Low cost attacks on tamper resistant devices

  • Ross Anderson
  • Markus Kuhn
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1361)

Abstract

There has been considerable recent interest in the level of tamper resistance that can be provided by low cost devices such as smart-cards. It is known that such devices can be reverse engineered using chip testing equipment, but a state of the art semiconductor laboratory costs millions of dollars. In this paper, we describe a number of attacks that can be mounted by opponents with much shallower pockets.

Three of them involve special (but low cost equipment: differential fault analysis, chip rewriting, and memory remanence. There are also attacks based on good old fashioned protocol failure which may not require any special equipment at all. We describe and give examples of each of these. Some of our attacks are significant improvements on the state of the art; others are useful cautionary tales. Together, they show that building tamper resistant devices, and using them effectively, is much harder than it looks.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    DG Abraham. GM Dolan, GP Double, JV Stevens, “Transaction Security System”, in IBM Systems Journal v 30 no 2 (1991) pp 206–229Google Scholar
  2. 2.
    RJ Anderson, MG Kuhn, “Tamper Resistance-a Cautionary Note”, in The Second USENIX Workshop on Electronic Commerce Proceedings (Nov 1996) pp 1–11Google Scholar
  3. 3.
    RJ Anderson, BM Needham, “Programming Satan's Computer”, in ‘Computer Science Today', Springer Lecture Notes in Computer Science v 1000 pp 426–441Google Scholar
  4. 4.
    RJ Anderson, “Why Cryptosystems Fail”, in Proceedings of the 1st ACM Conference on Computer and Communications Security (November 1993) pp 215–227Google Scholar
  5. 5.
    E Biham, A Shamir, “A New Cryptanalytic Attack on DES”, preprint, 18/10/96Google Scholar
  6. 6.
    E Biham, A Shamir, “Differential Fault Analysis: Identifying the Structure of Unknown Ciphers Sealed in Tamper-Proof Devices”, preprint, 10/11/96Google Scholar
  7. 7.
    E Biham, A Shamir, “Differential Fault Analysis: A New Cryptanalytic Attack on Secret Key Cryptosystems”, preprint, 21/11/96Google Scholar
  8. 8.
    M Blaze, personal communication Google Scholar
  9. 9.
    M Blaze, “Protocol Failure in the Escrowed Encryption Standard”, in Proceedings of the 2nd ACM Conference on Computer and Communications Security (2-4 November 1994), ACM Press, pp 59-67Google Scholar
  10. 10.
    F Bao, RH Deng, Y Han, A Jeng, AD Nirasimhalu, T Ngair, “Breaking Public Key Cryptosystems in the Presence of Transient Faults”, this volume Google Scholar
  11. 11.
    D Boneh, RA DeMillo, RJ Lipton, “On the Importance of Checking Computations”, preprint, 11/96Google Scholar
  12. 12.
    E Bovenlander, invited talk. on smartcard security, Eurocrypt 97Google Scholar
  13. 13.
    P Farrell, personal communication Google Scholar
  14. 14.
    L Guillou, comment from the floor of Crypto 96 Google Scholar
  15. 15.
    P Gutman, “Secure Deletion of Data from Magnetic and Solid-State Memory”, in Sixth USENIX Security Symposium Proceedings (July 1996) pp 77–89Google Scholar
  16. 16.
    M. Joye, F Koeune, JJ Quisquater, “Further results on Chinese remaindering”, Université Catholique de Louvain Technical Report. CC,-7.997-1, available at http://www.dice. ucl.ac.be/Crypto/tech reports/CG1997_l.ps.gzGoogle Scholar
  17. 17.
    O Kocar, “Hardwaresicherheit von Mikrochips in Chipkarten”, in Datenschutz and Datensicherheit v 20 no 7 (July 96) pp 421–424Google Scholar
  18. 18.
    C Mitchell, S Murphy, F Piper, P Wild, “Red Pike-An Assessment”, Codes and Ciphers Ltd 2/10/96Google Scholar
  19. 19.
    RL Rivest, “The RC5 Encryption Algorithm”, in Proceedings of the Second International Workshop on Fast Software Encryption (December 1994), Springer LNCS v 1008 pp 86-96Google Scholar
  20. 20.
    'VISA Security Module Operations Manual', VISA, 1986Google Scholar

Copyright information

© Springer-Verlag 1998

Authors and Affiliations

  • Ross Anderson
    • 1
  • Markus Kuhn
    • 2
  1. 1.Computer LaboratoryCambridgeUK
  2. 2.COAST LaboratoryPurdue UniversityWest LafayetteUSA

Personalised recommendations