1. Field of the Invention
Embodiments of the present invention relate, in general, to systems and methods for data protection and particularly to enclosing secure systems in tamper resistant enclosures.
2. Relevant Background
Cryptography is, in its broadest sense, the art of hiding information. Historically cryptography referred to encryption, the process of converting ordinary information (plaintext) into unintelligible gibberish (i.e., ciphertext), and decryption, the reverse, moving from unintelligible ciphertext to plaintext. In modern times cryptography encompasses a wide range of technology and techniques. These include symmetric-key cryptography, public-key (also, more generally, called asymmetric key) cryptography, cryptographic primitives, and cryptanalysis.
Cryptography utilizing symmetric and asymmetric-key cryptographic techniques employs a cipher and a key. A cipher is two or more algorithms that perform encryption and the reversing decryption. The detailed operation of a cipher is controlled both by the algorithm and, in each instance, by a key. This is a secret parameter (ideally, known only to the communicants) for a specific message exchange context. Keys are important, as ciphers without variable keys are trivially breakable and therefore less than useful for most purposes. Thus the protection of the keys, and to some extent the algorithms themselves, is an important part of data security.
A typical cryptographic system includes a secure environment housing the cryptographic algorithm(s) and, in the case of a public-private key pair, the private key. Received encrypted data generated by the related public key can be decrypted using the private key. The private key must remain secret while the public key can be freely distributed.
As will be appreciated by one skilled in the art of cryptography, many systems exist to securely manage cryptographic keys. One aspect of that management is the security of the keys and other cryptographic material to what is known in the art as an insider attack. An insider attack is an attack or intrusion from an entity that is trusted. This entity, having direct access to the system, can replace or insert devices in the middle of the data path to capture data and/or the keys.
This type of intrusion is generally addressed by maintaining complete physical security of the device and wires that contain and transport the data or by protecting the data cryptographically. Many systems are, however, incapable of, or it is infeasible to support, data cryptography. Thus physical security becomes the primary means to ensure that the cryptographic keys remain secure.
Current boundary protection is either tamper resistant or tamper evident. Tamper evident techniques simply present evidence that a device or system has been tampered with and thus the contents can no longer be trusted. Tamper resistant protection is understood to mean that intrusion into the device will result in damage making the device nonfunctional. One simple tamper resistant technique is to seal the components in epoxy. Many cryptographic functions and keys can be hard wired into an integrated circuit or the like. If one could examine the circuit, the key and algorithms would be revealed. Thus encasing the chip in epoxy prevents reverse engineering because removal of the epoxy would theoretically destroy the enclosed components.
This type of physical barrier however is not fool proof. While penetrating a chip using a barrier of this type is likely to render it non-functional, portions of the technology within the barrier may be recoverable. Furthermore, this type of barrier fails to protect an intrusion into the data path. The current art does not provide a cryptographically secure interface that is sensitive to physical intrusion.