Forgot your password?
Security Science Hardware IT

NAND Flash Can Verify a Device's Identity 34

Posted by timothy
from the by-your-errors-shall-we-know-ye dept.
itwbennett writes "Researchers at UC San Diego and Cornell University have developed software that they say can detect variations in flash behavior that are unique to each chip. The system uses 'physically unclonable functions' (PUFs), or variations in manufacturing that are unique to each element of each flash chip. Swanson described one PUF that his team has worked with, called Program Disturb. It uses a type of manufacturing flaw that doesn't affect normal operation but causes problems under test conditions." Related: from last October, another description of such error-based identity assignment.
This discussion has been archived. No new comments can be posted.

NAND Flash Can Verify a Device's Identity

Comments Filter:
  • by geogob (569250) on Saturday August 13, 2011 @01:38PM (#37080056)

    An the lock that goes with this 'perfect' key will most likely be picked through a deficient identification and validation system.

  • by CaptBubba (696284) on Saturday August 13, 2011 @01:58PM (#37080150)

    With increasing densities I doubt you have to go so far as to look at program disturb. Even just the distribution of bad cells which are present in all flash chips from the factory happens in a random enough manner to be able to ID each chip. There is no realistic way to be able to duplicate the bad cell pattern either. The only way you could ever hope to do it would be to get a flash chip with no defects (or only a few overlapping ones) and mark extra cells as defective. Feasible for a couple kilobit chip but not possible for gigibit densities.

    A better ID system would be DRAM really. Write blanket 0s to a block of the memory and halt the refresh operation, then read it a second or two later and see how many have flipped to 1 and in what pattern (the 0 to 1 flip takes much longer than the 1 to 0 flip so it would be more reproducible).

    • by Trepidity (597)

      The article's a little unclear, but I think they're trying to ID a chip design, rather than a specific individual chip. They want to be able to answer questions like: is my supplier cutting corners by putting an El Cheapo NAND chip inside a packaging labeled Expensive NAND?

      So they can't rely on properties like the bad-cell distribution of one particular chip, but they're instead trying to use ideas like, this type of chip will show this kind of failure in many fewer iterations than this other kind of chip w

    • by AdamHaun (43173)

      But having several parameters to measure makes this method more reliable. Maybe they're talking about program disturb because they have a purely user-mode test. I was thinking the high-voltage outputs for program/erase or internal oscillator frequencies would be a better signature, but those require analog test pins that often aren't bonded out.

      I don't buy this as an anti-counterfeiting technique, though. That would require some kind of public access to manufacturing test databases, which is a security risk

    • I used to work in (NOR) flash at chip densities up to 4 gBit (shows how long it's been).
      Perfect chips are gettable. Roughly the centermost third of an 8 inch wafer was flawless in my lab.
      I would figure that on a 12 inch wafer (what most NAND flash is on) that if even the inner 10th is good, you would expect a fairly high yield of "perfect" chips.

    • by AmiMoJo (196126)

      There is no realistic way to be able to duplicate the bad cell pattern either.

      Sure there is. The computer doesn't read the flash memory directly, it goes through the device's firmware first. In fact it is currently not possible to map out bad blocks on flash memory or HDDs because the firmware automatically re-allocates them from a pool of spares and all the PC can see is a counter incrementing in the SMART data. Some vendors have an API to get the raw details but they are not standardised, and of course the firmware could lie anyway.

      It would be a very bad idea for a company to rely

  • legal? (Score:4, Insightful)

    by tchdab1 (164848) on Saturday August 13, 2011 @02:15PM (#37080222) Homepage

    How long before it's used as evidence in court?

    • How long before it's used as evidence in court?

      I'm more worried that this will be used for new DRM systems that are hard to crack. You could make some really nasty anti-tampering protections with this.

      • by maeka (518272)

        I'm more worried that this will be used for new DRM systems that are hard to crack. You could make some really nasty anti-tampering protections with this.

        I don't see how this would be any different, as a DRM system, than a dongle. Like a dongle one doesn't try to replicate what's being checked, but rather "pinch off" and bypass the code doing the checking.

      • by ArcCoyote (634356)

        Not reliable ones. The only DRM/anti-tamper that can't be short-circuited in code is an encryption key. Put the key in a secure chip and make it really, really hard to get to the key from outside the secure hardware. And if you are willing to accept the karma of bricking devices, zeroize the key when tampering is detected.

        Using physical characteristics of flash to generate a key is a bad idea. First, you can't quickly destroy the key to prevent tampering. If the key can be extracted from the hardware, it ca

  • by nashv (1479253) on Saturday August 13, 2011 @04:31PM (#37080876) Homepage

    From TFA

    The hacker might test the NAND flash itself and store the expected values on the chip, then replay the expected results when the chip was tested. In this way, they could impersonate the authentic chip. However, tests showed that there would not be enough room on any chip to store the data needed to carry this out. The amount of data needed would grow with the capacity of the chip and would be orders of magnitude larger than its capacity, he said.

    That's not what a hacker is going to do. A hacker is going to measure the chip's 'response function' to the ID/validation signals. And then he is going to find another chip. Probability dictates that for a sufficiently similar manufacturing process, another chip will have the same occurrence of behaviour NAND cells, except of course they will have a randomly different spatial location on the chip. Then all you need to do is remap the NAND cells' locations through a modified driver, and replicate the response function. YOu may not even need to have a similar occurrence of behaviours, it could be sufficient to find just enough to replicate the response function.

    There is no need to have a complete deterministic model of the chip. You can treat it as a black box and replicate its essential characteristics in a different way. The principle is a mantra in reverse engineering anyway

    • I would says that blackboxing and blackmagic are the mantras of reverse engineering.
      I remember when I cracked*1 the Orcad student version that was limited to 60 pieces to the full featured version, there was a really complex function involved in printing that counted the components but it also read things scattered all around the memory but it never seemed to write at any other place than the stack. After days and days of dead listing reading and debugging without source I was still

Those who do things in a noble spirit of self-sacrifice are to be avoided at all costs. -- N. Alexander.