Chapter 16 Physical Tamper Resistance

《Chapter 16 Physical Tamper Resistance》由会员上传分享，免费在线阅读，更多相关内容在学术论文-天天文库。

1、CHAPTER16PhysicalTamperResistanceItisrelativelyeasytobuildanencryptionsystemthatissecureifitisworkingasintendedandisusedcorrectlybutitisstillveryhardtobuildasystemthatdoesnotcompromiseitssecurityinsituationsinwhichitiseithermisusedoroneormoreofitssub-componentsfails(oris’

2、encouraged’tomisbehave)...thisisnowtheonlyareawheretheclosedworldisstillalongwayaheadoftheopenworldandthemanyfailuresweseeincommercialcryptographicsystemsprovidesomeevidenceforthis.BrianGladmanTheamountofcareful,criticalsecuritythinkingthathasgoneintoagivensecuritydevice,

3、systemorprogramisinverselyproportionaltotheamountofhigh-technologyituses.RogerJohnston16.1IntroductionLow-costtamper-resistantdevicesarebecomingalmostubiquitous.ExamplesIvediscussedsofarinclude:smartcardsusedasSIMsinmobilephonesandasbankcardsinEurope;accessorycontrolchips

4、usedinprintertonercartridges,mobilephonebatteriesandgames-consolememorymodules;theTPMchipsbeingshippedinPCsandMacstosupporthard-diskencryption,DRMandsoftwareregistration;securitymodulesusedtomanagebankPINs,notjustinbankserverfarmsbutinATMsandpoint-of-saleterminals;483484C

5、hapter16■PhysicalTamperResistancesecuritymodulesburiedinvendingmachinesthatselleverythingfromrailwayticketsthroughpostagestampstothemagicnumbersthatacti-vateyourelectricitymeter.Manyofthedevicesonthemarketaresimplypathetic,likethebankingterminalswhosefailuresIdescribedins

6、ection10.6.1.1:thoseterminalscouldbetriviallycompromisedinunderaminuteusingsimpletools,despitehavingbeenevaluatedbyVISAandalsousingtheCommonCriteriaframework.Yetsometamper-resistantprocessorsaregettingprettygood.Forexample,Iknowofonefirmthatspenthalfamilliondollarstrying,a

7、ndfailing,toreverse-engineertheprotocolusedbyagamesconsolevendortostopcompetitorsmakingmemorymodulescompatiblewithitsequipment1.Butafewyearsagothiswasnotthecase.Serioustamperresistanceemergedoutofanarmsracebetweenfirmsthatwantedtolockdowntheirproducts,andotherswhowantedtou

8、nlockthem.Someoftheattackerswererespectablecompaniesexercisingtheirlegalrightstoreverseengineerf