HiGate (High Grade Anti‐Tamper Equipment) Prototype and Application to e‐Discovery

These days, most data is digitized and processed in various ways by computers. In the past, computer owners were free to process data as desired and to observe the inputted data as well as the interim results. However, the unrestricted processing of data and accessing of interim results even by computer users is associated with an increasing number of adverse events. These adverse events often occur when sensitive data such as personal or confidential business information must be handled by two or more parties, such as in the case of e-Discovery, used in legal proceedings, or epidemiologic studies. To solve this problem, providers encrypt data, and the owner of the computer performs decoding in the memory for encrypted data. The computer owner can be limited to performing only certain processing of data and to observing only the final results. As an implementation that uses existing technology to realize this solution, the processing of data contained in a smart card was considered, but such an implementation would not be practical due to issues related to computer capacity and processing speed. Accordingly, the authors present the concept of PC-based High Grade Anti-Tamper Equipment (HiGATE), which allows data to be handled without revealing the data content to administrators or users. To verify this concept, an e-Discovery application on a prototype was executed and the results are reported here. Keyword: Anti-Tamper, e-Discovery, Bitlocker, APIHoo

HiGate (High Grade Anti-Tamper Equipment) Prototype and Application to e-Discovery

These days, most data is digitized and processed in various ways by computers. In the past, computer owners were free to process data as desired and to observe the inputted data as well as the interim results. However, the unrestricted processing of data and accessing of interim results even by computer users is associated with an increasing number of adverse events. These adverse events often occur when sensitive data such as personal or confidential business information must be handled by two or more parties, such as in the case of e-Discovery, used in legal proceedings, or epidemiologic studies. To solve this problem, providers encrypt data, and the owner of the computer performs decoding in the memory for encrypted data. The computer owner can be limited to performing only certain processing of data and to observing only the final results. As an implementation that uses existing technology to realize this solution, the processing of data contained in a smart card was considered, but such an implementation would not be practical due to issues related to computer capacity and processing speed. Accordingly, the authors present the concept of PC-based High Grade AntiTamper Equipment (HiGATE), which allows data to be handled without revealing the data content to administrators or users. To verify this concept, an eDiscovery application on a prototype was executed and the results are reported here

Revisiting software protection

We provide a selective survey on software protection, including approaches to software tamper resistance, obfuscation, software diversity, and white-box cryptography. We review the early literature in the area plus recent activities related to trusted platforms, and discuss challenges and future directions

FPGA based remote code integrity verification of programs in distributed embedded systems

The explosive growth of networked embedded systems has made ubiquitous and pervasive computing a reality. However, there are still a number of new challenges to its widespread adoption that include scalability, availability, and, especially, security of software. Among the different challenges in software security, the problem of remote-code integrity verification is still waiting for efficient solutions. This paper proposes the use of reconfigurable computing to build a consistent architecture for generation of attestations (proofs) of code integrity for an executing program as well as to deliver them to the designated verification entity. Remote dynamic update of reconfigurable devices is also exploited to increase the complexity of mounting attacks in a real-word environment. The proposed solution perfectly fits embedded devices that are nowadays commonly equipped with reconfigurable hardware components that are exploited to solve different computational problems

Security validation of smartcard: MCOS

The National Fuel subsidy system planning in Malaysia should it persist would have elevated the Multi-purpose of MyKad. Malaysian government is planning for a new MyID system that can retrieve governmental related documents when dealing with 760 governments and agencies nationwide (The Star, 2010). This move will leverage the existing infrastructure of MyKad. The wider usage of MyKad may raise public concern regarding its security. Thus, there is a need for assessing the security of MyKad by an independent third party.This paper will first discuss vulnerability of smartcard by using the attack potential model (CCDB, 2008), and then the appropriateness of the current methods and tools to test the security of smartcard will be investigated.The study concludes that there is no yet a standard of security testing tool imposed on smartcard in Malaysia.The study promotes the developing of security testing tool for MyKad