There are various methods for recognizing manipulation attempts on electrical lines and on electronic circuits. The different methods may be divided into methods with and without sensor technology and into active and passive methods.
For example, in the simplest form, seals, lead seals or especially manufactured housings may be used in electricity meters. The methods may be used to verify the integrity by a check process. The check method may range from a simple visual inspection to elaborate laboratory tests. The equipment to be protected may not be able to perform the check automatically. Thus, in order for the methods to offer protection, the manufacturer may need a technological advantage over a potential attacker or forger.
Many electronic systems monitor their operating parameters in order to guarantee their correct functioning. Examples include monitoring temperature, operating voltage or frequency. Furthermore, error-detecting and error-correcting codes for protecting saved data, redundantly designed system components, watchdogs, and the like may be used. However, these technologies may protect only against accidentally occurring errors and, therefore, may be relevant to security-critical applications.
Deliberate changes to data and programs may also be recognized by cryptographic methods. In order for an electronic system to reliably perform the check and react appropriately to recognized manipulations, a protected program execution (e.g., at least of the check routines) may be used. Otherwise, the attacker may prevent a check method from being performed or the check result from being evaluated again by manipulating the hardware. For such hardware manipulations, special chips (e.g., modchips) may be developed and sold. For the attack, individual lines of a board are interrupted and the modchip is planted in the signal paths. The modchip does not disturb the normal functioning of the equipment. The modchip only engages with the program execution at specific points and changes values on the data bus in a targeted manner in order, for example, to manipulate a security check.
Special security controllers (e.g., hardware security tokens, such as chip cards or microcontrollers with an integrated RAM memory and a non-volatile memory) may be used in practical applications to provide a protected program execution. The secret key material may be permanently stored on the tokens, and at least parts of the application that are relevant to security (e.g., cryptographic routines) are executed on the controllers. This approach uses no sensor technology with active components and is reliant on the special protection measures of the controllers that are implemented in hardware.
Rarely, an entire computer system may be protected by active sensor technology in order to provide secure program execution. The range extends from simple housing switches (e.g., to recognize unauthorized opening) up to special packaging and encapsulation molds (e.g., anti-drilling protective film and specially manufactured printed circuit boards). The electronics continuously monitor the electrical properties of the packaged computer system and, in the case of manipulations, trigger an alarm whereby key material and/or the program may be erased.
Protective measures as described above may entail high manufacturing costs and use a battery for an uninterruptible power supply to the protective electronics. As a result, additional costs and problems relating to service life, operating parameters, and methods of battery replacement may arise. The sensor technology used for monitoring may be implemented in various ways. Examples include nonreactive measurement bridges, light and pressure sensors, and capacitive and inductive sensors.