Abstract
There has been considerable recent interest in the level of tamper resistance that can be provided by low cost devices such as smart-cards. It is known that such devices can be reverse engineered using chip testing equipment, but a state of the art semiconductor laboratory costs millions of dollars. In this paper, we describe a number of attacks that can be mounted by opponents with much shallower pockets.
Three of them involve special (but low cost equipment: differential fault analysis, chip rewriting, and memory remanence. There are also attacks based on good old fashioned protocol failure which may not require any special equipment at all. We describe and give examples of each of these. Some of our attacks are significant improvements on the state of the art; others are useful cautionary tales. Together, they show that building tamper resistant devices, and using them effectively, is much harder than it looks.
Preview
Unable to display preview. Download preview PDF.
References
DG Abraham. GM Dolan, GP Double, JV Stevens, “Transaction Security System”, in IBM Systems Journal v 30 no 2 (1991) pp 206–229
RJ Anderson, MG Kuhn, “Tamper Resistance-a Cautionary Note”, in The Second USENIX Workshop on Electronic Commerce Proceedings (Nov 1996) pp 1–11
RJ Anderson, BM Needham, “Programming Satan's Computer”, in ‘Computer Science Today', Springer Lecture Notes in Computer Science v 1000 pp 426–441
RJ Anderson, “Why Cryptosystems Fail”, in Proceedings of the 1st ACM Conference on Computer and Communications Security (November 1993) pp 215–227
E Biham, A Shamir, “A New Cryptanalytic Attack on DES”, preprint, 18/10/96
E Biham, A Shamir, “Differential Fault Analysis: Identifying the Structure of Unknown Ciphers Sealed in Tamper-Proof Devices”, preprint, 10/11/96
E Biham, A Shamir, “Differential Fault Analysis: A New Cryptanalytic Attack on Secret Key Cryptosystems”, preprint, 21/11/96
M Blaze, personal communication
M Blaze, “Protocol Failure in the Escrowed Encryption Standard”, in Proceedings of the 2nd ACM Conference on Computer and Communications Security (2-4 November 1994), ACM Press, pp 59-67
F Bao, RH Deng, Y Han, A Jeng, AD Nirasimhalu, T Ngair, “Breaking Public Key Cryptosystems in the Presence of Transient Faults”, this volume
D Boneh, RA DeMillo, RJ Lipton, “On the Importance of Checking Computations”, preprint, 11/96
E Bovenlander, invited talk. on smartcard security, Eurocrypt 97
P Farrell, personal communication
L Guillou, comment from the floor of Crypto 96
P Gutman, “Secure Deletion of Data from Magnetic and Solid-State Memory”, in Sixth USENIX Security Symposium Proceedings (July 1996) pp 77–89
M. Joye, F Koeune, JJ Quisquater, “Further results on Chinese remaindering”, Université Catholique de Louvain Technical Report. CC,-7.997-1, available at http://www.dice. ucl.ac.be/Crypto/tech reports/CG1997_l.ps.gz
O Kocar, “Hardwaresicherheit von Mikrochips in Chipkarten”, in Datenschutz and Datensicherheit v 20 no 7 (July 96) pp 421–424
C Mitchell, S Murphy, F Piper, P Wild, “Red Pike-An Assessment”, Codes and Ciphers Ltd 2/10/96
RL Rivest, “The RC5 Encryption Algorithm”, in Proceedings of the Second International Workshop on Fast Software Encryption (December 1994), Springer LNCS v 1008 pp 86-96
'VISA Security Module Operations Manual', VISA, 1986
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Anderson, R., Kuhn, M. (1998). Low cost attacks on tamper resistant devices. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds) Security Protocols. Security Protocols 1997. Lecture Notes in Computer Science, vol 1361. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0028165
Download citation
DOI: https://doi.org/10.1007/BFb0028165
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64040-0
Online ISBN: 978-3-540-69688-9
eBook Packages: Springer Book Archive