Crypto Dongles and Tamper-Resistant Modules

Timothy C. May tcmay at netcom.com
Wed Nov 25 17:23:22 PST 1992


Some points about the security of "crypto dongles" and other personal
security devices.

Phil Karn writes:

> >Much better for this application is the PCMCIA standard, which has
> >plenty of room for circuitry.
> 
> I had this in mind too. But there's a problem -- if we have to depend
> on commercial manufacturers to build these things, how will we know if
> we can really trust them? I'm not impugning the manufacturers
> themselves, as it's entirely possible that the FBI and/or NSA wouldn't
> even let them build and sell a device like this if it's "too" secure.

The crucial chips could be built under "open inspection" conditions,
much like having source code for inspection prior to compilation on
one's own--presumably trustworthy--machines. Several such vendors
could be used, with independent auditors observing the processing
steps throughout. (Merely the threat of a surprise inspection is
probably enough to head off obvious attempts to insert hardware
trapdoors and the like.) This seems like a solvable problem.

The issue of whether the NSA will let such devices be built is
interesting. There was the story of the "PhasorPhone," or somesuch,
from some years back, with the story that the inventor, in Seattle,
filed a patent application and got back a statement that the device
was now classified and could not be talked about (let alone marketed).
However, I've heard of no such cases recently.

Other countries have excellent wafer fab facilities and could of
course build the chips and the complete units. Whether Americans could
buy them....

Tamper-Responding Modules (TRMs)

Robert Brooks mentions using e-beam probers to read the bits out, and
various etches, etc. TRMs came up several weeks ago on this list, and
are mentioned in the Glossary posted a few days ago.

Even if the TRMs can eventually be gotten into, probably at high cost,
they will in most cases leave signs of having been opened, analyzed,
probed, etc. (that's the "responding" part of TRM). The nuclear
weapons people at Sandia and elsewhere (Russia, one now hopes) have
been dealing with the problem for several decades. Some of their work
has filtered out to the public literature.

Smartcards often have basic TRM methods applied to them.

If there's interest, I can summarize.

--Tim

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^756839 | PGP Public Key: by arrangement.







More information about the cypherpunks-legacy mailing list