90 likes | 208 Views
PNNL-SA-141759. Authentication of Electronics for Arms Control. Keith Tolk, Milagro Consulting Jacob Benz, PNNL Jennifer Tanner, PNNL. Authentication vs Certification.
E N D
PNNL-SA-141759 Authentication of Electronics for Arms Control Keith Tolk, Milagro Consulting Jacob Benz, PNNL Jennifer Tanner, PNNL
Authentication vs Certification • Authentication is performed by the inspecting party to ensure that the equipment being used accurately reflects the conditions being observed. • Certification is performed by the host party to ensure that the equipment meets their rules with respect to data security, safety, etc.
Hidden Switches • Equipment can be built that will give accurate results when testing, but will give bogus results in actual use. • Any interaction with the environment can be used to trigger the switch between these modes. • No amount of functional testing will find all hidden switches.
What I’ve learned in the past 30 years • Authentication is much, much more difficult than certification. • If the host supplies the equipment, it is even harder. • If the host supplies the equipment and it includes programmable devices, authentication is almost impossible.
Design for Authentication • It is extremely difficult to add authentication measures to equipment that already exists. • For authentication, the equipment should be • Simple • Modular • Inspectable • Verifiable
Authentication Steps • Joint design to produce equipment that will be accepted by all parties. (Keep it simple.) • Random selection of components or subassemblies. (Chain of Custody on all parts must start here.) • Private inspection of the selected parts. • Functional testing (Not really an authentication measure, but you do want to be sure it works.) • Verification that the equipment has not been altered.
Verification • Once the equipment is in the facility, you can’t go back and perform all the tests you’d like to do. If it’s seen a nuclear weapon, you might not touch it again. • “Hashing” can be used to verify software integrity. • Conformal coatings can be used to detect tampering if they include a physical unclonable function (PUF).
“Hashing” • “Hashing” is a cryptographic process that allows us to verify that software on an untrusted system matches the software on a trusted system. • It’s a simple process using a private key to and either a hash algorithm or an encryption algorithm to produce a message authentication code. (HMAC or CMAC)
Conformal Coating • Reflective particle patterns can be used to detect tampering attempts. • Verification requires a camera and a simple fixture with multiple lights.