Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering

Abstract. Traditionally, secure cryptographic algorithms provide security against an adversary who has only black-box access to the secret information of honest parties. However, such models are not always adequate. In particular, the security of these algorithms may completely break under (feasible) attacks that tamper with the secret key. In this paper we propose a theoretical framework to investigate the algorithmic aspects related to tamper-proof security. In particular, we define a model of security against an adversary who is allowed to apply arbitrary feasible functions f to the secret key sk, and obtain the result of the cryptographic algorithms using the new secret key f(sk). We prove that in the most general setting it is impossible to achieve this strong notion of security. We then show minimal additions to the model, which are needed in order to obtain provable security. We prove that these additions are necessary and also sufficient for most common cryptographic primitives, such as encryption and signature schemes. We discuss the applications to portable devices protected by PINs and show how to integrate PIN security into the generic security design. Finally we investigate restrictions of the model in which the tampering powers of the adversary are limited. These restrictions model realistic attacks (like differential fault analysis) that have been demonstrated in practice. In these settings we show security solutions that work even without the additions mentioned above

The UA9 experimental layout

The UA9 experimental equipment was installed in the CERN-SPS in March '09 with the aim of investigating crystal assisted collimation in coasting mode. Its basic layout comprises silicon bent crystals acting as primary collimators mounted inside two vacuum vessels. A movable 60 cm long block of tungsten located downstream at about 90 degrees phase advance intercepts the deflected beam. Scintillators, Gas Electron Multiplier chambers and other beam loss monitors measure nuclear loss rates induced by the interaction of the beam halo in the crystal. Roman pots are installed in the path of the deflected particles and are equipped with a Medipix detector to reconstruct the transverse distribution of the impinging beam. Finally UA9 takes advantage of an LHC-collimator prototype installed close to the Roman pot to help in setting the beam conditions and to analyze the efficiency to deflect the beam. This paper describes in details the hardware installed to study the crystal collimation during 2010.Comment: 15pages, 11 figure, submitted to JINS

Tampering with motes: Real-world physical attacks on wireless sensor networks

Abstract. Most security protocols for wireless sensor networks (WSN) assume that the adversary can gain full control over a sensor node through direct physical access (node capture attack). But so far the amount of effort an attacker has to undertake in a node capture attack is unknown. In our project we evaluate different physical attacks against sensor node hardware. Detailed knowledge about the effort needed for physical attacks allows to fine tune security protocols in WSNs so they provide optimal protection at minimal cost.

University of Wollongong Research Online

Fault analysis of the KATAN family of bloc

Tamper-Proof Circuits: How to Trade Leakage for Tamper-Resilience

Abstract. Tampering attacks are cryptanalytic attacks on the implementation of cryptographic algorithms (e.g., smart cards), where an adversary introduces faults with the hope that the tampered device will reveal secret information. Inspired by the work of Ishai et al. [Eurocrypt’06], we propose a compiler that transforms any circuit into a new circuit with the same functionality, but which is resilient against a welldefined and powerful tampering adversary. More concretely, our transformed circuits remain secure even if the adversary can adaptively tamper with every wire in the circuit as long as the tampering fails with some probability δ> 0. This additional requirement is motivated by practical tampering attacks, where it is often difficult to guarantee the success of a specific attack. Formally, we show that a q-query tampering attack against the transformed circuit can be “simulated ” with only black-box access to the original circuit and log(q) bits of additional auxiliary information. Thus, if the implemented cryptographic scheme is secure against log(q) bits of leakage, then our implementation is tamper-proof in the above sense. Surprisingly, allowing for this small amount of information leakage allows for much more efficient compilers, which moreover do not require randomness during evaluation. Similar to earlier works our compiler requires small, stateless and computation-independent tamper-proof gadgets. Thus, our result can be interpreted as reducing the problem of shielding arbitrary complex computation to protecting simple components.