The Role of Cost in the Integration of Security Features in Integrated Circuits for Smart Cards
TThe role of cost in the integration ofsecurity features in integratedcircuits for smart cards
Nikolaos Athanasios Anagnostopoulos
Student number : 1318055
Research Topics
University of TwenteEIT ICT Labs Master School bstract
This essay investigates the role of cost in the development and production of secure integratedcircuits. Initially, I make a small introduction on hardware attacks on smart cards and some of thereasons behind them. Subsequently, I introduce the production phases of chips that are integratedto smart cards and try to identify the costs affecting each one of them. I proceed to identify howadding security features on such integrated circuits may affect the costs of their development andproduction. I then make a more thorough investigation on the costs of developing a hardwareattack for such chips and try to estimate the potential damages and losses of such an attack. I alsogo on to examine potential ways of reducing the cost of production for secure chips, whileidentifying the difficulties in adopting them.This essay ends with the conclusion that adding security features to chips meant to be used forsecure applications is well worth it, because the costs of developing attacks are of comparableamounts to the costs of developing and producing a chip and the potential damages and lossescaused by such attacks can be way higher than these costs. Therefore, although the productionand development of integrated circuits come at a certain cost and security introduces furtheradditional costs, security is inherently unavoidable in such chips. Finally, I additionally identify thatsecurity is an evolving concept and doesn’t aim to make a chip totally impenetrable, as this may beimpossible, but to lower the potential risks, including that of being compromised, to acceptablelevels. Thus, a balance needs be found between the level of security and the levels of cost andrisk.
PART I
General introduction
Smart cards are becoming really popular for secure transactions and identificationpurposes. This situation is naturally inclined to introduce higher incentives for both culpritsand researchers to discover and commence attacks against the integrated circuits of suchcards. In turn, these intense efforts to circumvent the security of such electronic chips andgain access to their confidential data result in a raising demand for the integration of betterand more efficient security features in such chips.As I work for a semiconductor company manufacturing secure chips for smart cards, it isreally important for it to be able to assess how adding security features to a chip mayaffect its development and production costs. Additionally, the company needs to examinewhether potential losses and damages caused by attacks on such chips can justify thisincreased cost caused by the integration of security features in its chips.For example, NXP’s MIFARE brand of smart cards has recently come under increasedattack in an effort to identify potential ways to overcome its security features and gainaccess on confidential information stored on the cards. [1][2][3][4][5][6][7][8][9]
Researchers havequite often succeeded in compromising the security of these smart cards. [1][2][3][6][7][9]
TheIFARE company claims to possess “a confirmed market share of 77% in publictransport”, [10] which is equivalent to at least 1 billion of its cards being used for secureonline transactions related to transportation. [6]
This means that if the techniquesdemonstrated by these researchers were to be employed by culprits, and assuming thataround 1% of the cards used were to be exploited, this could potentially result in lossesamounting to millions of euros in a very short period of time.Apart from direct economic losses and costs, a hardware attack on the integrated circuitsof smart cards can also cause serious harm to the relevant company’s prestige and brandname. Potential future clients will be quite unwilling to place their trust on a company thathas failed to secure its current clients’ private data and their online – or offline –transactions. Therefore, it seems extremely crucial for a company manufacturing chips forsmart cards to place significant effort and resources on assuring their security, bystrengthening any security measures that have already been implemented on them anddeveloping further more adequate and efficient ways to reinforce their security.It is also really important for manufacturers of chips for smart cards to continuously monitorthe most recent developments in attacking such integrated circuits, because only in thisway an adequate effort can be made towards providing sufficient countermeasures againstthe latest reported attacks. In general, because the development of a new chip usuallytakes at least a couple of years, it is inevitable that new ways of compromising the chip’ssecurity measures will be developed before the chip reaches the market. [11]
As this newinformation cannot be integrated in a chip’s architecture, design and features, while this isalready being developed, without considerable new cost, the original design of such anintegrated circuit must already implement a substantial degree of novelty regarding itssecurity features, which may be able to counter future attacks. [11]
It also evident that any such new design for a new chip to be used in smart cards needs tobe extensively tested, as it regards applications which require a significantly high degree ofsecurity. A new integrated circuit solution for such a purpose not only has to workefficiently, but also must sufficiently protect its confidentiality and integrity against not onlyalready known, but also potential future, attacks. Therefore, it requires an exhaustiveamount of designing and testing both as a prototype, but also when manufactured in massquantities.Thus, although the integration of security measures in such chips is intentionally sought-after and inherently unavoidable, [12] it comes at a large cost. Inherent costs exist due to theresearch and development phase of such features, which include manpower andinfrastructure costs, as well as costs of design and implementation for the prototypes ofthe new security features and the whole of the chip, as the chip may need to besignificantly redesigned. Furthermore, significant costs may also occur during the massproduction of the chip, as the new features may increase the chip’s area and thus raise thecost of the materials required for its production. Moreover, the addition of security featuresmay also introduce performance costs, related to the chip’s computation time, delay costs,as well as power costs, due to the increased complexity of the new integrated circuit andthe need to also provide enough power for the additional features. Additionally, thentegration of such novel security features can also imply a rise in packaging andmarketing costs and surely involves a significant rise in costs for testing, as the newfeatures require unit testing on their own, integration testing towards the rest of the chipand a full system and acceptance testing for the new chip as a whole.Finally, it should be noted that even though a hardware attack could potentially result insignificant losses and damages, it usually also requires a higher level of knowledge andequipment than a software attack. Furthermore, such attacks can far less often beautomated in comparison to software attacks, while they quite often require the use ofadvanced equipment in a very specific way and expert knowledge, not only in the generalfield, but also about the very specific hardware to come under attack. Moreover, ashardware attacks are more physical in their nature than software attacks, they oftenrequire a large number of integrated circuits of the same kind in order to be successful,which may generally be hard to obtain. In conclusion, this means that performing ahardware attack tends to have a high cost, which may or may not be justified by itspotential benefits and rewards for the attacker.
The business case to be examined: Current state ofcosts related to development and production of securechips for smart cards
As I work for a company manufacturing secure chips for smart cards, it is important toexamine how adding security features to a chip may affect its costs. For obvious reasons,such integrated circuits embedded on the surface of these cards require a high level ofsecurity to protect the confidentiality, integrity and availability of their data. It has beennoted that smart cards which are used primarily for secure applications need to have avariety of security features implemented on their chips and, thus, they employ specificallydeveloped integrated circuits. [12]
For this purpose, we need to explore the way in which computer chips are generallyproduced and identify the changes that implementing extra security features may cause tothis process. We can then examine the effects that the integration of secure features mayhave towards cost in each stage of a chip’s development from research to the market.Consequentially, we may be able to suggest possible ways in which this cost may bereduced and/or the process be optimised, without significantly affecting the quality of theend product.It is therefore important to determine the level of cost each step introduces in the processof development of a common chip towards its total cost and/or identify the specific costsassociated with that stage. Then, we can examine how implementing security features onsuch an integrated circuit may affect these costs or the overall level of that stage’s cost.And, finally, we should try to detect the different methods and means which can minimiseeach step’s cost and/or the overall cost of the final product, an integrated circuit designedfor smart cards.o this end, it may be useful to state the following research questions, which this essay willtry to address: • What is the amount of additional cost that integrating security features on a chipmay introduce? • Are security costs related to the costs of performing an attack and the potentialdamages and losses caused by them? • How can we decrease this amount of additional cost introduced by (additional)security? • Is it justified to introduce security on a chip used for secure transactions, and towhat extent is this feasible?
PART II
The phases of production of a chip
In order to be able to calculate the costs of development and production for any chip, it isessential to properly classify the different stages of development and production. To thisend, I have identified the following stages as essential for the development and productionof a chip: • Initial research conducted based on improving a previous product or on a new ideaor design. This stage requires an initial investment of various resources. • More in-depth research accompanied with initial or intermediate-level developmentof some designs of the chip. These designs should result in one or more prototypesper design. The first prototype should be a proof-of-concept one and the final aquite functional one, based on well-researched designs. • Testing performed on the prototypes designed in the previous step and assessmentof their functionality, quality and of the advantages and disadvantages of eachdesign. • Full development of one or more selected designs, resulting in entirely workingprototypes which will serve as initial guides for the final selection of a single designto be put into mass production. • More thorough testing of the initially selected designs and their related prototypesand subsequently really exhaustive testing and assessment of the selected finaldesign and prototype to be used for mass production. • Mass production of a product, which in some cases may be preceded by a phase of“experimental” small scale production serving as a last safety measure againstpotential failures. • Initial testing of the functionality and quality of every massively produced series ofthe product, followed by more thorough testing as the product enters the marketand is slowly accepted in it. • Marketing of the product and subsequent small scale improvements of its designnd/or placement in the market, together with optimisation of the productionprocess and gradual improvement of the product’s quality.It may be evident that the present essay is in itself a very partial implementation of the laststage of the production of a chip as described above. This fact, in turn, could present to usexactly how that stage of development may involve cost in it, as this very final stage mayinvolve the production of a number of focused reports and essays along with targetedinvestigation and analysis of the previous stages of development, and all these activities ofcourse involve costs in terms of time, manpower, knowledge and money.
Agents of cost involved in the different stages of achip’s development and production
Several different factors may add cost in each of the stages of the development of a chipwhich I have previously identified. It is however essential to try to identify these elementsof cost in each different step of development, in order to provide efficient ways of reducingcost.Starting with the stage of initial research, we have to identify that the development of anew product, in this case, a chip, has some inherent costs which materialise from the verybeginning. Such inherent costs as the cost of employment, the cost of basic infrastructureand the costs of any materials and equipment that may be needed, already presentthemselves. Although it can be argued that these costs are not really significant towards the overallcost of the product and especially regarding the anticipated profit to be made fromintroducing the final product to the market, it is exactly at this stage that even such smallcosts may drive the overall project into failure or abandonment, because investments areurgently needed to support it. In the latter stages of the product’s development, dependingon its results, it may be easier to attract investments, while at the very beginning of theproject, it is usually really hard to attract initial capital to cover the costs. However, at thisvery early stage, it is also easy to abandon the project without having incurred significantdebt. There are different ways and means to attract capital in the semiconductor industry,but most of them focus on whether the product to be developed will really fill in some gapin the market and its production is really critical as well as on issues of timely developmentand the product’s right placement in the market. [13]
As research proceeds and concrete designs are formed, costs related to manpower,equipment, tools, materials and infrastructure raise higher and higher, especially in a fieldlike integrated circuit design where expert knowledge and experience are needed toproduce a cutting edge technology product. However, as prototypes begin to bedeveloped, the investors become slowly more and more committed to the project andinvestment should become gradually more stable. It is however estimated that the salaryof an integrated circuits designer is around 45,000 euros per year [14][15] and such a projectequires a significant number of different experts with long experience on designing anddeveloping integrated circuits. Furthermore, equipment and materials needed may alsocost some hundreds of thousands of euros or more, [16][17] while a full laboratory could costmillions of euros to built and fully equip. [16][17]
Moreover, the cost of manpower increases asexperts gain more experience over the years and their salaries increase. It also takessome years to develop a product, which means that infrastructure and constant workforceare needed for it during all this period of time.Subsequently, the design candidates for the final product need to be adequately testedand evaluated. This obviously increases the cost of development as more people need tobe hired and more equipment may be needed. However, as long as not all prototypecandidates effectively fail this testing phase, the project is in a good standing and maybecome particularly attractive for investment, as it has now demonstrated some significantpotential for its concept. Testing may not introduce outstanding costs in terms ofequipment; it does, however, introduce costs in terms of time, workforce, and potentiallyinfrastructure.Testing may introduce a significant delay on the project, but it will also prove the qualityand advantages of each prototype, while revealing any flaws in the design candidates,which could either completely invalidate them or introduce further costs in order to befixed. Therefore, this may not only be a time-consuming or costly stage in itself, but it canalso potentially wreck the project, if all design prototypes fail the testing and the productneeds to be re-designed from scratch, which would practically mean doubling the cost ofthe whole research and development phase.Finally, the research and development phase concludes with focusing development on thedesigns that have been selected as more optimal. This will lead into selecting a singledesign to be put in mass production after testing them again. Then, finally all developmentefforts will focus on this design and how to efficiently deal with any flaws this may haverevealed during the previous stages of testing. This design, after being tested exhaustively,will hopefully be cleared for mass production. This stage doesn’t seem to introduce anymajor new costs, but again requires time, workforce, infrastructure and some materials.All in all, the overall costs for the research and development phase may rise well into theregion of hundreds of millions of euros. [18]
Furthermore, in the case of chips for smartcards, the plastic container of the chip, the body of the card, also has a certain amount ofcosts regarding related research, development and production, which may regard itsdurability, flexibility and endurance, as well as the way the chip will be integrated in it, orthe efficient and correct placement of additional features such as antennas. [19][20]
It has alsobeen noted that the cost of research and development for semiconductor productsexceeds that of most other high technology industries. [21]
After this stage, the selected prototype will enter mass production. Mass production doesinvolve significant new costs, but it’s also the step that will deliver the final product to beintroduced into the market. The most significant costs associated with production are thecosts of equipment, materials, and to a lesser extent infrastructure and manpower.specially the costs of equipment, material and infrastructure have driven a significantnumber of companies involved in the development of integrated circuits to not own theirown semiconductor fabrication plants (commonly referred to as fab’s), and to outsourcethe actual manufacturing of their chips. It should be stated that the cost of a fab isestimated to be at least a few billion euros. [16][17][22][23][24]
This not only means that buildingsuch a plant is a huge investment that needs to somehow be evened out within a set timeperiod, but also that just using such a facility has an inherent cost. It has, however, beennoted that fab-less companies may a have high-growth potential, exactly because they arenot burdened by the huge overhead costs associated with the construction and operationof fab’s. [25]
Significant costs for the development of a chip areassociated with the cost of materials for massproduction. Semiconductor products are built infab’s on the surface of wafers, discs of pure siliconwith a diameter of hundreds of millimetres. A seriesof identical chips are built, or developed, on thesurface of a single wafer side by side, using aseries of chemical, light and electrical effects. Eachone of these integrated circuits developed on thesurface of a wafer will be dissected from the waferand form a single fully functional unit, called die .Different sizes of wafers exist, ranging from 100, orless, to 450 millimetres. The most commonly usedwafer size is 300 mm, with 200 mm wafers being phased out and 450 mm ones beingslowly introduced. Bigger wafers would obviously result in the production of more chips(dice) per wafer, but the introduction of a bigger size of wafers undoubtedly wouldintroduce also a large amount of transition costs associated with infrastructure andequipment for fab’s. However, the semiconductors fabrication industry is slowly movingtowards adopting an updated standard of 450mm wafers for the production of newintegrated circuits. [26][27][28]
At present, most chips, including the ones used in smart cards, are developed using 300mm wafers. Chips made to be used in smart cards are developed with a technologyprocess of 90 nanometres, which means that each transistor contained in the chips will beapproximately 90 nm wide. Each such chip usually has an area of around 10 mm
2 [12] ,which allows us to calculate the number of chips (dice) per wafer, taking into account alsothe circular shape of the wafer.After the dice have been fully developed, they are extensively tested to determine whetherthey function properly. The proportion of the dice found to perform properly is referred to asthe wafer’s yield. [30]
The following formulas apply: [31][32][33]
Picture 1: Schematic representationof dice on a wafer; blue ones can befully developed on the wafer, whilegreen/black ones cannot and will bethus rejected, as their black areafalls outside the wafer's surface. [29] otal cost for a chip = die cost + testing cost + packaging costfinal test yielddie cost = wafer costdice per wafer ∗ die yield dice per wafer = π ∗ ( wafer diameter ) die area − π ∗ wafer diameter √ ∗ die area − dice used for testing per wafer die yield = wafer yield ∗ ( + ( defects per unit area ∗ die area ) a ) − a a = manufacturing complexity ( number of masking levels ) It is also estimated that a 300 mm wafer costs around 2000-2500 euros. [34][35][36][37]
Therefore, assuming: • that at the stage of mass production no dice are produced only for testing any more, • that each wafer costs around 2250 euros, • that the area of a die is around 0.1 mm , [12] • that wafer yield is around 90%, • that defects per unit area are around 10%, • and, that we use 4 masking levels,we get the following results: die yield = ∗ ( + ( ∗ ) ) − ≈ dice per wafer = π ∗ ( ) − π ∗ √ ∗ − ≈ die cost = ∗ ≈ euros ≈ euro cents Also, assuming: • a testing cost of 0.15 euro per die, [37] • and, a packaging cost of 0.08 euro per die, [37] • and a final test yield of 99.2%, [37] we get the following result: total cost for a chip = + + ≈ ≈ euros = euro cents Therefore, I conclude that each chip costs around 60 euro cents to be produced inconditions of mass production, while more than 6100 chips are produced from each wafer. typical fab produces 5000 to 8000 wafers per week, [38] which means that around30,500,000 to 48,800,000 chips can be produced every week from a single fab.It can also be concluded that chips produced for testing and/or as prototypes in theprevious stages of chip development would cost quite more than chips produced in massproduction. However, the little number of such testing and prototype chips can allow us toassume that such costs are fully included in the overall sum of research and developmentcosts.The final stage of the chip’s development has to do with its introduction to the market, andcan include costs related to marketing, sales and taxes. Other related costs may have todo with equipment maintenance, small improvements that may be done to the chipsdesign and/or optimisation of the development process in general and improvements of itsquality. Such costs should probably account only for a small proportion of the costs of theother stages of the chip’s production, especially considering the high cost of the researchand development phase. One way to calculate the final price of a chip is to classify costs inthe following three main categories: [31][32] • Component cost, having to do with the actual materials and packaging. • Direct cost, related to labour, purchases and general recurring costs. • Gross margin, concerning non-recurring costs, such as R&D, marketing, sales,equipment maintenance, rentals, financing and the initial investment andinfrastructure.In addition to these three categories, also an average discount category is suggested tocontribute to the final list price. This category does not represent any actual costs, butmakes up for the volume discounts and/or retailer mark-ups, which will reduce the list priceinto the actual average selling price. [31][32]
The effects of integrating security features in chips onthe previously identified agents of cost
Integrating security features in chips designed for smart cards can have immense effectson their cost. A higher initial investment will be required to cover the costs of increasedmanpower and infrastructure needed, while more capital will be demanded to pay for costsof additional design and testing of these features.Even from the first phase of initial research and development of the chip, additional costswill occur, being related to (re-)designing the chip’s structure and architecture, consideringthe new security features that have to be added. These features will not only have to bedesigned on their own, but also be placed in an adequate way among the othercomponents of the chip. This will lead into more personnel and equipment being needed toprovide for these additional designs, along with more materials and general infrastructure.Moreover, such security measures implemented on chips may also require more memoryand other peripheral circuits to work adequately. It has been stated that custom logicomponents demand not only costs for their own circuitry, but often may also introduceadditional challenges regarding the overall chip, such as connection restrictions betweentransistors, stringent requirements on signal arrival times, or precharge signal distributionto each transistor. [39]
Furthermore, more prototypes and testing of these will be required in order to identify thebest way to incorporate such security features in the rest of the integrated circuit. Inaddition to prototypes being required for these security modules and for the overall chipswhere they have been integrated, these newly designed security modules will have to betested extensively. Freshly designed, or redesigned, security components will need to betested on their own, while, their integration on the chip and their operation regarding theother chip’s modules will also have to be tested. Finally, the whole chip’s functions willhave to be tested as well. Apart from the usual testing of their functionality and general well-being, such features willalso have to be tested on the security they may actually be providing. This may result intochanges being needed in their designs and/or in the way they are placed on the chip. Allthese additional designs, prototypes and testing will obviously result into also more timebeing required for the best implementation to be identified and sent out for massproduction. In this case, as time means more costs regarding employment, equipment,materials and general infrastructure, this results into a significant increase in cost requiredfor this stage of development. It can be estimated that, in the best case, at least someadditional months, if not much more, will be needed in comparison to the time required forthe research and development of a normal chip.As stated before, the overall costs for research and development of a normal chip are inthe region of hundreds of millions of euros, while this phase may last some years. Anadditional amount of costs being required per year, together with an increase in the timeneeded for this phase, may also result in a growth of cost by a significant additionalamount of money, which could be in the region of millions of euros.In addition to this, more area will be needed for the complete chip to be produced duringthe mass production phase, while also issues related to the power needed by it during itsoperation, as well as for its production, may also arise. [40]
Furthermore, such chips mayhave increased work loads and require more computation time than normal ones toperform the same processes. [40]
It has been calculated that each additional set of security features that may be added on achip could, in average, add up to 10% more area to it, [41] thus requiring a larger die for itsproduction. Depending on the initial chip size and the security features that may be added,this increase in size may differ, but it can be suggested that for such proposed systems tobe feasible and, perhaps, economically viable, the increase in size should not be above10% in general. [41][42]
Moreover, the power consumption should also not increase toodramatically. [42][43]
And, finally, time delays caused by the security features added in the chipshould additionally be minimised as much as possible. [43] isregarding the costs related to the chip’s performance and focusing only on a potentialincrease in its size, we can get the following results from the previous formulas regardingits cost, assuming a 10% increase of its size and that all previous assumptions still holdtrue: die yield = ∗ ( + ( ∗ ) ) − ≈ dice per wafer = π ∗ ( ) − π ∗ √ ∗ − ≈ die cost = ∗ ≈ euros ≈ euro centstotal cost for a chip = + + ≈ ≈ euros = euro cents Therefore, it can be concluded that a 10% increase in the area of the die, in order for it toincorporate additional security measures, would result in a 6.67% increase in its totalproduction cost. This means that such a small increase in area caused 2/3 of itsmagnitude to appear as an increase of the production cost. In addition to this, larger chipswith more functions, obviously, lead to higher testing costs after their production, as theyhave to be proven fully functional.However, like before, we can also calculate that more than 5500 chips would be producedfrom each wafer. Since a typical fab produces 5000 to 8000 wafers per week, [38] around27,500,000 to 44,000,000 secure chips could be produced every week from a single fab.We can also assume that marketing costs may be increased or that increased taxes mayapply. However, increased sales should also be expected as there is already a thrivingmarket for secure chips, especially in the smart cards sector. We should not expectsignificant changes regarding costs for equipment or infrastructure, as it is an inherentrequirement for such security features to not cause significant changes in the line andprocess of production, exactly in order to keep cost within acceptable levels. [44] As a fabcosts some billions of euros to be fully productive, any changes in its equipment and/orproduction line can be assumed to carry significant additional costs.It has been noted that driving the overall costs down significantly influences whether a newproduct can enter the market at a competitive price. [45]
Additionally, it has also beensuggested that even though security technology may come at a cost, network effects couldalso influence its initial deployment, with its benefits sometimes depending on the numberof users who adopt it. [46]
Costs may exceed benefits until a certain number of users adoptit, which also may be dependent on economies of scale. This, in turn, could potentiallylead into everyone waiting for others to adopt first, and therefore the new technology mayactually never get deployed. [46] owever, it has to be noted that the secure integrated circuit industry is a thriving one andits products don’t have to be cheap, as they incorporate a significant degree ofuniqueness; [31] they should however demonstrate sufficient balance between providingadequate security and keeping development and production costs under control. Finally,adding security features causes such a chip to enter the market later than a normal one,which could also affect its placement and position in the market.
The cost of performing attacks against secure chipsand an estimation of potential damages and lossescaused by them
As it has been mentioned before, hardware attacks can cause damages or lossesamounting to several millions of euros. Especially when chips integrated in bank cards aretargeted, the losses may potentially be in the region of billions of euros. [47]
However,attacks, much like the actual production of such chips, come at a certain cost. Differentfactors depending on the chip that is being targeted can cause this cost to significantlyrise.The actual reason why an attack against a secure chip can potentially have a high cost isbecause it may essentially follow fully the stages of the chip’s development and productionprocess in a reverse order. Moreover, even the same or similar equipment is used in bothcases, with the attacker wanting to essentially break the integrated circuit’s embeddeddesign and logic down into simple pieces, which sometimes may mean actually dissectingthe chip layer by layer.Therefore, it is easy to understand that costs related to equipment, manpower andinfrastructure apply for attacks, as well. Furthermore, designing a hardware attack alsorequires a long period of time and a large set of different methods to be tested. This carriesan inherent cost for the acquisition of materials, which in this case, are no longer rawsilicon or wafers, but actual chips, which may not just be too expensive to buy in bulk, butmay not even be available for purchase by the public. It is thus really important that theattacker makes the best out of the scarce materials he has possession on.It is exactly this scarcity of materials that may make the attack worthwhile, as chips thatare in wide circulation will usually not provide as much benefits when successfullycompromised. Furthermore, it is this scarcity that again introduces another additional cost,which is related to expert knowledge; one or more experts have to be employed for at leastsome period of time if the attack is to have an adequate probability of succeeding. Thismeans that mounting an attack against a secure chip may well come at a fraction of itsresearch and development cost.Moreover, an attack against a secure integrated circuit does not have a certain result, itmay well keep failing for a large period of time or fail altogether. Therefore, there is alwaysan increased risk of investment and, as the attack will usually be illegal, there are veryimited possibilities for raising adequate funds to reach success. It is for this reason thatusually attacks are first developed either by academic researchers or by organisedcriminals, competitors, or intelligence agencies. Not everyone who may develop an attackmay fall into such a category, but it is those categories that can easily acquire the neededequipment, infrastructure, manpower and funds to perform a successful hardware attack.Of course there will always be people successful in developing attacks against securechips on their own, but, in most cases, expert knowledge as well as adequate capital tocover the costs of such attacks are really required. [11]
The main characteristic which differentiates the cost of hardware attacks is their level ofdifficulty. This level, in turn, is based on the actual security of the chip. This security shouldnot address just a single attack vector, but try to cover as many of them as possible.Otherwise, a chip that may be completely vulnerable to even the most expensive attacksof one kind, may be completely vulnerable to really cheap attacks of another kind, which ofcourse would make attacking it an overall really cheap matter. In order to prevent this, abalance between security and the cost of potential attacks must be achieved, while thebalance between production costs and security is also maintained.This is really critical for secure chips and is also recognised by their classifiers, thecertification and accreditation authorities, which test secure chips against a very broadspectrum of possible attacks. [48][49][50]
Furthermore, it was quite early recognised thathardware can never become invulnerable to each and every kind of attack. [51]
This led tothe broad acceptance of the idea that security should not aim to prevent the unavoidablepenetration of secure chips, but to try to postpone this and make it as difficult as possible.Therefore, (hardware) security is now defined as a state, not completely devoid of risks,but free from unacceptable risk. [48]
To this end, a way of lowering risk to an acceptable level is to either make attacks againsta chip way too expensive in a general sense, or too expensive in comparison to theirpotential benefits. If an integrated circuit is vulnerable only against an attack that wouldcost hundreds of millions of euros to employ successfully, then, this chip can be bothconsidered in general and classified by a certification authority as extremely secure. Cost is therefore a critical factor for attacks targeted at secure hardware, and it is reallyessential to analyse the factors that produce it in respect to conducting such an attack.Thus, based on what I have already mentioned, we can again estimate that the averagesalary for a professional expert may be around 45,000 euros per year, depending on eachperson’s skills and experience. However, a researcher’s actual salary may significantlyvary depending on his actual employer, which in this case could be an academicinstitution, a government, or, even, a criminal organisation. Furthermore, different sets of tools and equipment may be needed, depending on howhard it is to penetrate the security measures of the chip and/or what kind of attack hasbeen chosen to be tried. For different levels of actual physical penetration, different costshave been estimated, ranging from 75,000 to 370,000 euros, [11] with several differentmethods and equipment needed being listed in relevant publications, [16] which may rangerom 30,000 euros for laser cutters to between 370,000 and 730,000 thousands fordifferent kinds of electron microscopy and spectroscopy. Thus, a full laboratory could againcost millions of euros to build and fully equip. [16][17]
Again infrastructure costs apply, but this time as this kind of activity may or may not belegal, they may have to be higher, if this is criminal activity, or lower, if it is pure academicresearch. The main costs however are all related to the time needed to achieve asuccessful attack. Furthermore, there’s an inherent cost for the acquisition of chips to beattacked, which may not be available or come at a really high price per unit.Moreover, we must distinguish between different attacks at different stages of the chip’sdevelopment and production, as culprits may try to alter the chip’s initial design introducingvulnerabilities or back doors into it while it is being developed or manufactured, rather thanjust attack it when it has already been securely produced. [49][50][52]
Such mechanisms thatwill make the chip more vulnerable to attacks through its own design are called trojanhorses, or trojans, and can be prevented by ascertaining that all stages of a chip’sproduction are secure. [49][50][52]
However, this is not really feasible, unless all stages of development and production arebeing done by the same company and under heavy scrutiny and protection. In the casethat the chip has to be mass produced by a third-party fab or third-party tools, equipmentor design software is used, then the whole notion of secure development and production ismerely based on privacy and trust. Nevertheless, the same principles of trust and privacyapply during the certification and accreditation processes of the chip, when its design,development and production details are revealed to a third-party, the certifying authority.And, of course, the same principles apply for each individual employee who may justbreach his/her non-disclosure agreements and reveal critical information about the chip’ssecurity.Therefore, even though a massively produced secure chip’s design is quite static, its levelof security has its own dynamics, which are far from static. To this end, the United States(U.S.) government has had a program by which a fab can be rated as a “Trusted Foundry”under stringent criteria. [53]
However, as this program ran under the U.S. Department ofDefence and its National Security Agency (NSA), one may not be sure if actually thesefab’s are really trustworthy and secure, or factories implanting trojan horses under U.S.control. As security is based heavily on trust, it is really more difficult for any product orprocess to be considered as truly secure after Edward Snowden’s exposure of the spyingactivities of the U.S. NSA.
The case of bank cards
Considering chips integrated on bank cards, in particular, we can immediately identify theirabundance and relative ease of getting access into them, by simply applying for suchcards. Therefore, in this case, their security cannot really be based on the unavailability oftheir design or the difficulty of actually getting possession of their chips. After all, mostanks are only too happy to replace a “lost” bank card with a new one, which could lead toa duplication of available materials within some days. Thus, for these and other reasons, banks have adopted other additional securitymeasures, such as the introduction of security codes, pictures and holograms printed onthe cards, magnetic strips and/or using the card holder’s name and signature. A very well-known example of such a security code is the card’s PIN (Personal Identification Number).Finally, in order to achieve security by limiting the unacceptable risk, most banks haveintroduced limits in the amount of transactions that a single card can do each day or thelocation at which these transactions can be done. This significantly limits risk by limitingpotential losses from attacks to a specified amount per card.However, this does not mean that the chip found on most bank cards is not really “secure”.These chips do implement as many security measures as possible. Nevertheless, as theprobabilities of their chips being compromised do rise to a level of risk that cannot beconsidered acceptable, their security cannot be based on only their secure chips. Multipledifferent security mechanisms ensure that their wide circulation will not affect significantlytheir security. Secure software and backend verification and logging also try to ensure thatthe whole banking system is as safe and secure as possible. In general, the main aim is tomake a successful attack as expensive to perform as possible, while keeping its results asisolated as they can be. To this end, it is really important to ensure that a successful attackon a bank card cannot really compromise the whole banking system. [54]
While most attack attempts do not have immediate economic results, once one of them issuccessful, and especially if it becomes quickly well-known or is easy to implement, therecan be an avalanche effect, which can lead into a very fast multiplication of losses anddamages caused by this attack. [55]
It is therefore essential to design an effective way toquarantine any compromised elements or the initial attack itself and limit its results to anacceptable level of unwanted effects. Hardware attacks may come at an initial cost ofhundreds of thousands, or even several millions, of euros, but can also result in losses ofmillions, or even billions, of euros. [52]
Yet another really important effect that can cause real economic disasters is the breach oftrust caused by a successful attack. This effect can cause severe damages to a securechips manufacturer regarding its prestige, reputation and brand name and even cause it toeventually go bankrupt. It can also lead to litigation against such a manufacturer regardingclaims for compensation or breaches of security clauses in contracts, which may also costmillions.Finally, it must be noted that, in the worst case, it may be necessary to shut down thewhole system and block all existing cards, while designing, manufacturing and issuing newcards immune to a particular attack, which in the case of a large system could take morethan half a year, [56] and could, obviously, lead into losses of many millions, or even billions,of euros, considering the large number of cards involved and the considerable amount oftime it would take to replace them. Furthermore, points of sales and automatic tellermachines (ATMs) may have to be replaced too, which would add up a really significantcost and delay to the overall project.n such a case, most companies would go bankrupt, as the costs of handling it areimmensely huge and the period of time during which their services would have to beunavailable is quite significant. It would essentially mean that for six months or more, sucha company would return to the years before smart cards were introduced. It is more thanevident that this would be a huge disaster in financial terms, as well as in terms of publicrelations, trust, reputation, brand name and prestige.
PART III
The significance of security: Is it worth it?
Although it should be apparent by now that security in integrated circuits is really importantfor online, or offline, transactions, it is important that this notion is put into perspective.Security may be really unavoidable and actively sought-after, but it does come at asignificant cost. We should therefore generally examine how much security is needed inrelation to its costs, while also associating this relation with a different relation betweensecurity and risks, such as potential losses and damages. It has been suggested that thisis a very difficult subject to be clearly defined in real terms, but, we could, nevertheless,attempt a brief examination of these relations.For the particular case of smart card chips, I have proved that a potential addition ofsecurity features could result in additional costs of millions of euros for the research anddevelopment phase, while it also leads to additional costs for production, testing andmarketing. Specifically, if the chip’s area was to be increased by around 10%, that wouldmean that the chip’s final price would be increased by around 6.67%. In general, we canconclude that adding security features to a chip comes at a significant cost of tens orhundreds of millions of euros, depending on each individual case.On the other hand, I have also found out that an attack against a secure chip could cost,potentially a lot of, millions of euros to develop and test until it is successful and can beemployed in a large scale. Of course, we cannot perform an immediate comparisonbetween the costs of developing an attack and the costs of developing a secure chip, asthese are highly dependent on each individual case. We can, however, compare the costsof developing a feasible attack with its financial goal of causing damages and/or losses ofmany more millions of euros than it costs to be developed. This holds true only for attacksdeveloped for this aim and not for those developed particularly and exclusively forscientific research and relevant reasons. However, even attacks developed for scientificpurposes could lead to huge damages and losses, but do not, or at least should not, aimfor this.We should have in mind that developing an attack could be somewhat comparable interms of cost to actually developing such a chip, as, in a worst case scenario, such anattack would have to follow quite fully the stages of the chip’s development and productionprocess in a reverse order. Therefore, for such an attack to be economically feasible, itsinancial benefits should be much higher. This indirectly implies that potential losses anddamages from a successful attack on a secure chip are potentially much higher than thecost of developing and producing such a chip. Even if that suggestion does not hold true ineach and every case, we should also consider that not every chip incorporates securityfeatures and mechanisms.In the case of a chip without any integral security mechanisms, its production costs may bequite lower than those of a secure chip, but if such a chip was to be used for secureapplications, it could be easily attacked at a really low cost. Such a cost of developing anattack for a normal chip could come at some thousands of euros or, in the worst case, acouple of millions of euros, if the chip was really complex and with a large amount ofcircuits and functions. Essentially, though, the cost of attacking it could actually be lowerthan the cost of developing it, and, of course, the expected benefits would significantlysurpass by a very large margin the cost of developing such an attack.Furthermore, we should take in note the costs of dealing with a successful attack, whichalso act as incentives for increased security. Such costs include the costs of additionalresearch, development and testing required for patching up the security hole in the chip’sdesign, which will take up time, workforce, equipment, materials and infrastructure thatcould have been used for the development of other products. Furthermore, there are costsassociated with the manufacturer’s reputation, brand name and prestige which canpotentially lead into losing current clients and failing to acquire enough future ones. Finally,there are costs related to potential compensation and restitution of affected clients, as wellas general costs generated for society at large, such as law enforcement costs associatedwith such attacks and so on. [57]
Moreover, it has also been suggested that such measures as increasing the cost of attacksby increasing the associated penalties, strengthening national and international lawenforcement and increasing the difficulty of publicising and/or promoting an attack toothers will affect the market for hardware attacks directly, while also having repercussionson the market for security. [57]
Most likely such measures can reduce the overall level ofsecurity-related costs, however it’s not certain if they will increase the level of security asaccepting a certain level of insecurity can be judged as economically rational. [57]
It is, therefore, quite clear that developing integral security features and mechanisms inintegrated circuits is not only inherently unavoidable for chips that are used in secureapplications, but it also is economically feasible and should be funded in a constantmanner, so that it can always evolve and improve itself in the ongoing struggle ofprotecting an integrated circuit against both present and potential future attacks.
Ways and means of reducing cost in the production ofsecure chips
Since it is important to drive the overall product cost down in order to bring a new producto the market at a competitive price, [45] it is really crucial to identify possible ways andmeans of reducing the development and production costs of secure chips. Such ways mayinclude improving marketing to make use of network effects in the market sector ofsecurity technology, which will also provide for economies of scale, or modifying thedevelopment and production process for such chips.Easy solutions as lowering the security of chips in order to lower their complexity, andtherefore their costs, or providing less vulnerable integrated circuits at the same cost canbe immediately rejected as they have already been proven to be neither financially feasiblenor viable implementations. On the contrary, providing more incentives for security maylead into more products and cause the overall production costs to be lowered because ofeconomies of scale in related markets. For example, since equipment may cost millions ofeuros to acquire, increased demand could help lower its price, and thus costs spent onthat purpose.Furthermore, it has been suggested that a common practice of vendors could be to startoff with too little security and to dump any costs related to security on the end users, [59] and, then, when they have established a dominant position in the market, to add moresecurity than is needed, but engineer it in a way that maximises customer lock-in. [60]
Although this has been suggested for software security, it could hold true for hardwaresecurity as well, as a hardware security company could sell cheap low security chips atfirst and then take advantage of lock-in effects to provide really secure chips at high pricesthat the client has to buy.If the client company does not buy those new more secure chips, then it will be leftexposed to an increased risk of its systems being compromised. If the client decides itprefers to purchase more secure chips from another company, then, it may have to comeagainst the manufacturing company of the previous chips, which knows all the chip’svulnerabilities and shortcomings and can abuse this knowledge, until such time as all theclient’s chips have been replaced. Furthermore, incompatibilities, discount prices and/orcontract obligations, as well as a lack of feasible alternatives, may keep the client welllocked-in.Therefore, another way to achieve lower costs in the long term would be to try to decreasethe customer lock-in by providing more flexible and compatible solutions in the market,which may not benefit the dominant firms and would lower the entry barriers, but wouldalso lead into more competition, decreased costs and lower total prices. [58]
It has also been argued that as security-related costs rise, the market may rewardsecurity-related functionality that could reduce these costs. [57]
Nevertheless, it is still notclear whether the security technology market can actually become flexible enough for thisand adequately cope with lock-ins, or even distinguish between empty claims and securityimprovements that may actually achieve cost savings. [57]
In general, the market for securitytechnology, including its secure chips sector, still appears to be a lemon market, where theactual level of security of a product is hard to be defined in detail. [58] owever, there appears to be a market demand for security improvements, especially ifthese can reduce the total cost of ownership by reducing risk and potential damages orlosses. There is also a market for vulnerabilities, [57] as these can effectively provide bothvendors and clients with a leading edge in the market, which may amount to a significantadvantage over competitors. Incompatibilities make switching between vendors really costly and thus not financiallyviable, while also keeping development and production costs exceptionally high. However,compatibility and/or broad-spectrum standardisation may not be actively sought-after in thesecurity sector because most of the market’s value is based on privacy and trust, as wellas novelty and innovation, which could be hurt by focusing on a single development,production or operation standard.However, there are some ways to lower the cost of production and thus the overall costs ofa secure chip, such as using a larger wafer of around 450 mm, instead of a 300 mm one.Nevertheless, this change in the production line would have large transitional costs,related to equipment, infrastructure and testing, which could even be as high as a billioneuros, if we take into account that the cost of a new fab is at least a couple of billions. Onthe other hand, using a 450 mm wafer would significantly increase the production rate ofchips and thus contribute to decreasing their costs through economies of scale. For thisreason, this transition from 300 mm wafers to 450 mm ones has already slowly started totake place. [26][27][28]
If we assume a 450 mm wafer, and: • that at the stage of mass production no dice are produced only for testing any more • that each wafer costs around 3000 euros • that the area of a die is around 0.1 mm • that wafer yield is around 87.5% • that defects per unit area are around 12.5% • and, that we have 4 masking levels,based on the previously stated formulas, we get the following results: die yield = ∗ ( + ( ∗ ) ) − ≈ dice per wafer = π ∗ ( ) − π ∗ √ ∗ − ≈ die cost = ∗ ≈ euros ≈ euro cents Furthermore, assuming: • a testing cost of 0.2 euro per die [37] and, a packaging cost of 0.1 euro per die [37] • and a final test yield of 98.5%, [37] we get the following result: total cost for a chip = + + ≈ ≈ euros = euro cents Thus, I observe a significant cost reduction of 7 euro cents per chip, while more than13400 chips can be produced from each wafer. Since a typical fab produces 5000 to 8000wafers per week, [38] this means that around 67,000,000 to 107,200,000 chips can beproduced every week from a single fab. This is more than double the weekly productionrate of chips that can be developed on a 300 mm wafer in a single fab. However, asalready mentioned before, the transition costs from one technology to the other are morethan enormous, too.Other means of reducing the development and production costs of chips include usingthinner wafers, leaving less space between the dice, or changing the way dice are testedor put in their packages. [40][61] However, all these solutions don’t seem to affect significantlythe costs of development or production of secure chips.Additionally, various optimisations have been suggested, regarding the area, performanceor power needs of the chip, such as sharing components between different securitysensors and features in order to amortise their integration costs. [43]
Finally, completelydifferent design approaches such as 3D chips have also been suggested, but they caneven double the chip’s area and lower performance (introducing significant delays), whileincreasing power consumption. [62]
Unfortunately, it so far appears that increased costs arethe price we have to pay for security. [62]
Conclusions
It is pretty evident from what I have already mentioned that development and production ofchips for smart cards come at high costs. In particular, apart from infrastructure andmaterials and workforce, also high tech equipment as well as expert knowledge andsignificant experience are required. This raises significantly the investment cost in thismarket area, thus creating a significant barrier not only in terms of initial entrance in it, butalso regarding sustainable operation in this field. Especially if a company wants to alsofully manufacture its own chips under conditions of mass production the initial investmentcosts rise in the area of several billions of euros.Moreover, it is also clear that integrating security features in such chips raises productionand development costs even further. Less chips can be produced in the same time andtheir development and production cost more. The integration of such features may causeadditional costs comparable to the original costs of production and development for anormal chip. urthermore, by examining the costs of developing an attack I found that these may run ashigh as the costs of developing a chip, but they can also provide significant benefits if suchan attack is successful. Additionally, security is not about making an integrated circuit fullyimpenetrable, as this may not even be possible, but about making a potential attackunprofitable and lowering the risk of a successful attack to an acceptable level. Therefore,I concluded that security and potential damages or losses caused by an attack are stronglyrelated.Furthermore, we tried to identify potential ways and means of reducing the cost of addingsecurity in chips, but we determined that most of them involve significant costs for theirdeployment or are not yet feasible. It is therefore significant to again note that although wedo need security, at present, there is no efficient solution towards significantly reducing theadditional costs that it introduces. [50]
However, the constant progression of technologycould slowly drive costs down, by achieving higher production rates and removing lock-inscaused by incompatibilities and abuses of the vendors’ dominating position in the market.Finally, by comparing the costs of integrating security in chips to the potential losses anddamages caused by a successful attack against them, I concluded that security is highlyneeded and should inherently be sought-after. Additionally, I also identified that clearrelations exist not only between the integration of security in chips and its cost, but alsobetween the level of required security in an integrated circuit and the level of risk related toit. Using this relations, we can eventually determine what level of security is required to beintegrated in a particular chip and if this is also financially viable. eferences [1]
G. de Koning Gans, J.-H. Hoepman & F. D. Garcia, “A Practical Attack on the MIFAREClassic”, CARDIS '08 Proceedings of the 8 th [2] F. D. Garcia, G. de Koning Gans, R. Muijrers, P. van Rossum, R. Verdult, R. WichersSchreur & B. Jacobs, “Dismantling MIFARE Classic”, Proceedings of the 13 th [3] F. D. Garcia, P. van Rossum, R. Verdult & R. Wichers Schreur, “Wirelessly Pickpocketinga Mifare Classic Card”, SP '09 Proceedings of the 2009 30 th [4] K. Nohl & H. Plötz, “Mifare: Little Security, Despite Obscurity”, 24 th ChaosCommunication Congress, 2008.http://events.ccc.de/congress/2007/Fahrplan/events/2378.en.html [5] [6]
N. T. Courtois, K. Nohl & S. O'Neil, “Algebraic Attacks on the Crypto-1 Stream Cipher inMiFare Classic and Oyster Cards”, International Association for Cryptologic Research,2008.http://eprint.iacr.org/2008/166 [7]
N. T. Courtois, “Conditional Multiple Differential Attack on MiFare Classic”, Eurocrypt2009 rump session, 2009.http://eurocrypt2009rump.cr.yp.to/7870fc6d38647a661145594ef0c33015.pdf [8]
N. T. Courtois, “The Dark Side of Security by Obscurity and Cloning MiFare Classic Railand Building Passes, Anywhere, Anytime”, Proceedings of SECRYPT 2009 – InternationalConference on Security and Cryptography, pp. 331-338, 2009.http://eprint.iacr.org/2009/137 [9] [10]
NXP Semiconductors Austria GmbH, “NXP celebrates 20 th [11] E. Sperling & M. Wagner, “Expert Interview: NXP On Security”, SemiconductorEngineering, 2014.http://semiengineering.com/expert-interview-nxp-on-security/ [12]
W. Rankl & W. Effing, “Smart Card Handbook”, 4 th edition, p. 75, Wiley, 2010. [13] K. Lange, G. Müller-Seitz, J. Sydow & A. Windeler, “Financing innovations in uncertainnetworks—Filling in roadmap gaps in the semiconductor industry”, Research Policy, vol.42, iss. 3, pp. 647–661, 2013.http://dx.doi.org/10.1016/j.respol.2012.12.001 [14] [15] [16]
L. Martin, “Using Semiconductor Failure Analysis Tools for Security Analysis”, FIPSPhysical Security Workshop, 2005.http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-3/physec/papers/physecpaper11.pdf [17]
Wikipedia, “Semiconductor fabrication plant”, 24 February 2014. https://en.wikipedia.org/wiki/Semiconductor_fabrication_plant [18]
S. Higginbotham, “Forget servers; One day Facebook, Google and other web giants willmake their own custom chips”, Gigaom, 2013.http://gigaom.com/2013/07/06/forget-servers-one-day-facebook-google-and-other-web-giants-will-make-their-own-custom-chips/ [19]
W. Rankl & W. Effing, “Smart Card Handbook”, 4 th edition, p. 589, Wiley, 2010. [20] Y. Haghiri & T. Tarantino, “Smart Card Manufacturing: A Practical Guide”, Wiley, 2002. [21]
L. Peters, J. Griffin & R. Skinner, “Cost effective IC manufacturing”, ch. 2: “
Cost perwafer ”, Integrated Circuit Engineering Corp., 1995http://smithsonianchips.si.edu/ice/cd/CEICM/SECTION2.pdf
D. Art, M. O'Halloran & B. Butler, “Wafer fab construction cost analysis & cost reductionstrategies: Applications of SEMATECH's future factory analysis methodology”,Proceedings of the IEEE/SEMI 1994 Advanced Semiconductor Manufacturing Conferenceand Workshop, pp. 16-21, 1994.http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=588160 [23] [24]
W. Rankl & W. Effing, “Smart Card Handbook”, 4 th edition, p. 576, Wiley, 2010. [25] [26] E. Thompson, P. Hellebrekers, P. Hofemann, D. L. LaBrake, D. J. Resnick &Sreenivasan, “450mm wafer patterning with jet and flash imprint lithography”, Proceedingsof SPIE – The International Society for Optical Engineering, vol. 8880, SPIE Conferenceon Photomask Technology 2013, 2013.http://proceedings.spiedigitallibrary.org/proceeding.aspx?articleid=1736334 [27] [28] [29]
Wikipedia, “Wafermap showing fully and partially patterned dies”, 24 February 2014.Licensed under the Creative Commons Attribution-Share Alike 3.0 Unported license.https://en.wikipedia.org/wiki/File:Wafermap_showing_fully_and_partially_patterned_dies.svg [30]
Wikipedia, “Semiconductor device fabrication”, 24 February 2014.https://en.wikipedia.org/wiki/Semiconductor_device_fabrication [31]
R. H. Katz, “Computer Science 252: Graduate Computer Architecture”, Lecture 5:“
Cost, Price, and Price for Performance ”, 1996.http://bnrg.cs.berkeley.edu/~randy/Courses/CS252.S96/Lecture05.pdf [32]
J.-W. Cho, “Computer Science 510: Computer Architecture”, Lecture 2: “
Cost ”, 2004.http://camars.kaist.ac.kr/~jwcho/course/cs510/lecture/lec_02_Cost.ppt [33]
J. L. Hennessy & D. A. Patterson, “Computer Architecture: A Quantitative Approach”, 4 th edition, Morgan Kaufmann, 2006. Aceshardware, “Real CPU production cost”, 2008.http://aceshardware.freeforums.org/real-cpu-production-cost-t476.html [35]
Beyond 3D, “Yield, packaging & testing cost for GPUs”, B3D Forum, 2007.http://forum.beyond3d.com/showthread.php?t=41816 [36] [37] [38]
W. Rankl & W. Effing, “Smart Card Handbook”, 4 th edition, p. 575, Wiley, 2010. [39] I. M. R. Verbauwhede, “Secure Integrated Circuits and Systems”, p.148, Springer, 2010. [40] [41]
J. Ertl, T. Plos, M. Feldhofer, N. Felber & L. Henzen, “A Security-enhanced UHF RFIDTag Chip”, Proceedings of 16 th Euromicro Conference on Digital System Design (DSD2013), pp. 705-712, 2013.http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6628348 [42]
G. E. Suh, C. W. O'Donnell, Srinivas Devadas, “AEGIS: A single-chip secureprocessor”, Information Security Technical Report, vol. 10, iss. 2, pp. 63–73, 2005.http://dx.doi.org/10.1016/j.istr.2005.05.002 [43]
S. Narasimhan, W. Yueh, X. Wang, S. Mukhopadhyay, S. Bhunia, “Improving IC securityagainst trojan attacks through integration of security monitors”, IEEE Design and Test ofComputers, vol. 29, iss. 5, pp. 37-46, 2012.http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6248276 [44] [45] [46]
R. Anderson & T. Moore, “Information security economics – and beyond”, Proceedingsof the 27 th [47] [48] [49] M. Abramovici & P. Bradley, “Integrated circuit security: new threats and solutions”,Proceedings of the 5 th [50] M. Abramovici & P. Bradley, “Integrated circuit security: new threats and solutions”, 5 th [51] R. Anderson & M. Kuhn, “Tamper Resistance – a Cautionary Note”, Proceedings of the2 nd USENIX Workshop on Electronic Commerce, pp. 1-11, 1996.http://static.usenix.org/publications/library/proceedings/ec96/full_papers/kuhn/ [52]
A. Iqbal, “Security Threats in Integrated Circuits”, MIT System Design and Managementblog, 2013.http://sdm-blog.mit.edu/2013/10/security-threats-in-integrated-circuits.html [53] [54]
W. Rankl & W. Effing, “Smart Card Handbook”, 4 th edition, p. 668, Wiley, 2010. [55] W. Rankl & W. Effing, “Smart Card Handbook”, 4 th edition, pp. 668-669, Wiley, 2010. [56] W. Rankl & W. Effing, “Smart Card Handbook”, 4 th edition, p. 673, Wiley, 2010. [57] [59] R. Anderson, “Why Information Security is Hard – An Economic Perspective”, 17 th [60] R. Anderson, “Cryptography and Competition Policy – Issues with ‘Trusted Computing’”,22 nd [61] S. Bahukudumbi, “Wafer-level testing and test planning for integrated circuits”, Ph. D.dissertation, Department of Electrical and Computer Engineering, Duke University, 2008.http://dukespace.lib.duke.edu/dspace/bitstream/handle/10161/701/D_Bahukudumbi_Sudarshan_a_200808.pdf?sequence=1 [62]
F. Imeson, A. Emtenan, S. Garg & M. V. Tripunitara, “Securing Computer HardwareUsing 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation”,Proceedings of the 22 ndnd