Slides from Talk (MS Powerpoint)
Download
Report
Transcript Slides from Talk (MS Powerpoint)
Concede Nothing Protect Everything
Secure Processors:
Design, Pitfalls & A Few Hacks
Steve Weingart
[email protected]
561-394-5086
Concede Nothing Protect Everything
Our Business
Crypto Accelerators
Security Protocol Software
Secure Processors
Combinations of The Above
Concede Nothing Protect Everything
What is A Secure Processor?
A Programmable, Secure, Cryptographic Coprocessor
Standard Programming Environment inside, Bus and/or Network
Attachment to the Outside
Secure
Tamper Resistant
Tamper Detecting
Tamper Responding
Crypto Support
Algorithms (DES, 3DES, RSA, EC, AES, RC4, etc)
Protocols (CryptLib, SSL, CCA, etc)
HW Random Number Generator, RTC, etc.
Commercial Work Started with IBM in the 80’s
Concede Nothing Protect Everything
Secure Processors
Create a ‘Trusted Agent’ in the Hostile Field
The ‘Real Thing’ Doing the ‘Right Thing’
Platform to Build High Security Applications.
Programmable, to Support Arbitrary Applications
that Need Crypto, Privacy and/or Integrity
Concede Nothing Protect Everything
Secure Processor Block Diagram
Ethernet
D
R
A
M
Serial
uProc
F
L
A
S
H
B
B
R
A
M
C
T
R
L
R
T
C
Local Bus
Crypto
& Interface
Module
Bus
Interface
R
N
G
Physical Security
Circuitry
Battery
PCI, Cardbus, USB, etc.
Physical Security
Boundary
Concede Nothing Protect Everything
What Can A Secure Processor Do?
Intellectual property protection
Personal Firewall / Remotely Managed
Credit card personalization
Kerberos master key protection
Certification authorities
e-postage meters
Electronic currency dispensers
Secret algorithms
Electronic payments
Secure timestamps
Electronic benefits transfer
Software usage metering
Electronic securities trading
VPN
Banking transactions
Hotel room gaming
Server-based smart card
substitutes
Advanced Navy destroyer systems control
Home banking
Secure Database Access Control
Pay TV
Concede Nothing Protect Everything
Security Requirements, High Level
Most Common Requirements From NIST FIPS PUB 140-1 & -2
Many Items are Really Assurance Issues
Tamper Detection
50 uM Maximum Undetected Hole Size (Goal)
Tamper Response
Must Clear All Sensitive Data
Environmental Failure Protection/Testing
Voltage
All Supplies (High & Low)
Battery too
Temperature (High & Low)
Radiation
Must do All of the Above on Power Supply or Battery (& During Transition)
Protection circuitry is Activated at Factory
Stays Active for the Life of the Product
Concede Nothing Protect Everything
Interactive Considerations
Everything Has to Run on the Battery
Must Have Reasonable Battery Life
Must Have Sufficient Power to Respond to Tamper
Defenses have to ‘Cover Each Other’
I.E. Unusual Considerations for Tamper Response
Temperature
Back Powering
Transients During Power Up/Down are Part of Normal Conditions
No False Positives or False Negatives
It has to be Manufacturable too
Concede Nothing Protect Everything
Tamper Detection
Must Detect Very Small Holes!
Detector is a Grid of Printed Conductors on a Flexible Substrate
2 Layers
One pattern on Each Side of Each Layer
The Detector is Wrapped Around and Glued to the Package
It is Activated in the Factory and Stays Active for the Product
Life
Concede Nothing Protect Everything
Tamper Detection
Metal Shield
Tamper Detecting Membrane
Circuit Card
Inner Cover
Potting
Shielded Base Card
Flexible Data/Power Cable
Concede Nothing Protect Everything
Tamper Detection
Test
Outside Layer
Lines on Top
Lines on Bottom
V+
V+
Inside Layer
Test
Same Pattern
GND
Interleaved on
Top and Bottom
GND
Concede Nothing Protect Everything
Basic Detection Circuit
Vcc
+
_
Input
+
_
GND
Output
1 = OK
0 = !OK
Concede Nothing Protect Everything
The Power Transient Problem
Big Problem!
Vth upper
Input
Vth lower
0V
Time
T power switch
Concede Nothing Protect Everything
Environment Failure Protection
Uses Basic Detection Circuit to Measure Parameters
Non-damaging Conditions: Cause Reset
Low Voltage
High Temperature (Above Operating, Below Storage
Limit)
Damaging and/or Security Risk Conditions: Cause Erasure
High Voltage (Above Storage)
High Temperature
Low Temperature
Battery Voltage
Ionizing Radiation
These are Really Assurance Issues
Concede Nothing Protect Everything
Tamper Response
Need to Erase Secret Data When a Tamper Is Detected
Not Allowed any Permanent or Violent Actions
But it Still Has to be Fast
Removing Power and Shorting the Power Pin Works Well
Reasonably Fast
Reasonably Sure
Not Permanent or Violent
Provided…..
There are No Imprinting Conditions
The Temperature has to be High Enough
The Unit has Not Been Irradiated
The Power Supply has Been Smooth
The Memory has Not Been Constant for Too Long
No Back Powering !!!!!
Concede Nothing Protect Everything
Now for the Hacks
Most Physical Attacks are Just Too Hard, so the Hacks are Smarter
FIB Might Just Change That
Repair of Blown Debug/Run Fuse is Still Common, But Less So With New IC
Technology
Clocking
Clock Glitching can Cause Unexpected Actions
DES Short Loop
Reset
Reset Glitching can Cause Unexpected Actions
Incomplete Reset
Power Glitching
Power Glitching can Cause Unexpected Actions
It can Also Cause Imprinting of RAM Contents
Power Analysis
Determine Data/Secret Parameters by Analysis of Icc
Concede Nothing Protect Everything
Lock Picking
Popular Hobby in Security (as are other puzzles :-)
Gets a Vacationing Office Mate’s Desk Open Quickly
I Have Softcopy of “The MIT Guide to Lock
Picking” for those who would like to see it.
Street Sweeper Bristles Make the Best Lock Pick
Material and are Available Everywhere
Have Fun
Concede Nothing Protect Everything
Questions?
Concede Nothing Protect Everything
Thanks!
Steve Weingart
[email protected]
(561) 394 5086
http://www.cryptoapps.com
Recent Papers:
Physical Security for Computing Systems: A survey of Attacks and Defenses.
Cryptographic and Embedded Systems Workshop, 2000 (Weingart)
Building the IBM 4758 Secure Coprocessor. IEEE Computer, 10/2001, pp 57 – 66 (Dyer, et
al.)
Slides, MIT Guide to Lock Picking and Papers Available at: http://www.gulf-stream.net/security.html