The subject invention relates generally to systems for carrying out cryptographic processes and, more particularly, to systems and methods for increasing the security of such systems; particularly such systems used to verify the payment of postage.
Cryptographic systems have many applications both for the secure transmission of information and for the authentication and verification of the source of information. One such application is the verification of postage.
The vast majority of the Posts around the world require prepayment for postal services provided by the Posts. Prepayment, however, requires verifiable evidence of paid postage. The traditional postage stamp is a prime example of such evidence.
Another is the use of postage meters, which alleviate some shortcomings of postage stamps. The first postage meters were mechanical devices which securely coupled printing and accounting functions. The mechanical meter, which was perfected over the years, became a widespread basic business machine. The accounting and machine control functions were computerized when electronic postage meters were introduced in the late seventies. This enabled new features, including departmental accounting and computerized meter resetting. However, the fundamental security of postage evidencing remained the same; depending on two features: 1) physical security of the printing process, i.e., printing of postage evidence can not occur without appropriate accounting, and 2) forensic detectability, i.e., fraudulent postal indicia can be distinguished from legitimate indicia.
Coupling the printing and accounting mechanism within a secure tamper-evident enclosure provides physical security of printing. Inspection of the device normally reveals tampering. Effective forensic detectability of fraudulent postal indicia depends on non-availability of alternative mechanisms suitable for forging indicia. Until recently, serious attempts to generate fraudulent indicia using an alternate printing mechanism were detectable.
Today, the possible use of readily available, inexpensive computerdriven printers for printing postage evidence offers new opportunities for customer convenience and substantial cost advantages. However, the use of such printers requires new ways of verifying postage evidence, as was first suggested in U.S. Pat. Nos. 4,641,3 47, 4,641,346, 4,757,537, and 4,775,246. At that time, it was realized that the security of postage evidencing depends on the security of the information printed in the indicium, including message authentication and integrity.
U.S. Pat. Nos. 4,831,555 and 4,725,718 extended this idea to unsecured printing of postage; disclosing the necessity that at least some of the information in the indicium must appear random to a party not in possession of some secret. Such random looking information is commonly referred to as a digital token.
The basis of postal revenue security in the digital world is two new requirements: 1) security of the digital token generating process, i.e., digital tokens can not be generated without appropriate accounting, and 2) automatic detectability, i.e., fraudulent digital tokens can be detected by automatic means.
A cryptographic transformation applied to selected data on the mailpiece produces the digital token. The data may include postage value, date, postal code of the geographical deposit area, recipient address information, meter data, and piece count. Such data is commonly referred to as postal data. The secret used to generate the digital token is generally a cryptographic key held within the accounting device. A verifier, with access to a verifying key corresponding to the accounting device secret, validates the digital token. Several cryptographic algorithms,and protocols have been considered for this purpose. U.S. Pat. No. 4,853,961 describes critical aspects of public-key cryptography for mailing applications. See Jose Pastor, CRYPTOPOST, A Universal Information-Based Franking System for Automated Mail Processing, Proceedings of the Fourth Advanced Technology Conference of the U.S. Postal Service, Vol. 1, pp. 429-442, November 1990. See also Jose Pastor, CRYPTOPOST, A Cryptographic Application to Mail Processing, Journal of Cryptology, 3 (2), pp. 137-146, November 1990.
Two methods of presenting a postal verifier with fraudulent evidence of payment are a counterfeited indicium and a copied indicium. The former is an unpaid indicium that appears legitimate; in particular which will satisfy a cryptographic verification process. The latter is a replica of a legitimate paid indicium. Such counterfeit indicia will necessarily satisfy any cryptographic verification process and must be detected by other means; e.g. duplicate mailpiece numbers, etc., which form no part of the present invention. The present invention addresses the prevention of counterfeit indicium.
A counterfeit indicium can be detected by verifying the digital token. Verification proves that the digital token was generated by a cryptographic algorithm with access to the secret meter key. The information printed in the indicium and access to a verifying key are sufficient for the detection of counterfeited indicia as long as the secret meter key is confidential. In a public-key system, a digital signature provides the data authentication and integrity check. In a symmetric-key system a message authentication code (MAC) provides a similar check.
Assuming integrity of the verification software and hardware, only a compromised meter secret-key can produce verifiable counterfeit indicia. Meters can be compromised by violating the physical protection of the key by tampering, or by deriving the key from indicia data by cryptanalysis. Generally, tampering is detectable if the physical protection of the secure component of the postage metering system is adequate, for example as set forth in FIPS 140-1, Security Requirements for Cryptographic Modules, National Institute for Standards and Technology, January 1994, and protection against physical tampering forms no part of the subject invention.
In general various cryptographic operations for generating digital tokens to authenticate postal indicia and to verify such indicia are well known and details of various systems need not be discussed further here for an understanding of the subject invention except to note that robustness of all such operations against cryptanalysis depends on the difficulty of solving certain mathematical problems, for example, discrete logarithm problems or factoring a large composite number. (see: The USPS published draft specifications: The INFORMATION BASED INDICIA PROGRAM (IBIP) INDICIUM SPECIFICATION, dated Jun. 13, 1996; The INFORMATION BASED INDICIA PROGRAM POSTAL SECURITY DEVICE SPECIFICATION, dated Jun. 13, 1996; and The INFORMATION BASED INDICIA PROGRAM HOST SYSTEM SPECIFICATION, dated Oct. 9, 1996, which together define the U.S.P.S.""s proposed requirements for a postage payment system based upon cryptographically secured indicia.)
As part of its proposed Information-Based Indicia Program (IBIP), the USPS has proposed 1024 bit RSA, 1024 bit DSS or 160 bit ECDSA as measures of robustness.
Presently, there are two postage metering types: closed systems and open systems. In a closed system, the system functionality is solely dedicated to metering activity. An open system metering device is a postage evidencing device with a non-dedicated printer; i.e. one that is not securely coupled to a secure accounting module and can be used for other purposes. Open system indicia printed by the non-dedicated printer are made secure by including addressee information in the encrypted evidence of postage printed on the mailpiece for subsequent verification. Examples of open system metering devices include personal computer (PC) based devices with single/multi-tasking operating systems, multiuser applications and digital printers.
Conventional closed system mechanical and electronic postage meters have heretofore secured the link between printing and accounting. The integrity of the physical meter box has been monitored by periodic inspections of the meters. Digital printing postage meters, which are closed system postage meters, typically include a digital printer coupled to a metering (accounting) device, which is referred to herein as a postal security device (PSD). Digital printing postage meters have removed the need for physical inspection by cryptographically securing the link between the accounting and printing mechanisms. In essence, new digital printing postage meters create a secure point to point communication link between the accounting unit and printhead. See, for example, U.S. Pat. No. 4,802,218, issued to Christopher B. Wright et al and now assigned to the assignee of the present invention.
An example of a digital printing postage meter with secure printhead communication is the Personal Post(trademark) manufactured by Pitney Bowes Inc. of Stamford, CT. An example of a digital printing postage meter in a secure housing is the PostPerfect(trademark) also manufactured by Pitney Bowes Inc. Either type of digitally printing system can use cryptographically secured digital tokens.
As noted above the security of cryptographically secured postage metering systems, as well as other cryptographic information systems, is based on an assumption that the secret information, i.e., the crypto keys, stored within a secure cryptographic device are protected against disclosure to any attacker. With physical security in effect, it has been assumed that an attacker could only obtain crypto keys either by trying all the possible crypto keys associated with the algorithm being used (symmetric algorithms) or by carrying out a complex mathematical search (asymmetric algorithms). For accepted cryptographic algorithms, this search is prohibitive, e.g. obtaining a 1024 bit RSA key requires 230 years of 300 Mhz PC computing.
A recently published technique, Differential Power Analysis (DPA), undermines this assumption and seriously threatens the security of cryptographic devices. The technique involves observation and analysis of fluctuations on the power line of a cryptographic device (hereinafter sometimes xe2x80x9cconducted emissionsxe2x80x9d) to determine the cryptographic secrets, i.e., the crypto keys, used by the device. DPA attack allows one to extract secret protected information from a supposedly secure cryptographic device by measuring variations in power consumption over time, and then applying sophisticated analysis to this information. As the cryptographic processor performs its cryptographic functions, such as encryption or signing; transistors comprising the process or switch on and off, which changes the amount of current drawn from the source supplying power to the processor. Assuming the attacker has some knowledge of the functions performed by the cryptographic processor, the attacker can correlate the current changes with data being processed and the crypto keys being used. Any type of secure cryptographic device that obtains its operating power from an external source is potentially susceptible to the attack. Such devices include smart cards, PC (PCMCIA) cards and printed circuit boards, including devices that are housed within a protected enclosure. If such a cryptographic device is subjected to DPA attack, then the crypto key can be obtained in almatter of days or weeks. Many of the proposed countermeasures to the DPA attack involve the introduction of signal noise or filters on the power line, random timing and delays during cryptographic processing, and the introduction of extraneous operations. These countermeasures make the attack much more difficult. However, an attacker can overcome them by obtaining more samples of power line fluctuations and applying more sophisticated analytical techniques.
While it is important that the security community at large find means either to defeat this attack, or to at least greatly lengthen the time and expertise needed to successfully carry it out, it is believed particularly important for the successful adoption of cryptographically secured postage metering systems. In many, if not most other cryptographic systems, cryptographic devices and their associated keys are in the custody of the xe2x80x9cownerxe2x80x9d who, in principle, has incentive to protect them. Postage metering systems however are not used in the custody of either party most concerned with system integrity, the system vendor or the Post, but by a mailer; who, if dishonest, has every reason to try to defeat the system. To further complicate the problem, a desired advantage of digital postage metering systems is the reduced need for physical inspections; further opening the window of opportunity for the dishonest mailer. And the large number of systems in use will greatly increase the chances that some will fall into the hands of the dishonest; and even a single meter which is compromised can be used to generate substantial amounts of fraudulent indicia since a successfully counterfeited indicium will not be readily detected by the methods used to detect simple duplicate indicia. Additionally postage metering systems can send thousands of encrypted messages, i.e. postal indicia, a day; greatly simplifying the sampling task of the DPA attacker. And all these problems must be overcome without adding substantially to postage costs.
Similar considerations also apply to other types of value metering systems, which are systems which similarly account for and evidence the delivery, receipt, or payment for other forms of value (e.g. tax stamp meters) by generating indicia or other types of messages, which may be secured cryptographically.
Thus it is an object of the subject invention to provide cryptographic devices, and particularly cryptographically secured postage metering systems, with protection against DPA attack.
The above object is achieved and the disadvantages of the prior art are overcome in accordance with subject invention which includes a method and system for limiting conducted emissions by a cryptographic device performing cryptographic operations, the cryptographic device comprising an integrated circuit, the integrated circuit performing at least a substantial portion of the cryptographic operations. In accordance with the subject invention the cryptographic device is enclosed within a physically secure environment; power is provided to the cryptographic device from a first power source external to the physically secure environment; and at least a part of the integrated circuit is isolated from the first power source during at least a part of the substantial portion of the cryptographic operations.
In accordance with one aspect of the subject invention isolating the integrated circuit includes: locating a second power source within the housing of the integrated circuit; and providing power to at least the part of the integrated circuit from the second power source at least when the integrated circuit is performing the substantial portion of the cryptographic operations.
In accordance with another aspect of the subject invention the physically secure environment includes the housing.
In accordance with another aspect of the subject invention the second power source forms part of the integrated circuit.
In accordance with another aspect of the subject invention providing power to the integrated circuit includes: switching at least the part of the integrated circuit from the first power source to the second power source prior to or during the substantial portion of the cryptographic operations; and then switching at least the part of the integrated circuit from the second power source to the first power source subsequent to or during the substantial portion of the cryptographic operations.
In accordance with another aspect of the subject invention the second power source is a power storage circuit, the power storage circuit storing power from the first power source at least part of the time when the cryptographic operations are not being performed and providing power to at least the part of the integrated circuit the at least part of the time when the cryptographic operations are being performed.
In accordance with another aspect of the subject invention the cryptographic operations are divided into a plurality of segments and the second power source stores power from the external power source between alternate ones of the segments.
In accordance with another aspect of the subject invention the integrated circuit includes a row of cells and the power storage circuit is physically located at one end of the row of cells.
In accordance with another aspect of the subject invention the integrated circuit includes a row of cells wherein each of a plurality of capacitors included in the power storage circuit is located proximate to a corresponding one of the cells, and a switch included in the power storage is physically located at one end of the row of cells.
In accordance with another aspect of the subject invention, the subject invention can be similarly used in other types of value metering systems where cryptographically secured indicia are used as evidence of value received, delivered or purchased.
In accordance with another aspect of the subject invention the cryptographic operations generate a digital token for a postal indicium.
Other objects and advantages of the subject invention will be apparent to those skilled in the art from consideration of the attached drawings and the detailed description set forth below.