Remote attestation mechanism for embedded devices based on physical unclonable functions

Remote attestation mechanisms are well studied in the high-end computing environments; however, the same is not true for embedded devices-especially for smart cards. With ever changing landscape of smart card technology and advancements towards a true multi-application platform, verifying the current state of the smart card is significant to the overall security of such proposals. The initiatives proposed by GlobalPlatform Consumer Centric Model (GP-CCM) and User Centric Smart Card Ownership Model (UCOM) enables a user to download any application as she desire-depending upon the authorisation of the application provider. Before an application provider issues an application to a smart card, verifying the current state of the smart card is crucial to the security of the respective application. In this paper, we analyse the rationale behind the remote attestation mechanism for smart cards, and the fundamental features that such a mechanism should possess. We also study the applicability of Physical Unclonable Functions (PUFs) for the remote attestation mechanism and propose two algorithms to achieve the stated features of remote attestation. The proposed algorithms are implemented in a test environment to evaluate their performance. © 2013 The authors and IOS Press. All rights reserved

Secure Autonomous UAVs Fleets by Using New Specific Embedded Secure Elements

International audienc

Security validation of smartcard: MCOS

The National Fuel subsidy system planning in Malaysia should it persist would have elevated the Multi-purpose of MyKad. Malaysian government is planning for a new MyID system that can retrieve governmental related documents when dealing with 760 governments and agencies nationwide (The Star, 2010). This move will leverage the existing infrastructure of MyKad. The wider usage of MyKad may raise public concern regarding its security. Thus, there is a need for assessing the security of MyKad by an independent third party.This paper will first discuss vulnerability of smartcard by using the attack potential model (CCDB, 2008), and then the appropriateness of the current methods and tools to test the security of smartcard will be investigated.The study concludes that there is no yet a standard of security testing tool imposed on smartcard in Malaysia.The study promotes the developing of security testing tool for MyKad

A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components

The semiconductor industry is fully globalized and integrated circuits (ICs) are commonly defined, designed and fabricated in different premises across the world. This reduces production costs, but also exposes ICs to supply chain attacks, where insiders introduce malicious circuitry into the final products. Additionally, despite extensive post-fabrication testing, it is not uncommon for ICs with subtle fabrication errors to make it into production systems. While many systems may be able to tolerate a few byzantine components, this is not the case for cryptographic hardware, storing and computing on confidential data. For this reason, many error and backdoor detection techniques have been proposed over the years. So far all attempts have been either quickly circumvented, or come with unrealistically high manufacturing costs and complexity. This paper proposes Myst, a practical high-assurance architecture, that uses commercial off-the-shelf (COTS) hardware, and provides strong security guarantees, even in the presence of multiple malicious or faulty components. The key idea is to combine protective-redundancy with modern threshold cryptographic techniques to build a system tolerant to hardware trojans and errors. To evaluate our design, we build a Hardware Security Module that provides the highest level of assurance possible with COTS components. Specifically, we employ more than a hundred COTS secure crypto-coprocessors, verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to realize high-confidentiality random number generation, key derivation, public key decryption and signing. Our experiments show a reasonable computational overhead (less than 1% for both Decryption and Signing) and an exponential increase in backdoor-tolerance as more ICs are added

SMART SECURITY MANAGEMENT IN SECURE DEVICES

International audienceAmong other threats, secure components are subjected tophysical attacks whose aim is to recover the secret information theystore. Most of the work carried out to protect these components generally consists in developing protections (or countermeasures) taken one byone. But this “countermeasure-centered” approach drastically decreasesthe performance of the chip in terms of power, speed and availability.In order to overcome this limitation, we propose a complementary approach: smart dynamic management of the whole set of countermeasuresembedded in the component. Three main specifications for such management are required in a real world application (for example, a conditionalaccess system for Pay-TV): it has to provide capabilities for the chip todistinguish between attacks and normal use cases (without the help of ahuman being and in a robust but versatile way); it also has to be basedon mechanisms which dynamically find a trade-off between security andperformance; all these mecanisms have to formalized in a way which isclearly understandable by the designer. In this article, a prototype whichenables such security management is described. The solution is based ona double-processor architecture: one processor embeds a representativeset of countermeasures (and mechanisms to define their parameters) andexecutes the application code. The second processor, on the same chip,applies a given security strategy, but without requesting sensitive datafrom the first processor. The chosen strategy is based on fuzzy logic reasoning to enable the designer to describe, using a fairly simple formalism,both the attack paths and the normal use cases. A proof of concept hasbeen proposed for the smart card part of a conditional access for Pay-TV,but it could easily be fine-tuned for other applications