3

I know that security-oriented products can easily protect their contents from even the most sensitive commercial x-rays, which can see objects at about 0.5µm. But let's put cost limits aside (or imagine that we have State-level resources), and think about theoretical limits.

Is there some known theoretical physics knowledge that when applied, would allow a State-sponsored organization to create an X-Ray that is capable of seeing through security devices, such as smartcards, shielded integrated circuits or even a Hardware Security Module?

Examples would be a device that uses gamma rays (which has a much smaller wavelength than conventional x-rays) or even some exotic device such as a neutrino detector (it's well known that neutrinos can pass through entire planet with low probability of interacting with any atom - can that be leveraged to bypass the device shield?).

fernacolo
  • 234
  • 1
  • 6

1 Answers1

1

X-rays lack the spatial resolution to see objects of the size required to visually map out a modern integrated circuit. Gamma rays are too energetic to be focused by any sort of lens, so they can't really be used to see through anything. Neutrinos are even more ghostly. Chances are, not a single neutrino has ever actually collided with a particle in an HSM in its entire lifetime despite the fact that billions created deep in space pass through it every second.

Leaving aside the physics aspect of this question, I need to point out that you are assuming that being able to see the internals of the device would be a security risk. This assumption is false. At most, being able to see the internals of an HSM would reveal trade secrets. It would not necessarily reveal anything stored digitally. While I believe a charged NAND cell can be identified with extremely high-powered microscopy in a chip-off situation, anything that is capable of seeing through the IC itself, including X-ray microscopes, will likely not have nearly sufficient resolution.

This is all rendered irrelevant as modern HSMs will typically not be heavily-obfuscated internally, but they will be shielded from many sources of electromagnetic radiation. While this shielding is typically designed to frustrate fault attacks, it will still manage to block an X-ray microscope. As such, it would be necessary to perform chip-off forensics against the HSM, which is quite difficult.

forest
  • 64,616
  • 20
  • 206
  • 257
  • 1
    And usually HSM have tamper-protection mechanisms that will erase its contents according to changes on some environment variables (like temperature, voltage, vibration). – ThoriumBR Jun 14 '18 at 13:30
  • Thanks, @forest. Are you sure about the trade secrets part? My understanding is that HSM may contain certain keys in their firmware, that validate connection with other HSM from same manufacturer, as part of their secure scalability solution. Isn't that more than mere trade secrets? – fernacolo Jun 14 '18 at 19:04
  • @fernacolo Firmware is not necessarily ROM. These HSMs are made in bulk, so they need to be provisioned after manufacturing with their personal keys. This makes it less likely that they'll be using ROM where the physical layout can give away the contents. It's possible that some do that, but for the other reasons I presented (low spatial resolution, EM shielding, etc), it wouldn't be a plausible attack vector. – forest Jun 15 '18 at 02:54