Every concept in this chapter has a security dimension. Worth collecting them:
- Linear wave shaping. RC time constants set the bandwidth of leakage from chips' internal nodes to externally measurable rails. Decoupling networks are designed to prevent internal switching from being readable on the outside; attackers want to recover it through deconvolution.
- Compensated dividers and probes. A poorly compensated probe distorts side-channel measurements, sometimes hiding the attack signal entirely. Defenders sometimes deliberately poison the measurement bandwidth by adding LC notches at the attacker's expected frequencies.
- Clipping and clamping. ESD-protection diodes can be deliberately overloaded to cause faults; a glitch with enough energy can momentarily forward-bias both protection diodes, briefly disconnecting the chip from its intended supply.
- Transistor switching speed and storage time. A glitch attack succeeds when a fast pulse propagates through one path of the circuit but not another, creating a momentary inconsistency. Storage time creates delay variation that attackers exploit.
- Schmitt triggers as glitch filters and as glitch targets. A Schmitt on the reset pin filters out glitches; but Schmitt thresholds themselves can be perturbed by supply glitches.
- Multivibrators and ring oscillators as PUFs. As discussed: ring oscillator frequencies are device-unique and used for cryptographic key generation.
- 555 timing variations. Useful as a (low-quality) RNG; vulnerable to supply-voltage attacks.
- Time-base linearity and acquisition jitter. Limit the precision of side-channel measurements.
- Logic family choice. Modern low-voltage CMOS has small noise margins and is more vulnerable to some glitch attacks; older 5 V TTL is more robust to small disturbances but radiates more EM.
- Sampling gates. The literal mechanism of every side-channel measurement. Improvements here directly improve attack capabilities.