Showing papers by "Ross Anderson published in 2002"

Optical Fault Induction Attacks

Abstract: We describe a new class of attacks on secure microcontrollers and smartcards. Illumination of a target transistor causes it to conduct, thereby inducing a transient fault. Such attacks are practical; they do not even require expensive laser equipment. We have carried them out using a flashgun bought second-hand from a camera store for $30 and with an $8 laser pointer. As an illustration of the power of this attack, we developed techniques to set or reset any individual bit of SRAM in a microcontroller. Unless suitable countermeasures are taken, optical probing may also be used to induce errors in cryptographic computations or protocols, and to disrupt the processor's control flow. It thus provides a powerful extension of existing glitching and fault analysis techniques. This vulnerability may pose a big problem for the industry, similar to those resulting from probing attacks in the mid-1990s and power analysis attacks in the late 1990s.We have therefore developed a technology to block these attacks. We use self-timed dual-rail circuit design techniques whereby a logical 1 or 0 is not encoded by a high or low voltage on a single line, but by (HL) or (LH) on a pair of lines. The combination (HH) signals an alarm, which will typically reset the processor. Circuits can be designed so that single-transistor failures do not lead to security failure. This technology may also make power analysis attacks very much harder too.

Two remarks on public key cryptology

Abstract: In 1996, Adam Back floated the idea of a public key cryptosystem with a series of public keys pi and secret keys si that stand in the usual relationship with each other but for which there are updating functions fi and gi such that pi+1 = fi(pi) and si+1 = gi(si) [2]. In this way a single root public key p0 could be certified, and thereafter the key owner could regularly calculate si+1 and destroy si. In this way, the compromise of a private key would not expose traffic encrypted to the key in previous epochs. In 1997 I proposed the obvious extension to digital signatures, in order to prevent the retrospective forgery of messages signed using keys belonging to earlier epochs but without requiring that the public key infrastructure accommodate large numbers of time-limited public keys. As motivation, note that while Diffie-Hellman key exchange [6] can provide forward security easily in interactive communication, the US Defense Messaging System (DMS) apparently uses transient public keys to provide forward security in offline messaging: when Alice wishes to communicate with Bob, she fetches from a directory server a public key signed with his long-term private key. (DMS is described in [8], and the KEA key agreement algorithm which it uses in [10].) Is it possible to provide such functionality without having to commit to a particular directory access infrastructure?

Improving smart card security using self-timed circuits

Abstract: We demonstrate how 1-of-n encoded speed-independent circuits provide a good framework for constructing smart card functions that are resistant to side channel attacks and fault injection. A novel alarm propagation technique is also introduced. These techniques have been used to produce a prototype smart card chip: a 16-bit secure processor with Montgomery modular exponentiator and smart card UART.

On a new way to read data from memory

Abstract: This paper explains a new family of techniques to extract data from semiconductor memory, without using the read-out circuitry provided for the purpose. What these techniques have in common is the use of semi-invasive probing methods to induce measurable changes in the analogue characteristics of the memory cells of interest. The basic idea is that when a memory cell, or read-out amplifier, is scanned appropriately with a laser, the resulting increase in leakage current depends on its state; the same happens when we induce an eddy current in a cell. These perturbations can be carried out at a level that does not modify the stored value, but still enables it to be read out. Our techniques build on it number of recent advances in semi-invasive attack techniques, low temperature data remanence, electromagnetic analysis and eddy current induction. They can be used against a wide range of memory structures, from registers through RAM to FLASH. We have demonstrated their practicality by reading out DES keys stored in RAM without using the normal read-out circuits. This suggests that vendors of products such as smartcards and secure microcontrollers should review their memory encryption, access control and other storage security issues with care.

The Resurrecting Duckling: security issues for ubiquitous computing

Abstract: Imagine the future: hundreds of embedded computers per person, all cooperating via ad hoc wireless networks. What will the security implications be? Peer-to-peer and ubiquitous computing systems involve many principals, but their network connectivity is intermittent and not guaranteed. Traditional approaches to authentication, from Kerberos to public-key certificates, are therefore unworkable, because they rely on online connectivity to an authentication or revocation server. The paper considers new solutions. It discusses the Resurrecting Duckling security policy model. The traditional taxonomy of security threats identifies three main classes which are considered: confidentiality, integrity or availability.

Book: The Regulation of Privacy and Data Protection in the Use of Electronic Health Information

Abstract: An International Perspective and Reference Source on Regulatory and Legal Issues Related to Person-Identifiable Health Databases Roberto J Rodrigues, Petra Wilson, Stephen J Schanz ![][1] Pan American Health Information, pp 217 To order, email rrodrigues@paho.org Rating: 0 My first reaction on leafing through this book was excitement—at seeing sections on the law and practice of medical informatics in dozens of countries. E-medicine throws up many hard regulatory problems, and we should not all have to waste time reinventing the same square old wheels. For example, I am writing this in Boston, and last night had a debate with local medical ethicists about the definition of anonymous data. The United States is now learning the hard way about many of the problems with de-identifying data—and, in particular, how easy supposedly anonymous records … [1]: /embed/graphic-1.gif

Microprocessor resistant to power analysis with an alarm state

Abstract: A secure microprocessor is designed using quad-coded logic which is similar to dual-rail encoded asynchronous logic except that the '11' state propagates an alarm The alarm signal obliterates secure data in its path Quad-coded logic provides resilience to power glitches and single-transistor or single-wire failures The already tow data dependency of the power consumption makes power analysis attacks difficult, and they are made even more difficult by inserting random delays in data and control paths, and by a set-random-carry instruction which enables software to make a non-deterministic choice between equivalent instruction sequences These features are particularly easy to implement well in quad-coded logic