I recently came across an interesting blog post that describes how a clever hardware hacker managed to make a single-chip CMOS inverter at home. The hacker apparently worked out her own CMOS fabrication process using just equipment that's cheap and readily available.
A single inverter isn't that impressive – it has just a single PMOS transistor and a single NMOS transistor - but the fact that this hacker managed to develop a process to make a single-chip version at home is extremely impressive. The success of this project made me wonder about how successful hardware hackers who operate with a similarly-modest budget can be.
I have always said that the protection provided by hardware is fundamentally different from the protection provided by encryption. Once you have the right tools and expertise, a wide range of attacks become feasible. If you have a big budget, perhaps just a few million dollars, you can probably beat any hardware security mechanism at all. The more interesting question is really whether or not relatively low-budget attacks can beat the security provided by hardware.
The fact that a clever hardware hacker managed to make a single-chip CMOS device at home leads me to believe that hardware hackers may be much more capable then we might first think, and that they might be able to carry out some impressive attacks against smart cards and HSMs. Hardware security isn't perfect, but we tend to think of it as being better in some vague and ill-defined way than software-only security. Maybe the difference isn't really that big.