Researchers at Cambridge University's Computer Laboratory have developed a powerful class of attacks on computer security systems. The attack was invented by Sergei Skorobogatov, a PhD student with the Laboratory's security group, led by Dr Ross Anderson.

They discovered that illuminating a single transistor in an integrated circuit, using a laser or other tightly focussed source of energy, it is possible to induce a transient fault in the circuit. By careful choice of the target transistor and the exact time of the transient, it is possible to circumvent the protection of many of the secure microcontrollers and smartcards in use today.

The use of fault attacks to break security processors had been described by a number of researchers in the past, but the methods available for inducing actual faults were crude (for example, inserting a transient overvoltage into the power supply to the chip).

The Cambridge team used a simple photographer's flashgun, mounted on a microscope to induce faults in the chips.

By now, many security processors contain circuits to stop such attacks. The new attack, however, works with such precision that existing countermeasures will have to be upgraded.

Work on perfecting the attack was completed in the Computer Laboratory a year ago, but has been kept under wraps until now to enable defensive technologies to be developed. Dr Anderson and Dr Simon Moore, also a member of the Laboratory's Security Group, have developed and tested a new silicon technology that can block this and many other previously known attacks.

The team believes the attack is likely to have a disruptive influence on security processor technology. Simply shielding the processor, for example by adding a top metal layer to the chip, is not sufficient; silicon becomes transparent to light in the infrared so the attacks can still be conducted through the rear of the chip. It is also possible that attacks can be conducted using other sources of energy, such as electromagnetic pulses and X-rays.

"Sergei's work will trigger a generation change in smartcard technology," said Dr Anderson. "The immediate effect of his work is that many attacks on computer systems that were developed as theoretical possibilities by the research communities in the 1990s have suddenly become practical."

Their first prototype of a new security processor was unveiled at the IEEE International Symposium on Asynchronous Circuits and Systems in Manchester in April, where it won the best presentation award. The new processor is designed so that the failure of a single transistor or other component should not cause a failure of protection: it should either have no effect, or cause an alarm. This introduces a new kind of security fault-tolerance which may have much wider applicability.