290 likes | 566 Views
Physical tamper Resistance. Chapter report by Eustace asanghanwa. Overview of talk. Ross Anderson on Physical Tamper Resistance Chapter report Critique Commentary on Tamper Resistance since 2000. Key take-away. A well-grounded understanding of the concept of tamper resistance.
E N D
Physical tamper Resistance Chapter report by Eustace asanghanwa Eustace Asanghanwa
Overview of talk • Ross Anderson on Physical Tamper Resistance • Chapter report • Critique • Commentary on Tamper Resistance since 2000 Eustace Asanghanwa
Key take-away A well-grounded understanding of the concept of tamper resistance Eustace Asanghanwa
Ross Anderson on physical tamper resistance Security engineering, 1 edition chapter 14 Eustace Asanghanwa
Historical attack techniques Eustace Asanghanwa
Security Processor examples Eustace Asanghanwa
Attacker classification Eustace Asanghanwa
Attacks on smartcards Protocol Analysis Anti-tearing Cover VPP Single stepping Micro probing Memory linearization Cryptographic co-processor interfaces FIB through shields Eustace Asanghanwa
State of ART Security Architecture • State of Art • Defense in depth (eliminate single points of failure) • Tamper resistance versus tamper evidence • Stop loss • What goes wrong • Architectural errors - Trusted card in an untrusted platform • Security by obscurity targets IP protection • Protocol failure from dangerous combination of commands • Function creep as in multiuse cards Eustace Asanghanwa
Benefits of TamPERrESisTANT DEVICES Control information processing by linking to single physical token Assures data destruction at a definite and verifiable time Reduce the need to trust human operators Control value counters Eustace Asanghanwa
critique • Good • Comprehensive on evolution of tamper resistance. • Grasp on security principles. • Opportunities for improvement • Smartcard-centric. • Some recommendations not consistent with provided principles e.g. • Recommends “Using a proprietary (and complicated) encryption algorithm…” after recommending against home-brewed encryption schemes. • Techniques behind times even for year 2000. Eustace Asanghanwa
Conclusion Security Engineering offers a good comprehensive history on tamper resistance with attention to security principles. Threat, tamper resistance, and evaluation techniques have evolved since publication of the first edition. I expect significant updates in the chapter on physical tamper resistance in the second edition (still awaiting my copy from Amazon). Eustace Asanghanwa
Personal commentary ON Physical Tamper resistance Eustace Asanghanwa
What is tamper Resistance? Assuring achievement of security goals at all times Guiding Principles Assume capable adversaries Increase cost of analysis Reduce value of compromise Eustace Asanghanwa
Since 2000 [1st Edition Security Engineering] • Stronger adversaries • Hackers are smarter • Markets are wider fueling motivation • Analysis equipment are more affordable • Industry demands openness in techniques • More professional analysis labs thanks to patent litigations • Greater rigor on security evaluation • Revision of FIPS PUB140-1 to FIPS PUB 140-2 in 2002 • Common Criteria (ISO/IEC 15408) major version revision from 2 to 3 currently at version 3.1. Eustace Asanghanwa
FIPS 140-2 Eustace Asanghanwa
Common modern day threats • Micro-probing • Security protocols • Algorithm exploits • Operational environment • Operations timing • Bug exploits Eustace Asanghanwa
Critical elements for Success in IC tamper Proofing Courtesy Wikipedia Eustace Asanghanwa
Recap • Tamper resistance is about achieving security goals at all times • Described technology-based methods are common but don’t have to be • Other tamper proofing methods may include: • Legislation (e.g. in banking networks) • Cultural actions e.g. shaming • Secured premises Eustace Asanghanwa
Thank you Eustace Asanghanwa