Tamper resistance mechanisms for secure embedded systems

Security is a concern in the design of a wide range of embedded systems. Extensive research has been devoted to the development of cryptographic algorithms that provide the theoretical underpinnings of information security. Functional security mechanisms, such as security protocols, suitably employ these mathematical primitives in order to achieve the desired security objectives. However, functional security mechanisms alone cannot ensure security, since most embedded systems present attackers with an abundance of opportunities to observe or interfere with their implementation, and hence to compromise their theoretical strength. This paper surveys various tamper or attack techniques, and explains how they can be used to undermine or weaken security functions in embedded systems. Tamper-resistant design refers to the process of designing a system architecture and implementation that is resistant to such attacks. We outline approaches that have been proposed to design tamper-resistant embedded systems, with examples drawn from recent commercial products.

[1]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[2]  V.F. Kleist,et al.  The code book: the science of secrecy from ancient egypt to quantum cryptography [Book Review] , 2002, IEEE Annals of the History of Computing.

[3]  Markus G. Kuhn,et al.  Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP , 1998, IEEE Trans. Computers.

[4]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[5]  Eric Chien,et al.  BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES , 2002 .

[6]  Tal Garfinkel,et al.  Flexible OS Support and Applications for Trusted Computing , 2003, HotOS.

[7]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[8]  Mark Horowitz,et al.  Implementing an untrusted operating system on trusted hardware , 2003, SOSP '03.

[9]  Ross J. Anderson Why cryptosystems fail , 1993, CCS '93.

[10]  Bruce Schneier,et al.  Toward a secure system engineering methodolgy , 1998, NSPW '98.

[11]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[12]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[13]  Simon Singh,et al.  Book Review: The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography , 2003, ACM Queue.

[14]  David Samyde,et al.  Side channel cryptanalysis , 2002 .

[15]  Ross J. Anderson,et al.  On a new way to read data from memory , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[16]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[17]  Gavin Lowe,et al.  Towards a completeness result for model checking of security protocols , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[18]  Markus G. Kuhn,et al.  Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations , 1998, Information Hiding.

[19]  B. Gladman,et al.  Security Engineering: a Guide to Building Dependable Distributed Systems Physical Tamper Resistance 14.1 Introduction , 2022 .

[20]  Srivaths Ravi,et al.  Embedding security in wireless embedded systems , 2003, 16th International Conference on VLSI Design, 2003. Proceedings..

[21]  Jean-Didier Legat,et al.  Architecture of security management unit for safe hosting of multiple agents , 1999, Electronic Imaging.

[22]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[23]  Derek Bruening,et al.  Secure Execution via Program Shepherding , 2002, USENIX Security Symposium.

[24]  Andrew W. Appel,et al.  Using memory errors to attack a virtual machine , 2003, 2003 Symposium on Security and Privacy, 2003..

[25]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[26]  Jean-Jacques Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[27]  W. V. Eck Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? , 1996 .

[28]  L. Goubin,et al.  DES and Differential Power Analysis , 1999 .

[29]  Dan Boneh,et al.  Architectural Support For Copy And Tamper-Resistant Software PhD Thesis , 2003 .

[30]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[31]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[32]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[33]  Ramarathnam Venkatesan,et al.  Oblivious Hashing: A Stealthy Software Integrity Verification Primitive , 2002, Information Hiding.

[34]  Ramesh Karri,et al.  Concurrent error detection schemes for fault-based side-channel cryptanalysis of symmetric block ciphers , 2002, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[35]  Bruce Schneier,et al.  Protocol Interactions and the Chosen Protocol Attack , 1997, Security Protocols Workshop.

[36]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[37]  Srivaths Ravi,et al.  Security in embedded systems: Design challenges , 2004, TECS.

[38]  David LeBlanc,et al.  Writing Secure Code , 2001 .

[39]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[40]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[41]  Bruce Schneier,et al.  Cryptographic Design Vulnerabilities , 1998, Computer.

[42]  Somesh Jha,et al.  Using state space exploration and a natural deduction style message derivation engine to verify security protocols , 1998, PROCOMET.

[43]  M. Kuhn The TrustNo 1 Cryptoprocessor Concept , 1997 .

[44]  Robert H. Sloan,et al.  Power Analysis Attacks of Modular Exponentiation in Smartcards , 1999, CHES.

[45]  Bruce Schneier,et al.  Side channel cryptanalysis of product ciphers , 2000 .

[46]  William M. Daley,et al.  Security Requirements for Cryptographic Modules , 1999 .

[47]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[48]  Anup K. Ghosh,et al.  Software security and privacy risks in mobile e-commerce , 2001, CACM.

[49]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[50]  Bruce Schneier,et al.  SECURITY PITFALLS IN CRYPTOGRAPHY , 1998 .

[51]  Bernd Meyer,et al.  Information leakage attacks against smart card implementations of cryptographic algorithms and count , 2000 .

[52]  P. Kocher,et al.  Differential power analysis, advances in cryptology-CRYPTO'99 , 1999 .

[53]  Brian Chess,et al.  Improving computer security using extended static checking , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[54]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003 .