Tamper Resistance --- A Cautionary Note

Ross Anderson and Markus Kuhn

Appeared in the Second USENIX Workshop on Electronic Commerce, Nov 1996.

This paper describes a number of attacks on tamper-resistant systems, and concludes that relying entirely on tamper resistance for protection is probably insufficient, regardless of the claims from manufacturers of such devices. The authors recommend that any secure system be engineered in such a way that compromise of a small number of accessible devices (such as smart cards) does not break the entire system. They also recommend hostile review as an important part of designing commercial security systems.

The paper uses the IBM taxonomy of attackers --- class I "clever outsiders", class II "knowledgeable insiders" and class III "funded organizations", and describes a variety of attacks. They consider applications where the user/attacker can get unsupervised physical access to the device, and focus on attacks that try to recover key material rather than attacks of modifying circuitry.

The first category of attacks they describe are non-invasive attacks: using unusual voltages and temperatures to try and recover information from EEPROM. While some of these attacks are possible to detect and defend against, commercial systems often do not find it cost-effective to do so. They also describe some more aggressive physical attacks.

They describe advanced protection techniques, used by nuclear command and control systems, where cost considerations are much less important than security. Those systems do not rely on tamper-resistance, but have techniques to ensure that successful thefts result in self-destruction of the important parts rather than have them accessible to the thieves. The authors conclude from this that even without cost considerations, tamper proof systems are not realizable.

Finally they describe an attack they mounted on the DallasDS5002FP Secure Microcontroller, a commercial "secure processor" that uses the encrypted bus strategy. They were able to mount a "cipher instruction search attack": feed the CPU with suitably chosen enciphered instructions and recognize the plaintext by the effect of the instructions. More details about the attack are available in another paper[1].

Related work:

[1] Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP, Markus G. Kuhn, IEEE Transactions on Computers, Vol 47, No. 10, October 1998.

Vote: 4 accept, 1 weak accept, 1 abstain