Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 14 Physical Tamper Resistance Hack a lock:

Published byGiovanna Rooker Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 14 Physical Tamper Resistance Hack a lock:"— Presentation transcript:

1 Chapter 14 Physical Tamper Resistance Hack a lock: http://www.schneier.com/blog/archives/2005/03/flaw_in_winkhau.html

2 Physically secure processors Portable tamper resistant IBM 4758 processors rated at governments highest level of security http://www.cl.cam.ac.uk/~rnc1/descrack/ Was found to be breakable see above. Need: To house crypto material is a secure housing

3 Crypto Processors Attack key entry Attack casing Attack potting material Memory remanence Cold enhances remanence

4 Classes of attackers Class 1 clever outsiders Class 2 knowledgeable insiders Class 3 funded organizations 4758 aimed at funded organizations

5 Medium Security Processors iButton Building access Computer access A “what you have” Dallas 5002 Uses bus encryption Clipper chip Encryption with way for government to decrypt all messages

6 Smart Cards Mobile phones Build “generic phones” Smart card contains user specific data Used by T-mobile Pay-TV subscriber cards, hotel door locks, telephone cards…

7 Architecture Most 8-bit processor ROM for program and other non changing data EEPROM for customer specific data RAM registers for processing data

8 Attacks on Smartcards Protocols Slow cards execution Physical tampering DirectTV attacks back http://www.securityfocus.com/news/143

9 Smartcards Not feasible for total protection Defense in depth Tamper resistance versus tamper evidence Stop loss Recent articles Kinko Fedex cards not SmartCard, but can recharge at Kiosk: http://www.eweek.com/article2/0,1895,1934424,00.asp http://www.eweek.com/article2/0,1895,1932824,00.asp

10 Magnetic stripe Current fraud: http://redtape.msnbc.com/2006/03/how_can _someone.html http://redtape.msnbc.com/2006/03/how_can _someone.html http://www.msnbc.msn.com/id/11731365/ This site has know how for many types of programming: http://www.makinterface.de/index_e.php3

11 What goes wrong Architectural errors Protecting the wrong thing Protocol failure Function creep

12 Discussion articles iButton actual uses What to protect with secure devices (ie 14.8 What should be protected)

13 Links to material Hardware Hacking chapter: http://www.grandideastudio.com/files/books/hpyn2e_chapter14.pdf Tamper resistance: http://www.cl.cam.ac.uk/~rja14/tamper.html Case Study Hack-a-Bike http://www.schneier.com/blog/archives/2005/02/hacking_a_bicyc_1.html Data remanence http://en.wikipedia.org/wiki/Data_remanence

14 Links to material Tamper resistance evaluation criteria http://en.wikipedia.org/wiki/FIPS_140 Ibutton http://www.maxim-ic.com/products/ibutton/ibuttons/index.cfm http://www.maxim-ic.com/products/ibutton/ Clipper chip http://www.epic.org/crypto/clipper/ http://www.webopedia.com/TERM/C/Clipper_chip.html

15 Links to Material Smart Card Security http://www.schneier.com/paper-smart-card-threats.html http://smartcard.nist.gov/ DirectTV fights back http://www.securityfocus.com/news/143 Tools http://www.hackerscatalog.com/Products/Smart_Cards/hardware_smartcards.html http://www.hackerscatalog.com/Products/Books/Credit_Finances_Scams/index.html

Download ppt "Chapter 14 Physical Tamper Resistance Hack a lock:"

Similar presentations

Voice and Data Encryption over mobile networks July 2012 IN-NOVA TECNOLOGIC IN-ARG SA www.in-arg.com MESH VOIP.

Voice and Data Encryption over mobile networks July 2012 IN-NOVA TECNOLOGIC IN-ARG SA MESH VOIP.
Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.
Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.

Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.
Smart Card Syed Jabbar Computer Science Course:

Smart Card Syed Jabbar Computer Science Course:
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)
Low Cost Attack on Tamper Resistant Devices Ross Anderson, Markus Kuhn Songpol Manoonpong.

Low Cost Attack on Tamper Resistant Devices Ross Anderson, Markus Kuhn Songpol Manoonpong.
CNS2009handout 19: hardware security computer and network security matt barrie.

CNS2009handout 19: hardware security computer and network security matt barrie.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
CHAPTER REPORT BY EUSTACE ASANGHANWA PHYSICAL TAMPER RESISTANCE Physical Tamper ResistanceEustace Asanghanwa 1.

CHAPTER REPORT BY EUSTACE ASANGHANWA PHYSICAL TAMPER RESISTANCE Physical Tamper ResistanceEustace Asanghanwa 1.
Chapter 1: Computers and Digital Basics 1 Computers and Digital Basics Chapter 1.

Chapter 1: Computers and Digital Basics 1 Computers and Digital Basics Chapter 1.
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
CIT 1100. In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.

CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Networks: LANs File Server : Runs software, stores files. Terminals : Workstations that give network access. Print Server : Queues up all print jobs from.

Networks: LANs File Server : Runs software, stores files. Terminals : Workstations that give network access. Print Server : Queues up all print jobs from.
MEMORY ORGANIZATION Memory Hierarchy Main Memory Auxiliary Memory

MEMORY ORGANIZATION Memory Hierarchy Main Memory Auxiliary Memory
Chapter 10  ATM 1 Automatic Teller Machines. Chapter 10  ATM 2 Automatic Teller Machines  “…one of the most influential technological innovations of.

Chapter 10  ATM 1 Automatic Teller Machines. Chapter 10  ATM 2 Automatic Teller Machines  “…one of the most influential technological innovations of.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.

Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Similar presentations

Ads by Google