1. Field of the Invention
The invention relates to the field of secure cryptography. It particularly concerns devices and methods for securely storing a secret within a tamper-protection barrier.
2. Background Information
The security of electronic data is of paramount importance in today's computer-based world. Many commercially-available devices and systems store electronic data or other information that should not be accessible to unauthorized users or attackers. This secret may itself be sensitive and/or valuable, or it may be used to access sensitive and/or valuable information. If an attacker were to obtain access to the secret within these devices or systems, they could then access the sensitive information. In some cases, this results in a loss of privacy or a financial loss. A user who is able to access the secret could access consumer information, e.g., personal health information (PHI), social security numbers, account numbers, account passwords, and contact information. For instance, automated teller machines (ATMs) store a secret code, e.g., a 128-bit number, that is used in the transmission of a customer's personal information, e.g., bank account numbers, through a communication channel between an ATM and a respective bank information technology (IT) system. This secret code, or the information that it provides access to, are not meant be accessible to an unauthorized user or attacker. In hospital environments, for example, the sensitive or valuable electronic data may be PHI.
To protect such secrets, many devices and systems, e.g. modern ATMs, store the secret, and related data if any, within a tamper-protection barrier. This barrier is an electronic and/or physical shield such that if an unauthorized user or attacker penetrates the barrier, the secret is automatically destroyed before the attacker is able to use the secret to access sensitive data.
However, even in devices with tamper-protection barriers, there is still the possibility that given enough time and financial resources, a clever and/or persistent attacker may still be able to access the secret. For instance, an attacker may be able to use a tiny physical probe and attach this probe to electrical connections (e.g. joint test action group (JTAG) pins) on a memory device to access portions of data from the memory device within the tamper-protection barrier. With enough time and a sufficient number of samples of the device, clever attackers could access enough information from the memories within the tamper-protection barriers such that they are able to obtain the secret. Thus, even devices which store secrets within a tamper-protection barrier are still vulnerable to clever and/or persistent attackers.
Therefore, there exists a need for a device or method for securely storing a secret or sensitive data within a tamper-protection barrier such that even with substantial time, financial resources, and a large number of samples of the devices, clever attackers would still not be able to access the data.