Crypto to defend chip IP: snake oil or good idea?
Anne & Lynn Wheeler
lynn at garlic.com
Fri Jul 28 14:16:59 EDT 2006
Thor Lancelot Simon wrote:
> I don't get it. How is there "no increase in vulnerability and threat"
> if a manufacturer of counterfeit / copy chips can simply read the already
> generated private key out of a legitimate chip (because it's not protected
> by a tamperproof module, and the "significant post-fab security handling"
> has been eliminated) and make as many chips with that private key as he
> may care to?
>
> Why should I believe it's any harder to steal the private key than to
> steal a "static serial number"?
there is no increased vulnerability and threat to existing situation
where attacker can copy the serial number as it is being read out by
normal functions. its static data ... along the lines of symmetric
password ... where the same information that is used to establish the
authentication is also used to validate the authentication.
the private key scenario doesn't export the private key as part of any
normal function ... it is generated within the added circuit core, not
available to processing outside of the added circuit core, and the only
thing that is normally exposed/exported outside the normal added circuit
core is the public key and digital signatures.
so the added circuit core is incremental cost for the chip real estate
for the incremental 20k-40k circuit core. the rest of the associated fab
and post-fab processing can be reduced to effectively zero ... changing
the paradigm from a serial number, pin, password symmetrical based
authentication to an asymmetrical based authentication (for essentially
no incremental cost).
so an attacker to retrieve the private key ... can't do it by trivial
evesdropping or readily available processor functions ... instead the
attacker has to resort to physical invasive techniques on the chip to
obtain the private key. right away that eliminates all the distance,
electronic attacks ... reducing the attacks that require physical
possession of the object.
so now the issue is countermeasure to physical invasive attacks
requiring physical possession of each chip. so in some of the scenarios
... one sufficient is to have sufficient physical invasive
countermeasures that the physical attack will take longer than the
nominal interval to report physical lost/stolen (invalidating the use of
the physical object).
another scenario from parameterized risk management ... is to make the
physical attack more expensive than the associated expected fraudulent
benefit to the attacker.
the issue is since the serial number is static (and requires symmetrical
authentication ... same value is used for both establishing
authentication and verifying authentication) ... and
symmetric authentication mechanisms are vulnerable to a large number of
attacks other than physical invasive attack on the physical chip
(the argument is nearly identical to the justification of using digital
signature authentication in lieu of static data pin/password
authentication which is subject to all sorts of evesdropping and replay
attacks) ... like peeling physical layers of the chip and using scanning
electron microscope .... i actually spent some time working at the los
gatos vlsi lab (bldg. 29) which claims to have pioneered use of scanning
electron microscope for chip analysis ... not for chip attacks ... but
as part of debugging initial chips.
so a physical vulnerability issue for something fips140-2 is whether
there is constant power and countermeasure to physical invasive attack
can trigger zeroization. there is cost and vulnerability trade-off
regarding not having constant power and can have a physical attack w/o
zeroization countermeasure. that is something that shows up as part of
parameterized risk management.
this is also somewhat related to the security proportional to risk topic
... one such discussion:
http://www.garlic.com/~lynn/2001h.html#61
past posts involving this thread:
http://www.garlic.com/~lynn/aadsm24.htm#49 Crypto to defend chip IP:
snake oil or good idea?
http://www.garlic.com/~lynn/aadsm24.htm#51 Crypto to defend chip IP:
snake oil or good idea?
http://www.garlic.com/~lynn/aadsm24.htm#52 Crypto to defend chip IP:
snake oil or good idea?
http://www.garlic.com/~lynn/aadsm24.htm#53 Case Study: Thunderbird's
brittle security as proof of Iang's 3rd Hypothesis in secure design:
there is only one mode, and it's secure
http://www.garlic.com/~lynn/aadsm25.htm#0 Crypto to defend chip IP:
snake oil or good idea?
http://www.garlic.com/~lynn/aadsm25.htm#1 Crypto to defend chip IP:
snake oil or good idea?
http://www.garlic.com/~lynn/2006n.html#57 The very first text editor
past posts discussing parameterized risk management issues:
http://www.garlic.com/~lynn/aadsmore.htm#bioinfo3 QC Bio-info leak?
http://www.garlic.com/~lynn/aadsmore.htm#biosigs biometrics and
electronic signatures
http://www.garlic.com/~lynn/aepay3.htm#x959risk1 Risk Management in AA /
draft X9.59
http://www.garlic.com/~lynn/aadsm3.htm#cstech3 cardtech/securetech & CA PKI
http://www.garlic.com/~lynn/aadsm3.htm#cstech4 cardtech/securetech & CA PKI
http://www.garlic.com/~lynn/aadsm3.htm#cstech9 cardtech/securetech & CA PKI
http://www.garlic.com/~lynn/aadsm3.htm#kiss2 Common misconceptions, was
Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION
:draft-ietf-pkix-scvp-00.txt))
http://www.garlic.com/~lynn/aepay6.htm#x959b X9.59 Electronic Payment
standard issue
http://www.garlic.com/~lynn/aadsm12.htm#17 Overcoming the potential
downside of TCPA
http://www.garlic.com/~lynn/aadsm19.htm#15 Loss Expectancy in NPV
calculations
http://www.garlic.com/~lynn/aadsm19.htm#44 massive data theft at
MasterCard processor
http://www.garlic.com/~lynn/aadsm19.htm#46 the limits of crypto and
authentication
http://www.garlic.com/~lynn/aadsm21.htm#5 Is there any future for
smartcards?
http://www.garlic.com/~lynn/aadsm21.htm#8 simple (&secure??) PW-based
web login (was Re: Another entry in the internet security hall of shame....)
http://www.garlic.com/~lynn/aadsm23.htm#1 RSA Adaptive Authentication
http://www.garlic.com/~lynn/aadsm23.htm#27 Chip-and-Pin terminals were
replaced by "repairworkers"?
http://www.garlic.com/~lynn/aadsm25.htm#1 Crypto to defend chip IP:
snake oil or good idea?
http://www.garlic.com/~lynn/99.html#235 Attacks on a PKI
http://www.garlic.com/~lynn/99.html#238 Attacks on a PKI
http://www.garlic.com/~lynn/2000.html#46 question about PKI...
http://www.garlic.com/~lynn/2000.html#57 RealNames hacked. Firewall issues.
http://www.garlic.com/~lynn/2005k.html#23 More on garbage
http://www.garlic.com/~lynn/2006g.html#40 Why are smart cards so dumb?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list