In this talk, we present a case study of various defensive measures we encountered during an ongoing research project targeting a widely deployed, though older generation (180nm), secure element from a major vendor.

Well over a hundred unique library cells were reverse engineered, ranging from simple NAND/NOR gates with a range of drive strengths to clock gating cells, latches, scan chain flipflops, and more. Several distinct cell libraries were found in different parts of the device, which may point to these modules having been developed by different engineering teams, or that they are third party hard IP blocks.

Many different protection mechanisms were identified including front side active mesh, internal memory address and data bus scrambling, and deliberately convoluted routing passing through many buffer cells to obfuscate the ultimate destination of the signal. We discuss the effectiveness of these countermeasures and how difficult or time-consuming we found each to overcome.