"Scan design called portal for hackers"

david koontz david.koontz at alliedtelesyn.co.nz
Tue Nov 2 20:01:12 PST 2004 


>>> Peter Gutmann <pgut001 at cs.auckland.ac.nz> 2/11/2004 11:30:36 p.m. >>>
>David Honig <dahonig at cox.net> writes:

>>EETimes 25 Oct 04 has an article about how the testing structures on ICs
>>makes them vulnerable to attacks.  

>A link ) would
>have been useful...

>>The basic idea is that to test a chip, you need to see inside it; this can
>>also reveal crypto details (e.g., keys) which compromise the chip.

>The JTAG interface is your (that is, the reverse engineer's) friend.  This is
>why some security devices let you disconnect it using a security-fuse type
>mechanism before you ship your product.  Of course that only works if (a) the
>device allows it, (b) you remember to activate it, and (c) your attacker isn't
>sufficiently motivated/funded to use something like microprobing or a FIB
>workstation to bypass the disconnect.

Historically BIST has been more attractive for crypto hardware because 
you can also use it for assurance testing prior to use.  Invoking it can be
hard coded into device initialization.

If JTAG is present, you don't have to have internal scan.  If you have internal 
scan  you could have a zeroize on entering test mode.  This prevents scan chains
from being capable of being used to save as well as restore state.  

If and when is it a problem?  If you were to examine FIPS PUB 140-2, 4.5 'Physical
Security', 'Table 2 Summary of physical security requirements'  and section:

4.5.1 General Physical Security Requirements

 ...

SECURITY LEVEL 1
The following requirements shall apply to all cryptographic modules for 
Security Level 1.
* The cryptographic module shall consist of production-grade components 
that shall include standard passivation techniques (e.g., a conformal coating 
or a sealing coat applied over the module's circuitry to protect against 
environmental or other physical damage).
* When performing physical maintenance, all plaintext secret and private 
keys and other unprotected CSPs contained in the cryptographic module 
shall be zeroized. Zeroization shall either be performed procedurally by 
the operator or automatically by the cryptographic module.
 
---
Meaning for a cryptographic module boundary at the chip level, the
keys should have been zeroized before physical access.

----
 ...

SECURITY LEVEL 3
In addition to the general requirements for Security Levels 1 and 2, the
 following requirements shall apply to all cryptographic modules for 
Security Level 3.
* If the cryptographic module contains any doors or removable covers 
or if a maintenance access interface is defined, then the module shall 
contain tamper response and zeroization circuitry. The tamper response 
and zeroization circuitry shall immediately zeroize all plaintext secret and 
private keys and CSPs when a door is opened, a cover is removed, or 
when the maintenance access interface is accessed. The tamper response 
and zeroization circuitry shall remain operational when plaintext secret and 
private cryptographic keys or CSPs are contained within the cryptographic
module.

---
Meaning that physical access will cause zeroization.  This would imply
zeroization on test mode activation on a JTAG interface on a single
chip cryptographic module.   You start getting real security at levels
3 and 4, the  certification criteria comes from the Commercial  COMSEC 
Evaluation Program (CCEP).

Am I worried someone is producing chips that aren't protected?  No.
I'm more concerned that implementations (systems) aren't properly
designed, tested and certified.  "They got AES, we got AES" is just
a form of snake oil.













NOTICE: This message contains privileged and confidential
information intended only for the use of the addressee
named above. If you are not the intended recipient of
this message you are hereby notified that you must not
disseminate, copy or take any action in reliance on it.
If you have received this message in error please
notify Allied Telesyn Research Ltd immediately.
Any views expressed in this message are those of the
individual sender, except where the sender has the
authority to issue and specifically states them to
be the views of Allied Telesyn Research.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cypherpunks-legacy mailing list