CHAPTER REPORT BY EUSTACE ASANGHANWA PHYSICAL TAMPER RESISTANCE Physical Tamper ResistanceEustace Asanghanwa 1.

Slides:

Advertisements

Similar presentations

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Advertisements

GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Presenter: Nguyen Ba Anh HCMC University of Technology Information System Security Course.

Low Cost Attack on Tamper Resistant Devices Ross Anderson, Markus Kuhn Songpol Manoonpong.

Chapter 14 Physical Tamper Resistance Hack a lock:

Larry Wagner Sr. Director of Engineering

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Jeff Bilger - CSE P 590TU - Winter 2006 The Role of Cryptography in Combating Software Piracy.

Information Security of Embedded Systems : Design of Secure Systems Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

White-Box Cryptography

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

FIPS Section 5 – Physical Security Randall J. Easter Director, NIST CMVP Ken Lu CSE CMVP September 28, 2005.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

VM: Chapter 5 Guiding Principles for Software Security.

Lecture 1: Overview modified from slides of Lawrie Brown.

Chapter 1 – Introduction

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 An Overview of Computer Security computer security.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

Business Data Communications, Fourth Edition Chapter 10: Network Security.

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

SEC835 Database and Web application security Information Security Architecture.

Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

Introduction to the Mobile Security (MD)  Chaitanya Nettem  Rawad Habib  2015.

1 FIPS 140 Validation for a “System-on-a-Chip” September 27, 2005 NIST Physical Testing Workshop.

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Information Security Lab. Dept. of Computer Engineering 182/203 PART I Symmetric Ciphers CHAPTER 7 Confidentiality Using Symmetric Encryption 7.1 Placement.

PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.

Levels of Assurance in Authentication Tim Polk April 24, 2007.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.

Possible Testing Solutions and Associated Costs

Action SecWG1012:9 “Investigate how role-based access, in compliance with FIPS 140-2, can be used by flight crypto systems.” Where this question comes.

A Generalized Effectuate Strategy for Mash-up Mobile Circumstances A Generalized Effectuate Strategy for Mash-up Mobile Circumstances Project Guide M.J.Jeyasheela.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Model Information Security Planning By Mohammed Ashfaq Ahmed.

ICOM 5018 Network Security and Cryptography Description This course introduces and provides practical experience in network security issues and cryptographic.

Csci5233 computer security & integrity 1 An Overview of Computer Security.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

By Ramesh Mannava.  Overview  Introduction  10 secure software engineering topics  Agile development with security development activities  Conclusion.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Encryption Power Crunch Tyler Morgan. Encryption & Cryptography What it is, methods, and brief description of cryptography.

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

CompTIA Security+ Certification Exam SY COMPTIA SECURITY+SY0-401 Q&A is a straight forward,efficient,and effective method of preparing for the new.

Secret Key Cryptography

CS457 Introduction to Information Security Systems

Overview on Hardware Security

Protect Your Hardware from Hacking and Theft

FIPS 140 Validation for a “System-on-a-Chip”

Hardware Cryptographic Coprocessor

Introduction Of System Security

International Data Encryption Algorithm

Introduction to Cryptography

Cryptography and Network Security

Presentation transcript:

CHAPTER REPORT BY EUSTACE ASANGHANWA PHYSICAL TAMPER RESISTANCE Physical Tamper ResistanceEustace Asanghanwa 1

OVERVIEW OF TALK Ross Anderson on Physical Tamper Resistance Chapter report Critique Commentary on Tamper Resistance since 2000 Physical Tamper ResistanceEustace Asanghanwa2

KEY TAKE-AWAY A well-grounded understanding of the concept of tamper resistance Physical Tamper ResistanceEustace Asanghanwa3

ROSS ANDERSON ON PHYSICAL TAMPER RESISTANCE SECURITY ENGINEERING, 1 EDITION CHAPTER 14 Physical Tamper ResistanceEustace Asanghanwa4

HISTORICAL ATTACK TECHNIQUES Attack ObjectVulnerability Keys in PROMLaxity in custody Keys in sealed encasementsEncasement seals Tamper sensing barriersExposure from covering exposure EOL processors via dumpster divingMemory ‘permanent’ remanence RAM content via freezingLonger ‘temporal’ remanence Electromagnetic egressRemote analysis and key extraction Physical Tamper ResistanceEustace Asanghanwa5

SECURITY PROCESSOR EXAMPLES ChipSecurityNotes iButtonMediumKeys in RAM No tamper sensing barrier DS5002MediumBus encryption Cipher instruction search attack Capstone/ClipperMediumClaims tamper resistance 16-bit checksum easily brute forced Smartcards & MCUHighSecure application processor Security by obscurity until Pay-TV Physical Tamper ResistanceEustace Asanghanwa6

ATTACKER CLASSIFICATION ClassificationDescription Class 1Clever outsiders Class 2Knowledgeable insiders Class 3Funded organizations FIPS PUB (Effective 1994)Additive Requirements Level 1Basic security e.g. cryptography Level 2Tamper evidence Level 3Procedural tamper proofing Level 4Environmental tamper proofing Physical Tamper ResistanceEustace Asanghanwa7

ATTACKS ON SMARTCARDS Protocol Analysis Anti-tearing Cover V PP Single stepping Micro probing Memory linearization Cryptographic co-processor interfaces FIB through shields Physical Tamper ResistanceEustace Asanghanwa8

STATE OF ART SECURITY ARCHITECTURE State of Art Defense in depth (eliminate single points of failure) Tamper resistance versus tamper evidence Stop loss What goes wrong Architectural errors - Trusted card in an untrusted platform Security by obscurity targets IP protection Protocol failure from dangerous combination of commands Function creep as in multiuse cards Physical Tamper ResistanceEustace Asanghanwa9

BENEFITS OF TAMPER RESISTANT DEVICES Control information processing by linking to single physical token Assures data destruction at a definite and verifiable time Reduce the need to trust human operators Control value counters Physical Tamper ResistanceEustace Asanghanwa10

CRITIQUE Good Comprehensive on evolution of tamper resistance. Grasp on security principles. Opportunities for improvement Smartcard-centric. Some recommendations not consistent with provided principles e.g. Recommends “Using a proprietary (and complicated) encryption algorithm…” after recommending against home- brewed encryption schemes. Techniques behind times even for year Physical Tamper ResistanceEustace Asanghanwa11

CONCLUSION Security Engineering offers a good comprehensive history on tamper resistance with attention to security principles. Threat, tamper resistance, and evaluation techniques have evolved since publication of the first edition. I expect significant updates in the chapter on physical tamper resistance in the second edition (still awaiting my copy from Amazon). Physical Tamper ResistanceEustace Asanghanwa12

PERSONAL COMMENTARY ON PHYSICAL TAMPER RESISTANCE Physical Tamper ResistanceEustace Asanghanwa13

WHAT IS TAMPER RESISTANCE? Assuring achievement of security goals at all times Guiding Principles Assume capable adversaries Increase cost of analysis Reduce value of compromise Physical Tamper ResistanceEustace Asanghanwa14

SINCE 2000 [1 ST EDITION SECURITY ENGINEERING] Stronger adversaries Hackers are smarter Markets are wider fueling motivation Analysis equipment are more affordable Industry demands openness in techniques More professional analysis labs thanks to patent litigations Greater rigor on security evaluation Revision of FIPS PUB140-1 to FIPS PUB in 2002 Common Criteria (ISO/IEC 15408) major version revision from 2 to 3 currently at version 3.1. Physical Tamper ResistanceEustace Asanghanwa15

FIPS FIPS PUB (Effective 2002)Additive Requirements Level 1 Basic security e.g. cryptography Untrusted OS Level 2 Tamper evidence Trusted OS Role based authentication Common Criteria EAL 2+ Level 3 Procedural tamper proofing Identity based authentication Plaintext CSP on dedicated ports Common Criteria EAL 3+ Level 4 Environmental tamper proofing Zeroize CSPs on intrusion Common Criteria EAL 4+ Physical Tamper ResistanceEustace Asanghanwa16

COMMON MODERN DAY THREATS Micro-probing Security protocols Algorithm exploits Operational environment Operations timing Bug exploits Physical Tamper ResistanceEustace Asanghanwa17

CRITICAL ELEMENTS FOR SUCCESS IN IC TAMPER PROOFING Choice and implementation of algorithms Analog tamper monitors Quality of RNG Cost of analysis Practicality of exploits Courtesy Wikipedia Physical Tamper ResistanceEustace Asanghanwa18

RECAP Tamper resistance is about achieving security goals at all times Described technology-based methods are common but don’t have to be Other tamper proofing methods may include: Legislation (e.g. in banking networks) Cultural actions e.g. shaming Secured premises Eustace Asanghanwa19Physical Tamper Resistance

THANK YOU Physical Tamper ResistanceEustace Asanghanwa20