product

Context Market The market for high security embedded chips has seen a huge growth in the past 5 years particularly in content protection and mobile devices. Compared to the fairly standardized smart card world, the large variety of embedded chips causes a big challenge in side channel and fault injection testing. You need a tool to handle this without adding complexity or hard-to-debug setups. Adding flexibility in triggering, control and on-the-fly adjustment of fault injection campaigns greatly increases the tester s surface. Moreover, combining protocols like JTAG, SPI, I2C or CAN with fault injection opens up new avenues of testing. Approach We developed Spider, a highly versatile FPGA-based tool to: Reduce setup complexity for embedded device testing Generate faults for power amplifier, laser or EM-FI equipment On-the-fly adjustments of fault injection parameters Communicate at low level with embedded chips Easy to develop proprietary interface and protocol extensions Other methods VC Glitcher Custom FPGA design Microcontrollers Limitations - Supports only smart card protocol - Limited protocol flexibility - Steep learning curve - R&D investment for a good digital and analog combination - Cannot provide rigid triggering - Cannot provide true parallelism 4

The challenge it solves Easy interfacing with embedded chips Setting up a side channel test environment can be a timeconsuming exercise. Embedded targets have a great variety in communication protocols, multiple power domains, and different I/O voltage levels. As a tester you want control over the target s interfaces so that you can run exactly the desired tests. With Spider you can sniff and communicate with an embedded chip making use of common chip-to-chip protocols. Accurate triggering Based on what is observed, for example on the chip s data bus, you want to start a power measurement or inject a fault. Spider can generates very accurate triggers to accomplish this. Spyder offers great flexibility and can be used with a wide range of embedded chips because it supports JTAG, I2C and SPI. Custom fault attack flow In order to create effective security tests that will leave no vulnerabilities undetected it must be possible to change the attack flow. Custom attack flows can be easily created using Inspector software or the Spider s SDK library. Multiple options are available for the user who can for example influence the voltage level, change the event ordering and adjust glitch timing. With these possibilities the shape of a glitch can be interactively customized without any user intervention.. 5

Unique features 1. Unique all-in-one tool to control embedded targets Wide range of I/O voltage levels (1.0 3.3 V) Support for popular protocols Flexible trigger generation Control two lasers for simultaneous multi pulse attacks 2. Versatile fault generator Drives faults to glitch amplifiers, lasers, EMFI probes Program any attack flow Arbitrary wave form generation for faults 3. Flexible and easy to use SDK in Python, Java and C Plug and play from Inspector 4. Extensive protocol support SPI JTAG I2C UART 6

Example use case

Use case JTAG unlocking A locked JTAG interface has been proven to become unlocked by injecting faults to the chip The test scenario 1. Due to security considerations, it is common practice to lock the JTAG interface. 2. Spider can challenge the strength of JTAG locking by controlling the reset line of the target. 3. Glitch during target booting: Apply normal VCC to target for booting Lower VCC to minimum level just before attack Generate glitch via Glitch Amplifier 4. Perform a standard device id read out via JTAG communication. Spider manages: - Resetting - Glitching - JTAG communication 8

Use case drive LS2 Twin Scan The test scenario 1. Spider can drive the 2 lasers from the Twin Scan independently. 2. This allows for example attacking a crypto-core and a memory storage at the same time to get results that would otherwise be impossible. Spider voltage 2 glitch 2 voltage 1 glitch 1 gpio pulse ampl. digital glitch pulse ampl. digital glitch trigger bus 1 2 Computer Inspector reset usb 9

Technical details

User control EMFI Select Spider EMFI Sequence to show settings Select Spider COM port Trigger input settings Reset output settings 11

User control Twin Scan Select Spider Sequence to show settings Select Spider COM port Laser source Driving ports of Spider 12

Programming Inspector Create a glitcher using Spider Core 1 Add events and customize their order 13

Programming Python Assign and open Spider COM port Create a glitcher using Spider Core 1 Add events and customize their order 14

Technical specifications Parameter Min. Typical Max. Unit gpio voltage level (VLogic) 1.0-3.3 V gpio VOH VLogic-0.45 - - V gpio VOL - - 0.4 V gpio VIH 0.65VLogic - VLogic+0.3 V gpio VIL -0.3-0.35VLogic V voltage output 0.0-5.0 V voltage output current - - 100 ma glitch outputs Voltage -4.0-4.0 V glitch outputs current - - 72 ma glitch output timing resolution - 4 - ns uart signal voltage level - 3.3 - V uart baud rate 1907-1.5M baud 15

Package Description 1 Spider Description 10 Jumper wires: female - female 1 15V DC Power Supply Unit, input 100-240 V, AC 50-60 Hz Included: power cable with country specific jack 4 Output impedance adapter - SMB, 50 Ohm 1 Breakout Board 1 Communication cable: USB-A - USB-B, 2 m 1 Spider SDK USB stick 4 Signal cable: SMB SMB 1 Quick Start Guide 10 Jumper wires: male - female 16

Please contact Riscure for more information. You can reach us by email : inforequest@riscure.com, by phone : +31 15 251 4090 US: +1 650 646 9979 Or on the web: www.riscure.com

2024 © artsdocbox.com Privacy Policy | Terms of Service | Feedback