O. Kommerling, M.G. Kuhn, Design Principles for Tamper-Resistant Smartcard Processors, pp. 9-20, Proceedings of the usenix Workshop on Smartcard Technology (Smartcard '99), usenix Association, isbn 1-880446-34-0, 1999.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....is an attempt to compromise the secrets contained in the device in such a way that the secrets remain valid. While manufacturers of secure devices have developed a panoply of countermeasures against invasive attacks, these devices remain largely vulnerable to a variety of probing techniques [3, 4, 9, 18]. One of the most e ective measures for protecting tamper resistant modules is to have them zeroize , that is, obliterate, sensitive information when a break in attempt is detected. In this way, a compromised device is disabled, and therefore rendered valueless to an attacker. It is often ....

....for larger devices, such as the Dallas Semiconductor 1954 and IBM 4758 modules. It is possible, moreover, that contiguous power supplies will become a feature of smartcards in the future, given the relative e ectiveness of zeroization in comparison with other, more passive countermeasures [18]. We may also expect the proliferation of handheld computing devices such as PalmPilots to provide platforms for more substantial security modules. Even given the availability of contiguous power supplies, a number of security engineering questions remain. Is it possible or necessary, for that ....

O. Kommerling and M.G. Kuhn. Design principles for tamper-resistant smartcard processors. In USENIX Workshop on Smartcard Technology (Smartcard '99), pages 9-20, 1999.

....processing power, memory and communication speeds. This in turn limits the capabilities of the operating systems that may be developed for smart cards and, hence, the level of service available to applications. 3.9. 1 Tamper Resistance Smart cards are simply not tamperproof and may never be [65, 11, 62, 61, 10]. The physical device of a smart card is always assumed that it may be in the possession of a attacker. Hence, the physical device may be subjected to an unknown environment. The environment may consist of many techniques used by attackers [65, 10] to either detect the state of the card, or in an ....

....not tamperproof and may never be [65, 11, 62, 61, 10] The physical device of a smart card is always assumed that it may be in the possession of a attacker. Hence, the physical device may be subjected to an unknown environment. The environment may consist of many techniques used by attackers [65, 10] to either detect the state of the card, or in an attempt to vary the card s operation such as: Measurement of the card s use of power Measurement of electro magnetic radiation (tempest) 42 Chapter 3. Smart Card Technology Use of very slow clock frequencies (known as single stepping) ....

[Article contains additional citation context not shown here]

O Kommerling and M Kuhn. Design Principles for Tamper-Resistant Smartcard Processors. In Proceedings of the Usenix Workshop on Smartcard Technology (Smartcard 99), pages 9-20. Usenix, May 1999. ISBN 1-880446-34-0.

....his password either by accident or corruption. Smart cards are supposedly more reliable than agents, in the sense that it should be very dicult to discover the secrets they contain. Signi cant research e ort is being devoted to make the cards more and more robust to external attacks (e.g. [6]) Developed in 1996, the Shoup Rubin protocol [10] aims at distributing session keys to a pair of peers and presupposes that every agent is endowed with a smart card. It was shown to enjoy provable security: an intruder cannot discover the session key if a PRF (pseudo random function) generator ....

....to questions of the following sort. Are your smart cards tamper proof Does your protocol achieve strong goals if the smart cards it relies on are tamper proof Can the agents running the protocol practically take advantage of such goals While other research addresses the rst question (e.g. [6]) we show that an armative answer to the second question does not logically imply an armative answer to the third. Shoup Rubin o ers a counterexample with its con dentiality goals because it lacks crucial explicitness. We have discovered that the protocol does enforce strong session key con ....

O. Kommerling and M. G. Kuhn. Design principles for tamper-resistant smartcard processors. In Proceedings of USENIX Workshop on Smartcard Technology, 1999.

....main attacks on smartcards were described in [6] and are based on microprobing, timing analysis, power analysis and fault induction. Most elded attacks that did not exploit a protocol failure or other gross design aw started o with an invasive attack on the card using microprobing techniques [6, 18]. Once the card software had been extracted, it was usually possible to design non invasive attacks that could be carried out quickly and with low cost equipment. One example is the timing attack [16] Here, one uses the fact that the time some encryption algorithms take to execute depends on the ....

....candidates appears to o er much more resistance to this kind of attack than any other. The main defences against attacks on smartcards are the concern of electrical and chemical engineers (e.g. refractory chip coatings, top layer metal grids, glitch and clock frequency sensors that reset the chip [18]) while secondary defences include defensive programming techniques that minimise the number of single instructions which are possible points of failure [6] We suggest that a useful assessment of the AES nalists will consist of implementing them using defensive programming techniques, measuring ....

O Kommerling, MG Kuhn, \Design Principles for Tamper-Resistant Smartcard Processors", USENIX Workshop on Smartcard Technology, Chicago, Illinois, USA (to appear); http://www.cl.cam.ac.uk/~mgk25/sc99-tamper.pdf

No context found.

O. Kommerling, M.G. Kuhn, Design Principles for Tamper-Resistant Smartcard Processors, pp. 9-20, Proceedings of the usenix Workshop on Smartcard Technology (Smartcard '99), usenix Association, isbn 1-880446-34-0, 1999.

No context found.

O. K ommerling and M. G. Kuhn, "Design principles for tamper-resistant smartcard processors," in First USENIX Workshop on Smartcard Technology, (Chicago, Il), pp. 9--20, USENIX, May 1999.

No context found.

O. Kommerling and M.G. Kuhn. Design Principles for Tamper-Resistant Smartcard Processors. In USENIX Workshop on Smart Card Technology, 9-20, 1999.

No context found.

O. Kommerling and M. G. Kuhn. Design Principles for TamperResistant Smartcard Processors. In Proceedings of the USENIX Workshop on Smartcard Technology, 1999.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC