Physical protection of cryptographic devices

Abstract

With the growth of user awareness for the need to protect sensitive computer data by cryptographic means, this paper explains the need to protect critical cryptographic variables (particularly keys, and in some cases algorithms) in a secure environment within cryptographic equipment, particularly those used in the area of high value funds transfer transactions. Design principles are outlined, leading to the concept of tamper resistant and not tamper proof devices to protect key data, whether the data be retained within physically large devices or on small portable tokens. Criteria for the detection of attempts to gain access to sensitive data rather than attack prevention are outlined, together with two types of attack scenario — invasive and non-invasive. The risks of attack on cryptographic devices are surveyed and intruder attack objectives are outlined, together with some typical scenarios. The available counter-measures are discussed. Several discreet mechanisms are described. Typical detection mechanisms and sensor systems are discussed plus the design trade-offs that must be made in implementation, in particular manufacturing and maintenance costs versus scope of attack protection. Once an attack is detected, various data destruction mechanisms may be employed. The desirability of active data destruction by “intelligent” means is proposed, together with a discussion of alternative techniques with particular reference to the data storage device characteristics. Some experiences of tamper resistant research and development highlight the potential manufacturing problems — particularly in respect of quality assurance, product fault analysis and life-testing. The desirability of tamper resistant standards and independent assessment facilities is expressed, the applicability of such standards and large scale protection methods on intelligent tokens, in particular smart cards and personal authenticators, is discussed.