Presentation on theme: "Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &"— Presentation transcript:
Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation & Test Facility
27 September 2005Potential Chemical Attacks2 Outline Chemical Security Mechanisms for FIPS Physical Security Tamper Evident Seal Attacks Comparison of Tamper Evident Seals to Pick-Resistant Locks Conformal Coatings and Paints Epoxies Conclusion Recommendations
27 September 2005Potential Chemical Attacks3 Chemical Mechanisms Multiple-Chip Embedded At Physical Security Level 2 –Bleeding paint or conformal coatings Multiple-Chip Standalone Tamper Evidence at Physical Security Level 2 and Above –Tamper evident seals
27 September 2005Potential Chemical Attacks4 Chemical Mechanisms Continued Multiple-Chip Embedded or Multiple-Chip Standalone Security Level 3 –Hard opaque coating or potting material
27 September 2005Potential Chemical Attacks5 Tamper Evident Seals Tamper Evident Seals are comprised of the following: –the paper - with label and/or serial number –the adhesive
27 September 2005Potential Chemical Attacks6 Adhesive Bond Paper Discontinuity EnclosureCover or Door Mechanical bond: adhesive of the tamper evident seal flows into microscopic holes of the surface and hardens
27 September 2005Potential Chemical Attacks7 Successful Attack Cause adhesive to flow to break bond without damaging paper Tamper evidence is provided by the paper and not the adhesive since adhesive residue can be cleaned from the enclosure and/or cover. Just need to remove seal from one part
27 September 2005Potential Chemical Attacks8 Paper Damage Breaks in the paper such as tears, scores or wording; Damage to the holograph; Deformation, e.g. stretching of the paper; Discoloration of the paper; and Dye running – may also stain a hard plastic enclosure
27 September 2005Potential Chemical Attacks9 Effective Methods - Solvents Water –Usually not effective since most adhesives do not dissolve in water Methyl Hydrate –Dissolves some glues Acetone –Effective for acrylic-based adhesives
27 September 2005Potential Chemical Attacks10 Effective Methods - Heat Hair dryer preferred over heat gun Heat gun’s high temperature-low humidity heat may crack the paper.
27 September 2005Potential Chemical Attacks11 Heat vs. Solvents Heat does not need to be directly applied to the adhesive. For solvents, difficulty in targeting adhesive since the adhesive is entirely covered by the paper. Plastic, e.g. low density polyethylene, paper or metalicized paper may allow soaking of the seal in the solvent for an attack because not damaged by wetting.
27 September 2005Potential Chemical Attacks12 Successful Heat Attack
27 September 2005Potential Chemical Attacks13 Why Did It Work? Metallic surface of seal and metal plate both reflected heat: –Surface of seal preventing damage –Surface of metal plate directing heat to adhesive Metal plate expanded slightly to allow adhesive to flow
27 September 2005Potential Chemical Attacks14 Counteracting the Effect of Metal Surfaces
27 September 2005Potential Chemical Attacks15 Tamper Evident Seal Feature Words formed in paper Path of least resistance on pulling of tamper evident seal from surface leaves behind words
27 September 2005Potential Chemical Attacks16 Seal Damaged from Solvent
27 September 2005Potential Chemical Attacks17 Acid and Base Attacks Not as successful as other mentioned attacks Weak acids (H+) and bases (-OH) are similar to neutral water as a solvents. Strong acids and bases will damage paper and/or surfaces.
27 September 2005Potential Chemical Attacks18 Pick-Resistant Locks Superior to tamper evident seals for preventing access Require the use of drills, saws or picks to remove
27 September 2005Potential Chemical Attacks19 Locks vs. Tamper Evident Seals Tamper evident seals are easy to add to off-the-shelf enclosures. Theft of the key for the lock is equivalent to theft of replacement tamper evident seals. Discovery of combination for logical lock – loss of tamper evidence
27 September 2005Potential Chemical Attacks20 Adhesives Directly on Covers Used in the manufacturer of smaller devices, i.e. PCMCIA cards Thin line of adhesive exposed on the side
27 September 2005Potential Chemical Attacks21 Attacks Use syringe to inject solvent. Freezing attacks may be successful if adhesive becomes brittle and the covers can be separated. Covers may be reattached without showing tamper evidence by applying glue.
27 September 2005Potential Chemical Attacks22 Coatings Conformal coatings include acrylics, epoxies, urethanes, parxylenes or silicones. Paints are polymer emulsions. Coatings are similar to adhesives in that they need to adhere to the circuit board. Epoxies can contain a tamper detection mesh.
27 September 2005Potential Chemical Attacks23 Polymers Polymers are long chain hydrocarbons which may or may not have other elements such as chlorine, nitrogen, or fluorine as part of each repeating unit or monomer. Polymers, by their nature, are resistant to decomposition. Strong acids or bases may breakdown the polymer, but also may damage circuitry.
27 September 2005Potential Chemical Attacks24 Common Cause of Polymer Decomposition A common cause of polymer decomposition is ultraviolet (UV) light. Free radicals generated by UV light cause monomer bonds to break. UV stabilizers are added to prevent decomposition. Use concentrated UV source to attack conformal coatings?
27 September 2005Potential Chemical Attacks25 Epoxy Resins Made from the chemical reaction of two compounds: Bisphenol A-Bis A (or bisphenol F-Bis F- and/or ‘Novolac’) and Epichlorohydrin
27 September 2005Potential Chemical Attacks26 Bisphenol A-Bis A Chemical product of one acetone unit O CH 2 - C - CH 2 with two phenol groups: OH
27 September 2005Potential Chemical Attacks27 Solvent for Epoxies Acetone could make a good solvent for epoxies since it is a building block of them.
27 September 2005Potential Chemical Attacks28 Conclusion Chemical mechanisms used in physical security have similar properties.
27 September 2005Potential Chemical Attacks29 Recommendations Standardization of chemical testing approaches amongst all Cryptographic Module Testing Laboratories while still encouraging laboratory innovation
27 September 2005Potential Chemical Attacks30 Recommendations Continued Encourage the use of multiple layers of physical security mechanisms: –Tamper evident seals (provides better tamper evidence) with locks (provides better access prevention) –Tamper evidence for enclosure plus epoxy on internal circuitry