This section is intended to introduce the reader to various aspects of the art that may be related to various aspects of the present invention. The following discussion is intended to provide information to facilitate a better understanding of the present invention. Accordingly, it should be understood that statements in the following discussion are to be read in this light, and not as admissions of prior art.
Furthermore, where a definition or use of a term in a reference, which is incorporated by reference herein, is inconsistent or contrary to the definition of that term provided herein, the definition of that term provided herein applies and the definition of that term in the reference does not apply.
Electronic devices that store sensitive information can easily fall into the wrong hands. To access internally-stored information, malicious parties may mount electronic-based attacks or various physical attacks, including removal of covers, removal of any potting, identification of the location and function of any existing security defenses, or bypassing of such defenses to gain access to the next layer of protection, to name a few.
One solution to this problem known in the art is to provide an anti-tamper system that encapsulates the core processing circuitry (CPC) that performs the system's information processing functionality in a security enclosure. For purposes of this disclosure, the term “anti-tamper” includes tamper resistant, tamper proof, tamper evident, tamper respondent, and the like, or any combination thereof. Throughout this disclosure, the terms “anti-tamper system,” “anti-tamper device,” and “anti-tamper enclosure” are used interchangeably.
For example, a “tamper-respondent” device may “react” to illicit attacks. Typically, such a device includes the use of a strong physical enclosure and tamper-detection or tamper-response circuitry that zeroes out stored critical security parameters (CSPs) during a tampering attempt, i.e., when the device's security is compromised.
For example, U.S. Pat. No. 4,860,351 A (“Tamper-resistant packaging for protection of information stored in electronic circuitry”) discloses a tamper-resistant device that includes apparatus for distributing electro-magnetic energy within a region occupied by the circuit to be protected. A sensing arrangement senses the distribution of the energy, and any changes can be detected, leading to zeroization of the information stored in the protected electronic circuit.
A vast majority of existing anti-tamper devices' information processing functionalities center around cryptographic operations, although a few devices known in the art can perform general-purpose functions, having a general-purpose CPU and RAM included in their CPC.
There exist a number of standards that define the security properties of anti-tamper devices with physical security assurances. For example, the National Institute of Standards and Technology (NIST) issued the Federal Information Processing Standard (FIPS) 140 Publication Series to coordinate the requirements and standards for cryptographic devices that include both hardware and software components. This standard provides four increasing, qualitative levels of security intended to cover a wide range of potential applications and environments. The security requirements cover areas related to the secure design and implementation of a cryptographic device, such as areas related to cryptographic device specification; cryptographic device ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks.
Specifically, the current standard NIST FIPS 140-2 defines four levels of security, named “Level 1,” “Level 2,” Level 3,” and “Level 4.” The highest level, Security Level 4, mandates that the physical security mechanisms provide a complete envelope of protection around the cryptographic device with the intent of detecting and responding to all unauthorized attempts at physical access. Penetration of the cryptographic device's enclosure from any direction must have a very high probability of being detected, resulting in the immediate zeroization of all CSPs.
Security Level 4 also provides for protection of a cryptographic device against a security compromise caused by environmental conditions or fluctuations outside of the device's normal operating ranges for voltage and temperature. An attacker may utilize intentional excursions beyond the normal operating ranges to thwart a cryptographic device's defenses. The standard requires a cryptographic device to either include special environmental protection features designed to detect fluctuations and zeroize CSPs, or to undergo rigorous environmental failure testing to provide a reasonable assurance that the device will not be affected by fluctuations outside of the normal operating range in a manner that may compromise the device's security.
Any security-related properties of an anti-tamper system or its components that aid in the enforcement of the functional security objectives and security requirements mandated by a standard will be referred to as “security properties” throughout this disclosure.
For example, to satisfy the tamper-evidence requirement of FIPS 140-2 Level 2, any physical or logical seals and materials used need to feature tamper-evident properties. These are an example of security properties. As part of these security properties, for example, the security seals commonly employed on devices like electronic voting machines often rely on the irreversible and visible destruction of the seal components.
Further, to satisfy Security Level 4 requirements, the system may need to include an enclosure with tamper-detection and response properties. These, too, are examples of security properties.
Still further, to satisfy the objective of preventing the unauthorized disclosure of any contents of the system, including plaintext cryptographic keys and CSPs, the system and its components may deploy encryption with confidentiality and authentication properties. These are further examples of security properties.
Overall, security properties are any properties required of the system or its components to enforce security as defined in a security policy.
Similar security standards are applied by the US Department of Defense as described in various documents including the “DEPARTMENT OF DEFENSE PHYSICAL SECURITY EQUIPMENT GUIDE” or in the requirements defined by the “DoD Anti-Tamper Executive Agent.”
In applying FIPS Publication 140, vendors of cryptographic devices use independent, accredited Cryptographic and Security Testing (CST) laboratories to test their devices. The CST laboratories use the Derived Test Requirements (DTR), Implementation Guidance (IG) and applicable CMVP programmatic guidance to test cryptographic devices against the applicable standards. NIST's Computer Security Division (CSD) and CSEC jointly serve as the Validation Authorities for the program, validating the test results and issuing certificates.
Certification of a system under standards such as FIPS 140-2 often may require the publication of a detailed “security policy.” Such security policy is a document that specifies precisely the security rules under which the system must operate, including the security rules dictated by the standard governing the certification (e.g., FIPS 140-2) and any additional security rules imposed by the manufacturer of the system.
A security policy should be expressed in terms of roles, services, cryptographic keys, and other critical security parameters. It should address, at a minimum, an identification and authentication (I&A) policy and an access control policy. An I&A policy specifies whether a system operator is required to identify herself to the system and, if so, what information is required and how it should be presented to the system in order for the operator to prove her identity to the system (i.e., authenticate herself). Information required to be presented to the system might include passwords or individually unique biometric data. Once an operator can perform services using the system, an access control policy specifies what mode(s) of access she has to each security-relevant data item while performing a given service.
The specification should be thorough and detailed enough to define what access operator X, performing service Y while in role Z, has to security-relevant data item K for every role, service, and security-relevant data item included in the system. In other words, the security policy specifies the rules of operation of the system that define the role(s) and circumstances in which an operator is allowed to maintain or disclose each security relevant data item of the system in her performance of a given service.
Standards such as FIPS 140-2 mandate that a system support a number of “authorized roles” for operators of the system. For example, FIPS 140-2 mandates at least a “User” role and a “Crypto Officer” role. The User Role is the role assumed to perform general security services, including cryptographic operations and other approved security functions, as outlined in the security policy. The Crypto Officer Role is the role assumed to perform initialization or management functions (e.g., system initialization, input/output of cryptographic keys and CSPs, and audit functions). The system is often allowed to support other roles or sub-roles. Usually these roles need to be documented in the system security policy. With reference to the various roles described above, this disclosure accepts the definitions of those terms provided in NIST FIPS 140-2.
There are three major reasons for developing and following a precise security policy. Firstly, to induce the vendor of the system to carefully and precisely consider who will be allowed access to the system, the manner in which various system elements can be accessed, and which system elements to protect. Secondly, to provide a precise specification of the cryptographic security properties to enable individuals and organizations (e.g., validators) to determine whether the system, as implemented, obeys (satisfies) a stated security policy. Thirdly, to describe to a system's user (organization or individual operator) the capabilities, protections, and access rights the user will have when using the system.
Today, thousands of manufacturers around the world produce hundreds of billions of computing devices. Many computing devices in use contain personal, financial, legal, health, or other sensitive information, and thus, would greatly benefit from anti-tamper assurances. Yet, despite incredibly frequent reports of security breaches that could have been prevented had some level of security assurance been in place, a vast majority of computing devices do not feature such security properties. In fact, in the years 2013 and 2014, only six devices with Level 4 physical security were certified. Following is a brief overview of various contributing factors that give rise to the overwhelming shortcomings of the prior art.
A primary reason for the phenomenal lack of anti-tamper computing devices is the prohibitively high costs of such devices. For example, in the current state of the art, the latest IBM 4765 cryptographic co-processor featuring a Level 4 security enclosure is priced at approximately $9,250.00.
One of the major reasons for these high costs of anti-tamper devices is their limited production. Rather than being mass-produced, they are almost exclusively designed for niche financial-centric applications in which their significant up-front design and development costs can be justified.
A leading cause for the lack of mass production is the custom nature of the designs. No universal anti-tamper device exists in the prior art that can be mass-produced and is capable of enclosing arbitrary circuitry while providing necessary end-to-end security assurances.
A second compounding reason for the lack of mass production is the inherent inability of existing anti-tamper devices to dissipate significant amounts of heat from within. In addition to contributing to the preclusion of mass production, this heat constraint further burdens the prior art in that it necessarily constrains the size and, thus, the performance capabilities and computation power of the protected circuitry within such a device.
A third and principal reason for the lack of mass production stems from the nature of the design, build, and certification processes that are involved in providing a device that meets accepted security standards. Such processes are extremely time-consuming and costly. Further, new end-to-end certification of an entire device is often required for even minor changes in its design. By the time any anti-tamper computing device can be made commercially available, its internal CPC has already become obsolete for most general purpose computing tasks beyond use in the niche applications for which it was designed, i.e., applications in which the internal cryptographic hardware maintains its advantage.
Ultimately, these obstacles derive from the tightly-coupled nature of the design and R&D processes associated with anti-tamper devices. Currently in the art, the internal processing capabilities of such a device are tightly and directly coupled with the device's design and R&D processes. For example, manufacturers necessarily custom-design internal CPC for each individual device. Moreover, in all known device designs, the internal CPC; the anti-tamper enclosure elements, such as circuitry, sensors, potting, and flexible meshes; as well as any internal cryptographic circuitry, are all tightly integrated, both logically and physically.
Thus, there exists in the prior art a great need for an invention that seeks to address these issues. It is among the objects of the present invention to obviate or mitigate these disadvantages in the field.