Upload
eliana-richmond
View
21
Download
6
Embed Size (px)
DESCRIPTION
Concede Nothing Protect Everything. Secure Processors: Design, Pitfalls & A Few Hacks. Steve Weingart [email protected] 561-394-5086. Our Business. Crypto Accelerators Security Protocol Software Secure Processors Combinations of The Above. What is A Secure Processor?. - PowerPoint PPT Presentation
Citation preview
Secure Processors:Design, Pitfalls & A Few
Hacks
Steve [email protected]
561-394-5086
Concede Nothing Protect Everything
Concede Nothing Protect Everything
Our Business Crypto Accelerators
Security Protocol Software
Secure Processors
Combinations of The Above
Concede Nothing Protect Everything What is A Secure Processor? A Programmable, Secure, Cryptographic Coprocessor
Standard Programming Environment inside, Bus and/or Network Attachment to the Outside
Secure Tamper Resistant Tamper Detecting Tamper Responding
Crypto Support Algorithms (DES, 3DES, RSA, EC, AES, RC4, etc) Protocols (CryptLib, SSL, CCA, etc) HW Random Number Generator, RTC, etc.
Commercial Work Started with IBM in the 80’s
Concede Nothing Protect Everything
Secure Processors
Create a ‘Trusted Agent’ in the Hostile Field The ‘Real Thing’ Doing the ‘Right Thing’
Platform to Build High Security Applications. Programmable, to Support Arbitrary
Applications that Need Crypto, Privacy and/or Integrity
Concede Nothing Protect Everything Secure Processor Block Diagram
uProc
DRAM
FLASH
BBRAM
Crypto& Interface
Module
BusInterface
Ethernet Serial
PCI, Cardbus, USB, etc.
Physical SecurityBoundary
CTRL
Battery
RNG
Physical SecurityCircuitry
RTC
Local Bus
Concede Nothing Protect Everything What Can A Secure Processor Do?
Intellectual property protection
Credit card personalization
Certification authorities
Electronic currency dispensers
Electronic payments
Electronic benefits transfer
Electronic securities trading
Banking transactions
Server-based smart card substitutes
Home banking
Personal Firewall / Remotely Managed
Kerberos master key protection
e-postage meters
Secret algorithms
Secure timestamps
Software usage metering
VPN
Hotel room gaming
Advanced Navy destroyer systems control
Secure Database Access Control
Pay TV
Concede Nothing Protect Everything Security Requirements, High Level
Most Common Requirements From NIST FIPS PUB 140-1 & -2 Many Items are Really Assurance Issues
Tamper Detection 50 uM Maximum Undetected Hole Size (Goal)
Tamper Response Must Clear All Sensitive Data
Environmental Failure Protection/Testing Voltage
All Supplies (High & Low) Battery too
Temperature (High & Low) Radiation
Must do All of the Above on Power Supply or Battery (& During Transition) Protection circuitry is Activated at Factory Stays Active for the Life of the Product
Concede Nothing Protect Everything
Everything Has to Run on the Battery Must Have Reasonable Battery Life Must Have Sufficient Power to Respond to Tamper
Defenses have to ‘Cover Each Other’ I.E. Unusual Considerations for Tamper Response
Temperature Back Powering
Transients During Power Up/Down are Part of Normal Conditions
No False Positives or False Negatives
It has to be Manufacturable too
Interactive Considerations
Concede Nothing Protect Everything
Tamper Detection Must Detect Very Small Holes!
Detector is a Grid of Printed Conductors on a Flexible Substrate
2 Layers One pattern on Each Side of Each Layer
The Detector is Wrapped Around and Glued to the Package
It is Activated in the Factory and Stays Active for the Product Life
Concede Nothing Protect Everything
Tamper Detection
Circuit CardInner Cover
Tamper Detecting Membrane
Potting
Metal Shield
Shielded Base Card
Flexible Data/Power Cable
Concede Nothing Protect Everything
Tamper Detection
V+ GND
Outside Layer
Inside Layer
V+
Test
Test
GND
Lines on Top Lines on Bottom
Same PatternInterleaved onTop and Bottom
Concede Nothing Protect Everything
Basic Detection Circuit
+
_
+
_
GND
Input
Output1 = OK0 = !OK
Vcc
Concede Nothing Protect Everything The Power Transient Problem
0 V
T power switch
Vth upper
Vth lower
Time
Input
Big Problem!
Concede Nothing Protect Everything Environment Failure Protection
Uses Basic Detection Circuit to Measure Parameters
Non-damaging Conditions: Cause Reset
Low Voltage
High Temperature (Above Operating, Below Storage Limit)
Damaging and/or Security Risk Conditions: Cause Erasure
High Voltage (Above Storage)
High Temperature
Low Temperature
Battery Voltage
Ionizing Radiation
These are Really Assurance Issues
Concede Nothing Protect Everything
Tamper Response Need to Erase Secret Data When a Tamper Is Detected
Not Allowed any Permanent or Violent Actions But it Still Has to be Fast
Removing Power and Shorting the Power Pin Works Well Reasonably Fast Reasonably Sure Not Permanent or Violent
Provided….. There are No Imprinting Conditions
The Temperature has to be High Enough The Unit has Not Been Irradiated The Power Supply has Been Smooth The Memory has Not Been Constant for Too Long No Back Powering !!!!!
Concede Nothing Protect Everything
Now for the Hacks Most Physical Attacks are Just Too Hard, so the Hacks are Smarter
FIB Might Just Change That Repair of Blown Debug/Run Fuse is Still Common, But Less So With New IC
Technology
Clocking Clock Glitching can Cause Unexpected Actions
DES Short Loop
Reset Reset Glitching can Cause Unexpected Actions
Incomplete Reset
Power Glitching
Power Glitching can Cause Unexpected Actions It can Also Cause Imprinting of RAM Contents
Power Analysis
Determine Data/Secret Parameters by Analysis of Icc
Concede Nothing Protect Everything
Lock Picking Popular Hobby in Security (as are other puzzles :-)
Gets a Vacationing Office Mate’s Desk Open Quickly
I Have Softcopy of “The MIT Guide to Lock Picking” for those who would like to see it.
Street Sweeper Bristles Make the Best Lock Pick Material and are Available Everywhere
Have Fun
Concede Nothing Protect Everything
Questions?
Concede Nothing Protect Everything
Thanks!Steve [email protected](561) 394 5086http://www.cryptoapps.com
Recent Papers: Physical Security for Computing Systems: A survey of Attacks and Defenses. Cryptographic and Embedded Systems Workshop, 2000 (Weingart) Building the IBM 4758 Secure Coprocessor. IEEE Computer, 10/2001, pp 57 – 66 (Dyer, et al.)
Slides, MIT Guide to Lock Picking and Papers Available at: http://www.gulf-stream.net/security.html