Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2
➤ Gửi thông báo lỗi ⚠️ Báo cáo tài liệu vi phạmNội dung chi tiết: Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2
Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2
16Physical Tamper ResistanceIt is relatively easy to build an encryption system that is secure if it is working as intended and is used correctly but Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 it is still very hard to build a system that does not compromise its security in situations in which it is either misused or one or more of its sub-components fails (or is 'encouraged' to misbehave) ... this is now the only area where the closed world is still a long way ahead of the open world and Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 the many failures we see in commercial cryptographic systems provide some evidence for this.- Brian cladmanThe amount of careful, critical security tEbook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2
hinking that has gone into a given security device, system or program is inversely proportional to the amount of high-technology it uses.— Roger Johns16Physical Tamper ResistanceIt is relatively easy to build an encryption system that is secure if it is working as intended and is used correctly but Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 n mobile phones and as bank cards in Europe;■accessory control chips used in printer toner cartridges, mobile phone batteries and games-console memory' modules;■the TPM chips being shipped in PCs and Macs to support hard-disk encryption, DRM and software registration;■security modules used to manage Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 bank PINs, not just in bank server farms but in ATMs and point-of-sale terminals;483484 Chapter 16 ■ Physical Tamper Resistance■> security modules buEbook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2
ried in vending machines that sell everything from railway tickets through postage stamps to the magic numbers that activate your electricity meter.Ma16Physical Tamper ResistanceIt is relatively easy to build an encryption system that is secure if it is working as intended and is used correctly but Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 be trivially compromised in under a minute using simple tools, despite having been evaluated by VISA and also using the Common Criteria framework.Yet some ta mper-resisla n t processors a re getli ng pretty good. For exa mple, I know of one firm that spent half a million dollars trying, and failing, Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 to reverseengineer the protocol used by a games console vendor to stop competitors making memory modules compatible with its equipment1. But a few yeEbook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2
ars ago this was not the case. Serious tamper resistance emerged out of an arms race between firms that wanted to lock down their products, and others16Physical Tamper ResistanceIt is relatively easy to build an encryption system that is secure if it is working as intended and is used correctly but Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 rs were lawyers, reverse engineering products to prove patent infringements. There are half a dozen specialist firms that work for the lawyers, and the legal reverse engineers. There are academics who hack systems for glory, and to push forward the state of the art. There are bad guys like the pay-T Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 V pirates who clone subscriber cards. And finally there are lots of grey areas. If you find a way to unlock a particular make of mobile phone, so thatEbook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2
it can be used on any network, is that a crime? The answer is, it depends what country you're in.There are now many products on the market that claim16Physical Tamper ResistanceIt is relatively easy to build an encryption system that is secure if it is working as intended and is used correctly but Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 some are downright awful. It is increasingly important for the security engineer to understand what tamper resistance is, and what it can and can't do. In this chapter I'm going to take you through the past fifteen years or so, as ever more clever attacks have been met with successively more sophis Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 ticated defenses.It has long been important to make computers resist physical tampering, as an attacker who can get access can in principle change theEbook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2
software and get the machine to do what he wants. While computers were massive objects, this involved the techniques discussed in the previous few ch16Physical Tamper ResistanceIt is relatively easy to build an encryption system that is secure if it is working as intended and is used correctly but Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 safe with banknote dispensers and alarm sensors, while the sensor packages used to detect unlawful nuclear tests may be at the bottom of a borehole several hundred feet deep and backfilled with concrete.Where tamper resistance is needed purely for integrity and availability, it can sometimes be impl Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 emented using replication instead of physical protection. A’Eventually the memory module was cracked, but it took a custom lab with chip testing equipEbook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2
ment and a seven figure budget.• • •** • Ị 9^^service may be implemented on different servers in different sites that perform transactions simultaneou16Physical Tamper ResistanceIt is relatively easy to build an encryption system that is secure if it is working as intended and is used correctly but Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 t devices can provide confidentiality for the data too. This is one respect in which the principle that many things can be done either with mathematics or with metal, breaks down.16.2HistoryThe use of tamper resistance in cryptography goes back centuries [676). Naval codebooks were weighted so they Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 could be thrown overboard if capture was imminent; to this day, the dispatch boxes used by British government ministers' aides to carry state papers aEbook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2
re lead lined so they will sink. Codes and, more recently, the keys for wartime cipher machines have been printed in water soluble ink; Russian one-ti16Physical Tamper ResistanceIt is relatively easy to build an encryption system that is secure if it is working as intended and is used correctly but Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 ite charges so it could be destroyed quickly.But such mechanisms depended on the vigilance of the operator, and key material was often captured in surprise attacks. So attempts were made to automate the process. Early electronic devices, as well as some mechanical ciphers, were built so that opening Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 the case erased the key settings.Following a number of cases in which key material was sold to the other side by cipher staff — such as the notoriousEbook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2
Walker family in the USA, who sold U.S. Navy key material to the Russians for over 20 years [587] — engineers paid more attention to the question of 16Physical Tamper ResistanceIt is relatively easy to build an encryption system that is secure if it is working as intended and is used correctly but Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 tant devices from which the key cannot be extracted, or tamper evident ones from which key extraction would be obvious.Paper keys were once carried in 'tattle-tale containers', designed to show evidence of tampering. When electronic key distribution came along, a typical solution was the 'fill gun': Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 a portable device that dispenses crypto keys in a controlled way. Nowadays this function is usually performed using a small security processor such aEbook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2
s a smartcard; as with electricity meters, it may be packaged as a 'crypto ignition key'. Control protocols range from a limit on the number of times 16Physical Tamper ResistanceIt is relatively easy to build an encryption system that is secure if it is working as intended and is used correctly but Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 material also acquired broader purposes. In both the USA and the UK, it was centralized and used to enforce the use of properly approved computer and communications products. Live key material would only be supplied to a system once it had been properly accredited.486 Chapter 16 Physical Tamper Resi Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 stanceOnce initial keys have been loaded, further keys may be distributed using various authentication and key agreement protocols. I already talked aEbook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2
bout many of the basic tools, such as key diversification, in the chapter on protocols in Part I, and I'll have more to say on protocols later in the 16Physical Tamper ResistanceIt is relatively easy to build an encryption system that is secure if it is working as intended and is used correctly but Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 orth studying is the IBM 4758 (Figures 16.1 and 16.2). I his is important for three reasons. First, it was the first commercially available processor to have been successfully evaluated to the highest level of tamper resistance (FIPS 140-1 level 4) [9381 then set by the U.S. government. Second, ther Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 e is an extensive public literature about it, including the history of its design evolution, its protection mechanisms, and the transaction set it supEbook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2
ports [ 1195, 1328, 1330J. Third, as it was the first level-4-evaluated product, it was the highest profile target in the world of tamper resistance, 16Physical Tamper ResistanceIt is relatively easy to build an encryption system that is secure if it is working as intended and is used correctly but Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 2 -End Physically SeGọi ngay
Chat zalo
Facebook