Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defenses

  • Steve H. Weingart
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1965)

Abstract

As the value of data on computing systems increases and operating systems become more secure, physical attacks on computing systems to steal or modify assets become more likely. This technology requires constant review and improvement, just as other competitive technologies need review to stay at the leading edge.

This paper describes known physical attacks, ranging from simple attacks that require little skill or resource, to complex attacks that require trained, technical people and considerable resources. Physical security methods to deter or prevent these attacks are presented. The intent is to match protection methods with the attack methods in terms of complexity and cost. In this way cost effective protection can be produced across a wide range of systems and needs.

Specific technical mechanisms now in use are shown, as well as mechanisms proposed for future use. Common design problems and solutions are discussed with consideration for manufacturing.

References

  1. 1.
    R. Anderson, M. Kuhn, ‘Tamper Resistance-A Cautionary Note’, The Second USENIX Workshop on Electronic Commerce Proceedings, Oakland, California, November 18-21, 1996, pp 1–11, ISBN 1-880446-83-96.Google Scholar
  2. 2.
    R. Anderson, M. Kuhn, ‘Low Cost Attacks on Tamper Resistant Devices’Google Scholar
  3. 3.
    R. E. Anderson, ‘Bank Security’, Butterworth Publishers 1981, pp. 9l–93.Google Scholar
  4. 4.
    S. Chari, C.S. Jutla. J.R. Rao, and P. Rohatgi. ‘A Cautionary note regarding evaluation of AES candidates on smart cards’. Proceedings of Second AES Conference, Rome, Mar 1999.Google Scholar
  5. 5.
    David Chaum, ‘Concepts for Design of Tamper Responding Systems’, Advances inCryptology, Proceedings of Crypto’ 83, Plenum Press 1984, pp.387-392.Google Scholar
  6. 6.
    Andrew l. Clark, ‘Physical Protection of Cryptographic Devices’, presented atEurocrypt’ 87, Amsterdam.Google Scholar
  7. 8.
    G. P. Double, ‘Physical Security for Transaction Systems: A Design Methodology’, IBM Technical Report, TR 83.227 IBM 1990.Google Scholar
  8. 10.
    P. Kocher, J. Jaffe and B. Jun. ‘Introduction to Differential Power Analysis and Related Attacks.’ Manuscript, Cryptography Research, Inc. 1998.Google Scholar
  9. 11.
    M. Kuhn and R. Anderson, ‘Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations’, Information Hiding 1998, LNCS 1525, pp. 124–142, 1998.CrossRefGoogle Scholar
  10. 12.
    W. L. Price, ‘Physical Security of Transaction Devices’, NPL Technical Memo DITC 4/86, National Physical Laboratory, Jan, 1986.Google Scholar
  11. 13.
    S.W. Smith, S.H. Weingart, ‘Building a High Performance, Programmable Secure Coprocessor.’ Computer Networks (Special Issue on Computing Network Security). 31: 831–860. April 1999.Google Scholar
  12. 14.
    S.W. Smith, V. Austel, R. Perez, S. Weingart. ‘Validating a High-Performance, Programmable Secure Coprocessor or, the World’s First FIPS 140-1 Level 4.’ 22nd National Information Systems Security Cconerence, October 199.Google Scholar
  13. 15.
    S. H. Weingart, ‘Physical Security for the uABYSS System’, Proceedings of IEEE Symposium on Security and Privacy 1987, IEEE Publications, pp. 52–58.Google Scholar
  14. 16.
    S. H. Weingart, S. White, W. Arnold, and G. Double, ‘An Evaluation System for the Physical Security of Computing Systems’, Proceedings of the Sixth Annual Computer Security Applications Conference 1990, IEEE Publications, pp. 232–243.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Steve H. Weingart
    • 1
  1. 1.Secure Systems and Smart Card GroupIBM Thomas J. Watson Research CenterHawthorneNY

Personalised recommendations