CHAPTER REPORT BY EUSTACE ASANGHANWA PHYSICAL TAMPER RESISTANCE Physical Tamper ResistanceEustace Asanghanwa 1

1

Eustace Asanghanwa

C H A P T E R R E P O RT BY E U S TAC E A S A N G H A N WA

PHYSICAL TAMPER RESISTANCE

Physical Tamper Resistance

Eustace Asanghanwa 2

OVERVIEW OF TALK

• Ross Anderson on Physical Tamper Resistance• Chapter report• Critique

• Commentary on Tamper Resistance since 2000



KEY TAKE-AWAY

A well-grounded understanding of the concept of tamper resistance



ROSS ANDERSON ON PHYSICAL TAMPER RESISTANCE

SECURITY ENGINEERING, 1 EDITION CHAPTER 14



HISTORICAL ATTACK TECHNIQUES

Attack Object Vulnerability

Keys in PROM Laxity in custody

Keys in sealed encasements Encasement seals

Tamper sensing barriers Exposure from covering exposure

EOL processors via dumpster diving

Memory ‘permanent’ remanence

RAM content via freezing Longer ‘temporal’ remanence

Electromagnetic egress Remote analysis and key extraction



SECURITY PROCESSOR EXAMPLES

Chip Security Notes

iButton Medium Keys in RAMNo tamper sensing barrier

DS5002 Medium Bus encryptionCipher instruction search attack

Capstone/Clipper Medium Claims tamper resistance16-bit checksum easily brute forced

Smartcards & MCU High Secure application processorSecurity by obscurity until Pay-TV



ATTACKER CLASSIFICATION

Classification Description

Class 1 Clever outsiders

Class 2 Knowledgeable insiders

Class 3 Funded organizations

FIPS PUB 140-1 (Effective 1994)

Additive Requirements

Level 1 Basic security e.g. cryptography

Level 2 Tamper evidence

Level 3 Procedural tamper proofing

Level 4 Environmental tamper proofing



ATTACKS ON SMARTCARDS

• Protocol Analysis• Anti-tearing• Cover VPP

• Single stepping• Micro probing• Memory linearization• Cryptographic co-processor interfaces• FIB through shields



STATE OF ART SECURITY ARCHITECTURE

• State of Art• Defense in depth (eliminate single points of failure)• Tamper resistance versus tamper evidence• Stop loss

• What goes wrong• Architectural errors - Trusted card in an untrusted

platform• Security by obscurity targets IP protection• Protocol failure from dangerous combination of

commands• Function creep as in multiuse cards



BENEFITS OF TAMPER RESISTANT DEVICES

• Control information processing by linking to single physical token• Assures data destruction at a definite and verifiable time• Reduce the need to trust human operators• Control value counters



CRITIQUE

• Good• Comprehensive on evolution of tamper resistance.• Grasp on security principles.

• Opportunities for improvement• Smartcard-centric. • Some recommendations not consistent with provided

principles e.g.• Recommends “Using a proprietary (and complicated)

encryption algorithm…” after recommending against home-brewed encryption schemes.

• Techniques behind times even for year 2000.



CONCLUSION

• Security Engineering offers a good comprehensive history on tamper resistance with attention to security principles.

• Threat, tamper resistance, and evaluation techniques have evolved since publication of the first edition.

• I expect significant updates in the chapter on physical tamper resistance in the second edition (still awaiting my copy from Amazon).



PERSONAL COMMENTARYON PHYSICAL TAMPER RESISTANCE



WHAT IS TAMPER RESISTANCE?

Assuring achievement of security goals at all times

Guiding Principles• Assume capable adversaries• Increase cost of analysis• Reduce value of compromise



SINCE 2000 [1ST EDITION SECURITY ENGINEERING]

• Stronger adversaries• Hackers are smarter• Markets are wider fueling motivation• Analysis equipment are more affordable• Industry demands openness in techniques• More professional analysis labs thanks to patent

litigations

• Greater rigor on security evaluation• Revision of FIPS PUB140-1 to FIPS PUB 140-2 in 2002• Common Criteria (ISO/IEC 15408) major version revision

from 2 to 3 currently at version 3.1.



FIPS 140-2

FIPS PUB 140-2 (Effective 2002)

Additive Requirements

Level 1 • Basic security e.g. cryptography

• Untrusted OS

Level 2 • Tamper evidence• Trusted OS• Role based authentication• Common Criteria EAL 2+

Level 3 • Procedural tamper proofing• Identity based authentication• Plaintext CSP on dedicated

ports• Common Criteria EAL 3+

Level 4 • Environmental tamper proofing• Zeroize CSPs on intrusion• Common Criteria EAL 4+Physical Tamper Resistance


COMMON MODERN DAY THREATS

• Micro-probing• Security protocols• Algorithm exploits• Operational environment• Operations timing• Bug exploits



CRITICAL ELEMENTS FOR SUCCESS IN IC TAMPER PROOFING

• Choice and implementation of algorithms

• Analog tamper monitors

• Quality of RNG

• Cost of analysis

• Practicality of exploits

Courtesy Wikipedia



RECAP

• Tamper resistance is about achieving security goals at all times

• Described technology-based methods are common but don’t have to be

• Other tamper proofing methods may include:• Legislation (e.g. in banking networks)• Cultural actions e.g. shaming• Secured premises



THANK YOU


Documents

CHAPTER REPORT BY EUSTACE ASANGHANWA PHYSICAL TAMPER RESISTANCE Physical Tamper ResistanceEustace Asanghanwa 1