CHAPTER REPORT BY EUSTACE ASANGHANWA PHYSICAL TAMPER RESISTANCE Physical Tamper Resistance Eustace Asanghanwa 1
Dec 15, 2015
1
Eustace Asanghanwa
C H A P T E R R E P O RT BY E U S TAC E A S A N G H A N WA
PHYSICAL TAMPER RESISTANCE
Physical Tamper Resistance
Eustace Asanghanwa 2
OVERVIEW OF TALK
• Ross Anderson on Physical Tamper Resistance• Chapter report• Critique
• Commentary on Tamper Resistance since 2000
Physical Tamper Resistance
Eustace Asanghanwa 3
KEY TAKE-AWAY
A well-grounded understanding of the concept of tamper resistance
Physical Tamper Resistance
Eustace Asanghanwa 4
ROSS ANDERSON ON PHYSICAL TAMPER RESISTANCE
SECURITY ENGINEERING, 1 EDITION CHAPTER 14
Physical Tamper Resistance
Eustace Asanghanwa 5
HISTORICAL ATTACK TECHNIQUES
Attack Object Vulnerability
Keys in PROM Laxity in custody
Keys in sealed encasements Encasement seals
Tamper sensing barriers Exposure from covering exposure
EOL processors via dumpster diving
Memory ‘permanent’ remanence
RAM content via freezing Longer ‘temporal’ remanence
Electromagnetic egress Remote analysis and key extraction
Physical Tamper Resistance
Eustace Asanghanwa 6
SECURITY PROCESSOR EXAMPLES
Chip Security Notes
iButton Medium Keys in RAMNo tamper sensing barrier
DS5002 Medium Bus encryptionCipher instruction search attack
Capstone/Clipper Medium Claims tamper resistance16-bit checksum easily brute forced
Smartcards & MCU High Secure application processorSecurity by obscurity until Pay-TV
Physical Tamper Resistance
Eustace Asanghanwa 7
ATTACKER CLASSIFICATION
Classification Description
Class 1 Clever outsiders
Class 2 Knowledgeable insiders
Class 3 Funded organizations
FIPS PUB 140-1 (Effective 1994)
Additive Requirements
Level 1 Basic security e.g. cryptography
Level 2 Tamper evidence
Level 3 Procedural tamper proofing
Level 4 Environmental tamper proofing
Physical Tamper Resistance
Eustace Asanghanwa 8
ATTACKS ON SMARTCARDS
• Protocol Analysis• Anti-tearing• Cover VPP
• Single stepping• Micro probing• Memory linearization• Cryptographic co-processor interfaces• FIB through shields
Physical Tamper Resistance
Eustace Asanghanwa 9
STATE OF ART SECURITY ARCHITECTURE
• State of Art• Defense in depth (eliminate single points of failure)• Tamper resistance versus tamper evidence• Stop loss
• What goes wrong• Architectural errors - Trusted card in an untrusted
platform• Security by obscurity targets IP protection• Protocol failure from dangerous combination of
commands• Function creep as in multiuse cards
Physical Tamper Resistance
Eustace Asanghanwa 10
BENEFITS OF TAMPER RESISTANT DEVICES
• Control information processing by linking to single physical token• Assures data destruction at a definite and verifiable time• Reduce the need to trust human operators• Control value counters
Physical Tamper Resistance
Eustace Asanghanwa 11
CRITIQUE
• Good• Comprehensive on evolution of tamper resistance.• Grasp on security principles.
• Opportunities for improvement• Smartcard-centric. • Some recommendations not consistent with provided
principles e.g.• Recommends “Using a proprietary (and complicated)
encryption algorithm…” after recommending against home-brewed encryption schemes.
• Techniques behind times even for year 2000.
Physical Tamper Resistance
Eustace Asanghanwa 12
CONCLUSION
• Security Engineering offers a good comprehensive history on tamper resistance with attention to security principles.
• Threat, tamper resistance, and evaluation techniques have evolved since publication of the first edition.
• I expect significant updates in the chapter on physical tamper resistance in the second edition (still awaiting my copy from Amazon).
Physical Tamper Resistance
Eustace Asanghanwa 14
WHAT IS TAMPER RESISTANCE?
Assuring achievement of security goals at all times
Guiding Principles• Assume capable adversaries• Increase cost of analysis• Reduce value of compromise
Physical Tamper Resistance
Eustace Asanghanwa 15
SINCE 2000 [1ST EDITION SECURITY ENGINEERING]
• Stronger adversaries• Hackers are smarter• Markets are wider fueling motivation• Analysis equipment are more affordable• Industry demands openness in techniques• More professional analysis labs thanks to patent
litigations
• Greater rigor on security evaluation• Revision of FIPS PUB140-1 to FIPS PUB 140-2 in 2002• Common Criteria (ISO/IEC 15408) major version revision
from 2 to 3 currently at version 3.1.
Physical Tamper Resistance
Eustace Asanghanwa 16
FIPS 140-2
FIPS PUB 140-2 (Effective 2002)
Additive Requirements
Level 1 • Basic security e.g. cryptography
• Untrusted OS
Level 2 • Tamper evidence• Trusted OS• Role based authentication• Common Criteria EAL 2+
Level 3 • Procedural tamper proofing• Identity based authentication• Plaintext CSP on dedicated
ports• Common Criteria EAL 3+
Level 4 • Environmental tamper proofing• Zeroize CSPs on intrusion• Common Criteria EAL 4+Physical Tamper Resistance
Eustace Asanghanwa 17
COMMON MODERN DAY THREATS
• Micro-probing• Security protocols• Algorithm exploits• Operational environment• Operations timing• Bug exploits
Physical Tamper Resistance
Eustace Asanghanwa 18
CRITICAL ELEMENTS FOR SUCCESS IN IC TAMPER PROOFING
• Choice and implementation of algorithms
• Analog tamper monitors
• Quality of RNG
• Cost of analysis
• Practicality of exploits
Courtesy Wikipedia
Physical Tamper Resistance
Eustace Asanghanwa 19
RECAP
• Tamper resistance is about achieving security goals at all times
• Described technology-based methods are common but don’t have to be
• Other tamper proofing methods may include:• Legislation (e.g. in banking networks)• Cultural actions e.g. shaming• Secured premises
Physical Tamper Resistance