Presentation is loading. Please wait.

Presentation is loading. Please wait.

October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee1 Activity of Tamper-resistance Standardization Research Committee (TSRC) Shinichi.

Similar presentations


Presentation on theme: "October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee1 Activity of Tamper-resistance Standardization Research Committee (TSRC) Shinichi."— Presentation transcript:

1 October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee1 Activity of Tamper-resistance Standardization Research Committee (TSRC) Shinichi Kawamura Tamper-resistance Standardization Research Committee (TSRC) Toshiba Corporation Japanese Standards Association (JSA) Information Technology Research and Standardization Center (INSTAC) CHES Rump Session

2 October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee2 TSRC Activity Report Completed! “Tamper-resistance Standardization Research Committee --- The Activity Report ” Available at the desk in front of the white board Also available at

3 October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee3 Appendix!!

4 October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee4 Four Main Activities of TSRC 1.Systematic study of various tampering techniques ( Survey of literature ) 2.Developing standard evaluation platform for side- channel attacks 3.Proposing methods to describe requirements to tamper-resistance 4.Contributing to the international standardization ( Ex. Physical Security Testing Workshop, Sept 2005 hosted with NIST and IPA )

5 October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee5 Standard Evaluation Platforms Motivation: –Lack of standard platform seems to hinder the development of tamper- resistance technology. –It will change the situation if there is a standard platform whose specification is publicly available and non-proprietary. Solusion: –INSTAC-8 : 8bit CPU. Its target is a low-end embedded system. –INSTAC-32 : 32-bit CPU and FPGA. Its target is a middle to high-end system as well as semi-hardware implementation.

6 October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee6 An INSTAC-8 Compliant Board

7 October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee7 An INSTAC-32 Compliant Board

8 October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee8 Some Results Reported K. Fujisaki, et al. ISEC2004-No.55, 2004 –Proposal of INSTAC-8 and self-evaluation H. Miyake, et al. SCIS2005, January 2005 –DPA evaluation on INSTAC-8 Y. Takahashi, et al. ISEC2004-No.114, March 2005 –EM analysis on INSTAC-8 K. Fujisaki, et al. ISEC2005-No.19, July 2005 –Proposal of INSTAC-32 and self-evaluation Y. Tsunoo, et al. This conference, Sept –Analysis report on INSTAC-8 Notes) ISEC : IEICE Tech. Rep. on Information Security (Bi-monthly) SCIS: Symp. on Cryptography and Information Security (Annual)

9 October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee9 Proposal of metric-based description of security requirement There are three approaches recognized to describe the requirement for tamper-resistance of cryptographic module: 1.Description focusing on attacks 2.Description focusing on countermeasures 3.Description focusing on metrics We think that approach 3 has not been established, so far Our proposal is that intensive research is necessary to establish metric-based description

10 October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee10 Description Focusing on Attacks Core of Cryptographic Module Timing Attack SPA DPA EMA Fault-based Attack Other attacks Concrete attack is focused ---Natural approach Appropriate listing up of attacks is necessary Adapting to emerging attack is an issue since more attacks seem still to come Concrete attack is focused ---Natural approach Appropriate listing up of attacks is necessary Adapting to emerging attack is an issue since more attacks seem still to come Example: “Cryptographic module is required to be resistant to Timing Attack” Cryptographic Module

11 October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee11 Description Focusing on Countermeasures Other Measures Data Masking Randomized Timing Core of Cryptographic Module Timing Attack SPA DPA EMA Fault-based Attack Other attacks Countermeasure to prevent attacks is specified Appropriate listing up of countermeasures is necessary Adapting emerging attack is an issue since more attacks seem still to come Vender would not like to explicitly describe countermeasures because they are sometimes vendor know-how Countermeasure to prevent attacks is specified Appropriate listing up of countermeasures is necessary Adapting emerging attack is an issue since more attacks seem still to come Vender would not like to explicitly describe countermeasures because they are sometimes vendor know-how Example: “Cryptographic module is required to implement Data Masking” or “Documentation shall specify countermeasures employed” Cryptographic Module

12 October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee12 Description Focusing on Metrics Countermeasures Core of Cryptographic Module Ideal approach -- if appropriate metrics and test method are defined Searching for appropriate metrics is a big issue --- Intensive research is required Good metrics may cover some emerging attacks Ideal approach -- if appropriate metrics and test method are defined Searching for appropriate metrics is a big issue --- Intensive research is required Good metrics may cover some emerging attacks Example: “Cryptographic module is required to have metric A within a given range B with a given test method C” Test Method 1 Metric 1 Test Method 2 Other Test Methods Metric 2 Metric x Cryptographic Module Presently, A, B, and C is not established.

13 October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee13 Members of TSRC WG1 (As of March 2006) Tsutomu Matsumoto (Chair, Yokohama National University) Shinichi Kawamura (Secretary, Toshiba Corp.) Koichi Fujisaki (Toshiba Corp.) Naoya Torii (Fujitsu Laboratories Ltd.) Shuichi Ishida (Hitachi, Ltd.) Yukiyasu Tsunoo (NEC Corp.) Minoru Saeki (Mitsubishi Electric Corp.) Atsuhiro Yamagishi (IPA)

14 October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee14 Organizational Structure Bureau of Industrial Technology Environment Standardization Section Japanese Standardization Association Information Technology Research and Standardization Center (INSTAC) Tamper-resistance Standardization Research Committee (TSRC) Research TeamWG1 (Technical Committee) Ministry of Economy, Trade and Industry

15 October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee15 Pointer to Activity Report, again Available at the desk in front of the white board Also available at Thank you for your attantion.

16 October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee16 End of Appendix!


Download ppt "October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee1 Activity of Tamper-resistance Standardization Research Committee (TSRC) Shinichi."

Similar presentations


Ads by Google