Physical tamper Resistance

20
CHAPTER REPORT BY EUSTACE ASANGHANWA PHYSICAL TAMPER RESISTANCE Physical Tamper Resistance Eustace Asanghanwa 1

description

Physical tamper Resistance. Chapter report by Eustace asanghanwa. Overview of talk. Ross Anderson on Physical Tamper Resistance Chapter report Critique Commentary on Tamper Resistance since 2000. Key take-away. A well-grounded understanding of the concept of tamper resistance. - PowerPoint PPT Presentation

Transcript of Physical tamper Resistance

Page 1: Physical tamper Resistance

1

Eustace Asanghanwa

C H A P T E R R E P O RT BY E U S TAC E A S A N G H A N WA

PHYSICAL TAMPER RESISTANCE

Physical Tamper Resistance

Page 2: Physical tamper Resistance

Eustace Asanghanwa 2

OVERVIEW OF TALK

• Ross Anderson on Physical Tamper Resistance• Chapter report• Critique

• Commentary on Tamper Resistance since 2000

Physical Tamper Resistance

Page 3: Physical tamper Resistance

Eustace Asanghanwa 3

KEY TAKE-AWAY

A well-grounded understanding of the concept of tamper resistance

Physical Tamper Resistance

Page 4: Physical tamper Resistance

Eustace Asanghanwa 4

ROSS ANDERSON ON PHYSICAL TAMPER RESISTANCE

SECURITY ENGINEERING, 1 EDITION CHAPTER 14

Physical Tamper Resistance

Page 5: Physical tamper Resistance

Eustace Asanghanwa 5

HISTORICAL ATTACK TECHNIQUESAttack Object Vulnerability

Keys in PROM Laxity in custody

Keys in sealed encasements Encasement seals

Tamper sensing barriers Exposure from covering exposure

EOL processors via dumpster diving

Memory ‘permanent’ remanence

RAM content via freezing Longer ‘temporal’ remanence

Electromagnetic egress Remote analysis and key extraction

Physical Tamper Resistance

Page 6: Physical tamper Resistance

Eustace Asanghanwa 6

SECURITY PROCESSOR EXAMPLESChip Security NotesiButton Medium Keys in RAM

No tamper sensing barrierDS5002 Medium Bus encryption

Cipher instruction search attackCapstone/Clipper Medium Claims tamper resistance

16-bit checksum easily brute forcedSmartcards & MCU High Secure application processor

Security by obscurity until Pay-TV

Physical Tamper Resistance

Page 7: Physical tamper Resistance

Eustace Asanghanwa 7

ATTACKER CLASSIFICATIONClassification DescriptionClass 1 Clever outsidersClass 2 Knowledgeable insidersClass 3 Funded organizations

FIPS PUB 140-1 (Effective 1994)

Additive Requirements

Level 1 Basic security e.g. cryptographyLevel 2 Tamper evidenceLevel 3 Procedural tamper proofingLevel 4 Environmental tamper proofing

Physical Tamper Resistance

Page 8: Physical tamper Resistance

Eustace Asanghanwa 8

ATTACKS ON SMARTCARDS

• Protocol Analysis• Anti-tearing• Cover VPP

• Single stepping• Micro probing• Memory linearization• Cryptographic co-processor interfaces• FIB through shields

Physical Tamper Resistance

Page 9: Physical tamper Resistance

Eustace Asanghanwa 9

STATE OF ART SECURITY ARCHITECTURE

• State of Art• Defense in depth (eliminate single points of failure)• Tamper resistance versus tamper evidence• Stop loss

• What goes wrong• Architectural errors - Trusted card in an untrusted

platform• Security by obscurity targets IP protection• Protocol failure from dangerous combination of

commands• Function creep as in multiuse cardsPhysical Tamper Resistance

Page 10: Physical tamper Resistance

Eustace Asanghanwa 10

BENEFITS OF TAMPER RESISTANT DEVICES

• Control information processing by linking to single physical token• Assures data destruction at a definite and verifiable time• Reduce the need to trust human operators• Control value counters

Physical Tamper Resistance

Page 11: Physical tamper Resistance

Eustace Asanghanwa 11

CRITIQUE

• Good• Comprehensive on evolution of tamper resistance.• Grasp on security principles.

• Opportunities for improvement• Smartcard-centric. • Some recommendations not consistent with provided

principles e.g.• Recommends “Using a proprietary (and complicated)

encryption algorithm…” after recommending against home-brewed encryption schemes.

• Techniques behind times even for year 2000.

Physical Tamper Resistance

Page 12: Physical tamper Resistance

Eustace Asanghanwa 12

CONCLUSION

• Security Engineering offers a good comprehensive history on tamper resistance with attention to security principles.

• Threat, tamper resistance, and evaluation techniques have evolved since publication of the first edition.

• I expect significant updates in the chapter on physical tamper resistance in the second edition (still awaiting my copy from Amazon).

Physical Tamper Resistance

Page 13: Physical tamper Resistance

Eustace Asanghanwa 13

PERSONAL COMMENTARYON PHYSICAL TAMPER RESISTANCE

Physical Tamper Resistance

Page 14: Physical tamper Resistance

Eustace Asanghanwa 14

WHAT IS TAMPER RESISTANCE?

Assuring achievement of security goals at all times

Guiding Principles• Assume capable adversaries• Increase cost of analysis• Reduce value of compromise

Physical Tamper Resistance

Page 15: Physical tamper Resistance

Eustace Asanghanwa 15

SINCE 2000 [1ST EDITION SECURITY ENGINEERING]• Stronger adversaries• Hackers are smarter• Markets are wider fueling motivation• Analysis equipment are more affordable• Industry demands openness in techniques• More professional analysis labs thanks to patent

litigations

• Greater rigor on security evaluation• Revision of FIPS PUB140-1 to FIPS PUB 140-2 in 2002• Common Criteria (ISO/IEC 15408) major version revision

from 2 to 3 currently at version 3.1.

Physical Tamper Resistance

Page 16: Physical tamper Resistance

Eustace Asanghanwa 16

FIPS 140-2FIPS PUB 140-2 (Effective 2002)

Additive Requirements

Level 1 • Basic security e.g. cryptography

• Untrusted OSLevel 2 • Tamper evidence

• Trusted OS• Role based authentication• Common Criteria EAL 2+

Level 3 • Procedural tamper proofing• Identity based authentication• Plaintext CSP on dedicated

ports• Common Criteria EAL 3+

Level 4 • Environmental tamper proofing• Zeroize CSPs on intrusion• Common Criteria EAL 4+Physical Tamper Resistance

Page 17: Physical tamper Resistance

Eustace Asanghanwa 17

COMMON MODERN DAY THREATS

• Micro-probing• Security protocols• Algorithm exploits• Operational environment• Operations timing• Bug exploits

Physical Tamper Resistance

Page 18: Physical tamper Resistance

Eustace Asanghanwa 18

CRITICAL ELEMENTS FOR SUCCESS IN IC TAMPER PROOFING

• Choice and implementation of algorithms• Analog tamper monitors• Quality of RNG• Cost of analysis• Practicality of exploits

Courtesy Wikipedia

Physical Tamper Resistance

Page 19: Physical tamper Resistance

Eustace Asanghanwa 19

RECAP

• Tamper resistance is about achieving security goals at all times

• Described technology-based methods are common but don’t have to be

• Other tamper proofing methods may include:• Legislation (e.g. in banking networks)• Cultural actions e.g. shaming• Secured premises

Physical Tamper Resistance

Page 20: Physical tamper Resistance

Eustace Asanghanwa 20

THANK YOU

Physical Tamper Resistance