Presentation is loading. Please wait.

Presentation is loading. Please wait.

1Copyright © 2005 InfoGard Laboratories Proprietary NIST CMVP Physical Security Conference Physical Security Protections September 25, 2005.

Published byGordon Cook Modified over 9 years ago

Similar presentations

Presentation on theme: "1Copyright © 2005 InfoGard Laboratories Proprietary NIST CMVP Physical Security Conference Physical Security Protections September 25, 2005."— Presentation transcript:

1 1Copyright © 2005 InfoGard Laboratories Proprietary NIST CMVP Physical Security Conference Physical Security Protections September 25, 2005

2 2Copyright © 2005 InfoGard Laboratories Proprietary Agenda Introduction –Physical Security Considerations –Attack Considerations Commonly Used Physical Security Protections –Multi-Chip Embodiments –Attack Challenges –Attack Tools and Methods Conclusion

3 3Copyright © 2005 InfoGard Laboratories Proprietary Physical Security Considerations Module Physical Security Considerations: –Protection features are dependant on: Sensitivity of the information it is protecting Deployment environment –FIPS 140-2 Level 1 & 2: The dependability of cryptographic modules is reliant upon all of the elements and the interactions of the physical security system. –FIPS 140-2 Levels 3 & 4 Highly sensitive, but no classified, information As the deployment environment becomes more hostile, the integrity of the module relies heavily on the detection and possible prevention of unauthorized physical access.

4 4Copyright © 2005 InfoGard Laboratories Proprietary Attack Considerations The physical security characteristics and mechanisms integrated in cryptographic modules (security or cryptographic) are an independent component that should effectively protect against potential penetration attacks deemed reasonable and appropriate for their given deployment environment. –The components that devise the physical security system must work together in unison and be of comparable strength. –If any component of the system is weak or works ineffectively with any of the other components, then that component has the potential of causing an overall physical security system weakness. Attackers typically research and investigate these system weaknesses and tailor an exploit to take advantage of this vulnerability to compromise cryptographic module.Attackers typically research and investigate these system weaknesses and tailor an exploit to take advantage of this vulnerability to compromise cryptographic module.

5 5Copyright © 2005 InfoGard Laboratories Proprietary Physical Security Protection Three commonly used physical security protections: –Potting Encapsulation –Enclosure with tamper switches –Enclosure with tamper wrapper

6 6Copyright © 2005 InfoGard Laboratories Proprietary General Attack Challenges Visibility –Structure of the module and functionality Accessibility –Highest probability areas to initiate compromising vulnerabilities Ability –Knowledge of physics, electronics, and material properties –Experience to utilize the optimum tools, supplies, and resources at the appropriate time

7 7Copyright © 2005 InfoGard Laboratories Proprietary Potting Encapsulation Completely surrounds the cryptographic boundary Requirements for compliance –Opacity (or inability to see through the potting material); –Visible tamper evidence if removed; –Sufficiently “hard” after properly cured Only sufficient to meet level 3

8 8Copyright © 2005 InfoGard Laboratories Proprietary Potting Encapsulation Attacks Potting encapsulations are typically compromised with Heat or Solvents without causing damage to the underlying circuitry Mechanical methods may also be effective TypeToolsApproach Potting Encapsulation 1.Heat Gun 2.Soldering Iron 3.Household cleaners 4.Dremel Apply heat above thresholds in data sheet Submerge or brush on solvent. Usually takes approximately 4 hours to see compromise Mill away at material but care must be taken when near the components Note: These attack methods are only applicable for Level 4 modules

9 9Copyright © 2005 InfoGard Laboratories Proprietary Enclosures and Tamper Switches Tamper switches are the most common mechanisms used to protect modules with metallic and/or plastic enclosures –Tamper switches prevent unauthorized access by detecting an opening of the module’s cover and/or doors –Upon detection, the module responds by zeroizing all plaintext critical security parameters –Zeroization leaves the module and its information virtually without value

10 10Copyright © 2005 InfoGard Laboratories Proprietary Enclosures and Tamper Switches Variety of Tamper Switches (sample of most common) –Micro-switches are the most basic switch. These types of switches are engaged when the module’s enclosure (covers and/or doors) are closed and force is applied. When the enclosure is opened, the switch releases, which in turn causes a tamper event. –Pressure contacts function in a similar manner as the micro-switch. With this approach, there are typically two conductive pads designed on a PCB board (rather than a separate component). When the module’s covers/doors are closed, the two pads become shorted typically by a conductive membrane (commonly seen in keypads). When the enclosure is opened, the conductive membrane no longer provides the conductive link between the two pads, creating an open circuit, and causing the module to respond with a tamper event. –Reed switches respond to the polarity of a magnetic source in close proximity. Typically, the module’s enclosure is fixed with a magnet to engage a reed switch, which is mounted on the module’s PCB. When the enclosure is opened, the magnetic source moves further apart from the reed switch, eventually causing a tamper event.

11 11Copyright © 2005 InfoGard Laboratories Proprietary Type of SwitchToolsApproach Micro-switch1.Custom tool 2.Glue Utilizing a custom tool to hold the switch down as the enclosure is opened, applying glue to the actuator of the switch to keep it engaged, and filling the whole chassis with a material that would keep the switch engaged Pressure contacts 1.Needle 2.Ink Gain access to the contacts and apply conductive ink, shorting the contacts pads, and making the device believe that the conductive membranes were never released Reed Switch1.MagnetIntroduce a strong magnetic force directly over the location of the reed switch prior to opening the enclosure; avoiding the introduction of the internal magnet with opposite polarity Enclosures and Tamper Switch Attacks Tamper switches are extremely easy to defeat. –Challenge largely depends on whether or not the objective is to limit or have no visible evidence of tamper. Note: The testing limitations (e.g., no drilling, milling, grinding, or dissolving) for FIPS 140-2 Level 3 make tamper switches an acceptable solution. However, the testing limitations are removed on FIPS 140-2 Level 4, so in order to achieve compliance would require additional security features

12 12Copyright © 2005 InfoGard Laboratories Proprietary Enclosures and Tamper Wrappers A tamper wrapper is a flexible film that has conductive traces on it, used to fully enclose the cryptographic module Depending on the material and the characteristics a tamper wrapper can also protect against a variety of other attacks, including:chemicals, heat, cutting, grinding, and drilling

13 13Copyright © 2005 InfoGard Laboratories Proprietary Enclosures and Tamper Wrappers Strength Differentiators: –Number of tamper layers within the film; –Width and distance between traces; –Visibility of the traces; –Trace material –Folding/wrapping methodology Two commonly deployed tamper wrappers –Copper - relatively durable against mechanical, chemical, and high temperature based attacks –Conductive Ink – more sensitive then copper based solutions Tamper wrappers that exhibit high impedance characteristics are typically harder to defeat because of their ability to monitor a change in voltage potential when attacked

14 14Copyright © 2005 InfoGard Laboratories Proprietary Enclosures and Tamper Wrapper Attacks Visibility & Accessibility: –Mechanical tools –Chemical exposure –Abrasives –Electrical blasters –Heat exposure –X-Ray –Statically charge the conductive traces –Heat dissipation TypeToolsApproach Copper 1.Soldering Iron Once the traces are accessible, they are also relatively easy to bypass, either by unwrapping the tamper wrapper or by penetrating the wrapper after shorting traces Conductive Ink 1.Conductive Material Same as above

15 15Copyright © 2005 InfoGard Laboratories Proprietary Physical Security Protections Conclusion Physical attacks are possible Tools available at hardware and hobby stores –Less than $100 USD FIPS 140-3 Considerations: –Decrease laboratory testing limitations at Level 3

Download ppt "1Copyright © 2005 InfoGard Laboratories Proprietary NIST CMVP Physical Security Conference Physical Security Protections September 25, 2005."

Similar presentations

Testing Relational Database

Testing Relational Database
Electricity Chapter 13.

Electricity Chapter 13.
Electricity & Magnetism

Electricity & Magnetism
…your final connection.www.minecableservices.ca Mine Cable Services Corporation. Cable Repairs: Vulcanized Splices.

…your final connection. Mine Cable Services Corporation. Cable Repairs: Vulcanized Splices.
Electricity and It’s charge

Electricity and It’s charge
Motor Starter Coordination

Motor Starter Coordination
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
ECEN5341/4341Bioelectromagnetics Spring 2015 Frank S. Barnes Contact Info: (303)492-8225 ECOT 250

ECEN5341/4341Bioelectromagnetics Spring 2015 Frank S. Barnes Contact Info: (303) ECOT 250
FIPS 140-3 Section 5 – Physical Security Randall J. Easter Director, NIST CMVP Ken Lu CSE CMVP September 28, 2005.

FIPS Section 5 – Physical Security Randall J. Easter Director, NIST CMVP Ken Lu CSE CMVP September 28, 2005.
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
OVERMOLDING PROCESS & MATERIAL ELECTRONIC MODULE ASSEMBLIES

OVERMOLDING PROCESS & MATERIAL ELECTRONIC MODULE ASSEMBLIES
One Way Circuits Limited Printed Circuit Board Manufacturer A Guide To Manufacturing Multilayer PCBs Use Left and Right Cursor keys to navigate ESC to.

One Way Circuits Limited Printed Circuit Board Manufacturer A Guide To Manufacturing Multilayer PCBs Use Left and Right Cursor keys to navigate ESC to.
Typical Attack Techniques for Compromising Point of Sale PIN Entry Devices Physical Security Testing Workshop Steven Bowles, Project Manager Payment Assurance.

Typical Attack Techniques for Compromising Point of Sale PIN Entry Devices Physical Security Testing Workshop Steven Bowles, Project Manager Payment Assurance.
Assignment#01: Literature Survey on Sensors and Actuators ECE5320 Mechatronics Assignment#01: Literature Survey on Sensors and Actuators Inductive Proximity.

Assignment#01: Literature Survey on Sensors and Actuators ECE5320 Mechatronics Assignment#01: Literature Survey on Sensors and Actuators Inductive Proximity.
1 INTRUSION ALARM TECHNOLOGY DETECTION DEVICES. 2 INTRUSION ALARM TECHNOLOGY Detection devices can be either passive or active. Passive devices typically.

1 INTRUSION ALARM TECHNOLOGY DETECTION DEVICES. 2 INTRUSION ALARM TECHNOLOGY Detection devices can be either passive or active. Passive devices typically.
Automotive Batteries.

Automotive Batteries.
Introduction to Network Defense

Introduction to Network Defense
Electrical Fundamentals

Electrical Fundamentals
Electricity and Magnetism

Electricity and Magnetism
Electricity & Magnetism Static, Currents, Circuits Magnetic Fields & Electro Magnets Motors & Generators.

Electricity & Magnetism Static, Currents, Circuits Magnetic Fields & Electro Magnets Motors & Generators.

Similar presentations

Ads by Google