The thinning of a semiconductor substrate of an integrated circuit from a back face is detected using the measurement of a physical quantity representative of the resistance between the ends of two electrically-conducting contacts situated at an interface between an insulating region and an underlying substrate region. The two electrically-conducting contacts extend through the insulating region to reach the underlying substrate region.

An anti-tamper assembly is disclosed for a circuit board which comprises one or more electronic components. The assembly comprises a container having side walls, a first closed end and a second, opposing open end, the container being configured to be mounted on said circuit board at said open end, over at least one of the electronic components to form, in use, a sealed cavity around said at least one of said electronic components. The assembly further comprises a source of radioactive particles mounted within the container, an image sensor for capturing image frames within said sealed cavity, in use. The image sensor comprises a detector region defining an array of pixels, a screen member located, in use, within the cavity between the radioactive source and the detector, said screen member having at least one aperture, and a processor for retrieving said captured image frames, monitoring said image frames for changes in the statistical distribution of active pixels and, in the event that statistical distribution of active pixels indicates the presence of a feature in an image frame, generating a tamper alert.

An anti-tamper assembly is disclosed for a circuit board which comprises one or more electronic components. The assembly comprises a container having side walls, a first closed end and a second, opposing open end, the container being configured to be mounted on said circuit board at said open end, over at least one of the electronic components to form, in use, a sealed cavity around said at least one of said electronic components. The assembly further comprises a source of radioactive particles mounted within the container, an image sensor for capturing image frames within said sealed cavity, in use. The image sensor comprises a detector region defining an array of pixels, a screen member located, in use, within the cavity between the radioactive source and the detector, said screen member having at least one aperture, and a processor for retrieving said captured image frames, monitoring said image frames for changes in the statistical distribution of active pixels and, in the event that statistical distribution of active pixels indicates the presence of a feature in an image frame, generating a tamper alert.

A security system includes: a first device that includes a first processor and a first target processor; and a second device that includes a second processor and a second target processor. The first processor executes a first process including: first protecting a first program as a monitoring target among programs operating on the first target processor; first decrypting encrypted data obtained by encrypting output data from the first program; and first encrypting the decrypted output data and causing the encrypted data of the output data to be transmitted to the second device. The second processor executes a second process including: second protecting a second program as a monitoring target among programs operating on the second target processor; second decrypting the transmitted encrypted data of the output data; and second encrypting the decrypted output data and outputting the encrypted data of the output data to the second program.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing hardware designs for vulnerabilities to side-channel attacks. One of the methods includes receiving a request to analyze a device hardware design for side-channel vulnerabilities in the device after being manufactured. Physical characteristics data is obtained representing one or more physical characteristics of the device based on the device hardware design. Information flow analysis is performed to identify one or more signals of interest corresponding to digital assets. From the physical characteristics data and the one or more signals of interest, data representing potentially vulnerable signals in the device hardware design is generated. A leakage model is generated for the potentially vulnerable signals that quantifies one or more leakage criteria for one or more structures of the device hardware design.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing hardware designs for vulnerabilities to side-channel attacks. One of the methods includes receiving a request to analyze a device hardware design for side-channel vulnerabilities in the device after being manufactured. Physical characteristics data is obtained representing one or more physical characteristics of the device based on the device hardware design. Information flow analysis is performed to identify one or more signals of interest corresponding to digital assets. From the physical characteristics data and the one or more signals of interest, data representing potentially vulnerable signals in the device hardware design is generated. A leakage model is generated for the potentially vulnerable signals that quantifies one or more leakage criteria for one or more structures of the device hardware design.

A module for a data bus comprises a terminal. The terminal comprises two opposite outer faces, each comprising at least one contact, wherein the two contacts are connected by means of an internal data-bus line for forwarding data through the terminal via said internal data bus. The module further comprises a software-protection unit which is integrated into the terminal and connected to said data-bus line.

A module for a data bus comprises a terminal. The terminal comprises two opposite outer faces, each comprising at least one contact, wherein the two contacts are connected by means of an internal data-bus line for forwarding data through the terminal via said internal data bus. The module further comprises a software-protection unit which is integrated into the terminal and connected to said data-bus line.

A tamper sensor assembly includes a lid having a surface and a sensor substrate on the surface of the lid. The sensor substrate has conductive lines that extend across at least a major portion of the surface of the lid and conform to three dimensional characteristics of the surface of the lid. The security processor is electrically connected to the conductive lines of the sensor substrate and is configured to identify occurrence of tampering with the lid based on an electrical characteristic of signals conducted through the conductive lines, and to perform an anti-tampering operation responsive to identifying occurrence of tampering.

A tamper sensor assembly includes a lid having a surface and a sensor substrate on the surface of the lid. The sensor substrate has conductive lines that extend across at least a major portion of the surface of the lid and conform to three dimensional characteristics of the surface of the lid. The security processor is electrically connected to the conductive lines of the sensor substrate and is configured to identify occurrence of tampering with the lid based on an electrical characteristic of signals conducted through the conductive lines, and to perform an anti-tampering operation responsive to identifying occurrence of tampering.