Tamper resistance
Tamper resistance is resistance to tampering by either the normal users of the system or others with physical access to it. There are many reasons for employing tamper-resistance. Tamper resistance ranges from simple features like screws with special heads to more complex devices that render themselves inoperable or encrypt all data transmissions between individual chips. In some applications, devices may only need to be tamper-evident rather than tamper-resistant.
Safety
Nearly all mains appliances and accessories can only be opened with the use of a screwdriver (or a substitute item such as a nail file or kitchen knife). This prevents children and others who are careless or unaware of the dangers of opening the equipment from doing so and hurting themselves (from electrical shocks, burns or cuts, for example) or damaging the equipment. Sometimes (especially in order to avoid litigation), manufacturers go further and use tamper proof screws, which cannot be unfastened with standard equipment. Tamper proof screws are also used on electrical fittings in many public buildings primarily to stop tampering or vandalism that may cause a danger to others.
Warranties and support
An user who breaks an equipment by modifying it in a way not intended by the manufacturer might deny they did it, in order to claim the warranty or (mainly in the case of PCs) call the helpdesk for help in fixing it. Tamper-evident seals may be enough to deal with this. However, they can't easily be checked remotely, and many countries have statutory warranty terms that mean manufacturers may still have to service the equipment. Tamper proof screws will stop most casual users from tampering in the first place.
Security
Tamper-resistant microprocessors are used to store and process private or sensitive information, such as private keys or electronic money credit. To prevent an attacker from retrieving or modifying the information, the chips are designed so that the information is not accessible through external means and can be accessed only by the embedded software, which should contain the appropriate security measures. Examples of tamper-resistant chips include all secure cryptoprocessors, such as the IBM 4758 and chips used in smartcards, as well as the Clipper chip. It has been argued that it is very difficult to make simple electronic devices secure against tampering, because numerous attacks are possible, including: - physical attack of various forms (microprobing, drills, files, solvents, etc.)
- freezing the device
- applying out-of-spec voltages or power surges
- applying unusual clock signals
- inducing software errors using radiation
- measuring the precise time and power requirements of certain operations (see power analysis)
DRM
Tamper resistance finds application in smart cards, set-top boxes and other devices that use digital restrictions management. In this case the issue is not about stopping the user breaking the equipment or hurting themselves but about either stopping them extracting codes or acquiring and saving the decoded bitstream. This is usually done by having lots of features on each chip and making sure the busses between chips are encrypted.
Nuclear industry
In the design of nuclear reactors, preventing the proliferation of nuclear weapons has become rather important. Making reactors tamper-resistant, as in the SSTAR, has become fairly important. This will probablly be achieved through a combination of making it difficult to get at the nuclear material, closely tracking where the reactors are transported and having alarms if attempts at entry are detected (which can then be responded to by the military).
Software
Software is also said to be tamper-resistant when it contains measures to make reverse engineering harder, or to prevent an user from modifying it against the manufacturer's wishes (removing a restriction on how it can be used, for example). One commonly used method is code obfuscation.
References - Sean Smith & Steve Weingart, Building a High-Performance, Programmable Secure Coprocessor, Computer Networks 31, pp. 831--860 (1999)
See also - Tamper-evident devices
- FIPS 140-2
- Zeroise
External links - IBM 4758 homepage
- Tamper Resistance – a Cautionary Note
- Design Principles for Tamper-Resistant Smartcard Processors
- Low cost attacks on tamper resistant devices
- Extracting a 3DES key from an IBM 4758
|
|
