Cryptographic processors - A survey

Proceedings of the IEEE

Volumn 94, Issue 2, 2006, Pages 357-369

  Anderson, Ross ^a   Bond, Mike ^a,b   Clulow, Jolyon ^a   Skorobogatov, Sergei ^a  

^a UNIVERSITY OF CAMBRIDGE   (United Kingdom)

^b UNIVERSITY OF CAMBRIDGE   (United Kingdom)

Author keywords

Cryptoprocessor; Fault analysis; HSM; Power analysis; Security API; Semi invasive attack; Survey

Indexed keywords

BANK PROTECTION; ELECTRIC FAULT CURRENTS; EMBEDDED SYSTEMS; GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS; MILITARY COMMUNICATIONS; SECURITY OF DATA; VENDING MACHINES;

CRYPTOPROCESSOR; FAULT ANALYSIS; HSM; POWER ANALYSIS; SECURITY API; SEMI-INVASIVE ATTACK;

CRYPTOGRAPHY;

EID: 31344435929     PISSN: 00189219     EISSN: None     Source Type: Journal    
DOI: 10.1109/JPROC.2005.862423     Document Type: Conference Paper

References (69)

1. C. Ajluni, "Two new imaging techniques promise to improve IC defect identification," Electron. Des., vol. 43, no. 14, pp. 37-38, Jul. 1995.
2. R. Anderson, "The correctness of crypto transaction sets," presented at the 8th Int. Workshop Security Protocols, Cambridge, U.K., 2000.
3. _, Security Engineering - A Guide to Building Dependable Distributed Systems. New York: Wiley, 2001.
4. _, "Why cryptosystems fail," Commun. ACM vol. 37, no. 11, pp. 32-40, Nov. 1994 [Online]. Available: http://www.cl.cam.ac.uk/users/rja14/wcf. html, earlier version.
5. R. Anderson and M. Bond, "Protocol analysis, composability and computation," in Computer Systems: Papers for Roger Needham. Cambridge, U.K.: Microsoft Research, 2003, pp. 7-10.
6. R. Anderson and S. Bezuidenhoudt, "On the reliability of electronic payment systems," IEEE Trans. Soflw. Eng. vol. 22, no. 5, pp. 294-301, May 1996 [Online], Available: http://www.cl.cam.ac.uk/ftp/users/rja14/meters.ps.gz
7. R. Anderson and M. Kuhn, "Low cost attacks on tamper resistant devices," in Security Protocols. Heidelberg, Germany: Springer-Verlag, 1997, vol. 1361, Lecture Notes on Computer Science, pp. 125-136.
8. _, "Tamper resistance - A cautionary note," in Proc. 2nd USENIX Workshop Electronic Commerce Nov. 1996, pp. 1-11.
9. R. Anderson, "Cryptography and competition policy," in Economics of Information Security, L. J. Camp and S. Lewis, Eds. Norwell, MA: Kluwer, 2004, pp. 35-52.
10. _, Trusted Computing FAQ. [Online]. Available: http://www.cl.cam.ac.uk/ rja14/tcpa-faq.html
11. S. Moore, R. Anderson, P. Cunningham, R. Mullins, and G. Taylor, "Improving smart card security using self-timed circuits," Asynch, 2002.
12. S. Moore, R. Anderson, R. Mullins, G. Taylor, and J. Fournier, "Balanced self-checking asynchronous logic for smart card applications," Microprocess. Microsyst. J., vol. 27, no. 9, pp. 421-430, Oct. 2003.
13. HP/Atalla, "Atalla A8000NSP Banking Command Reference Manual," 2001.
14. E. Biham and A. Shamir, "Differential fault analysis: A new cryptanalytic attack on secret key cryptosystems," in Advances in Cryptology - CRYPTO '97. Heidelberg, Germany: Springer-Verlag, 1997, vol. 1294, Lecture Notes in Computer Science, p. 513,
15. M. Bond, "Attacks on cryptoprocessor transaction sets," in Cryptographic Hardware and Embedded Systems - CHES 2001. Heidelberg, Germany: Springer-Verlag, vol. 2162, Lecture Notes in Computer Science, pp. 220-234.
16. M. Bond and R. Anderson, "API-level attacks on embedded systems," IEEE Computer, vol. 34, no. 10, pp. 67-75, Oct. 2001.
17. M. Bond and P. Zielinski, "Decimalization table attacks for PIN cracking," Univ. Cambridge Computer Laboratory, Tech. Rep. TR-560.
18. M. Bond and J. Clulow, "Encrypted? Randomised? Compromised? (When cryptographically secured data is not secure)," presented at the Cryptographic Algorithms and Their Uses, Eracom Workshop 2004, Gold Coast, Qld., Australia.
19. _, "Extending security protocols analysis: new challenges," presented at the Automated Reasoning and Security Protocols Analysis (ARSPA) 2004, Cork, Ireland.
20. M. Bond, "Understanding security APIs," Ph.D. dissertation, Univ. Cambridge, Cambridge, U.K., Jan. 2004.
21. M. Bond, A Chosen Key Difference Attack on Control Vectors Nov. 1, 2000, unpublished.
22. D. Boneh, R. A. Demillo, and R. J. Lipton, "On the importance of checking cryptographic protocols for faults," in Advances in Cryptology - Eurocrypt '97 Heidelberg, Germany, Springer-Verlag, vol. 1294, Lecture Notes in Computer Science, pp. 37-51.
23. S. Brands, "Untraceable off-line cash in wallet with observers," Crypto '93 Heidelberg, Germany, Springer-Verlag, vol. 773, Lecture Notes in Computer Science, pp. 302-318.
24. CanalPlus vs. NDS, Allegations that NDS lab in Israel cracked CanalPlus key and leaked data to Internet, Mar. 2002.
25. D. Chaum, "Blind signatures for untraceable payments," in Proc. Crypto '82 1983, pp. 199-203.
26. R. Clayton and M. Bond, "Experience using a low-cost FPGA design to crack DES keys," in Cryptographic Hardware and Embedded Systems-CHES 2002. Heidelberg, Germany: Springer-Verlag, vol. 2523, Lecture Notes in Computer Science, pp. 579-592.
27. J. Clulow, "On the security of PKCS#11," in Cryptographic Hardware and Embedded Systems-CHES 2003. Heidelberg, Germany: Springer-Verlag, vol. 2779, Lecture Notes in Computer Science, pp. 411-425.
28. _, "The design and analysis of cryptographic APIs for security devices," M.Sc. thesis, University of Natal, Durban, South Africa, 2003.
29. Common Criteria Evaluation Scheme [Online]. Available: http://www.commoncriteriaportal.org/
30. Y. Desmedt, "Breaking one million DES keys," in Cracking DES: Secrets of Encryption Research, Wiretap Politics and Chip Design. Sebastopol, CA: O'Reilly, 1987, ch. 9.
31. W. Diffie and M. Hellman, "Exhaustive cryptanalysis of the NBS Data Encryption Standard," Computer, vol. 10, no. 6, pp. 74-84, Jun. 1977.
32. J. Dyer, R. Perez, S. W. Smith, and M. Lindemann, "Application support for a high-performance, programmable secure coprocessor," presented at the 22nd Nat. Information Systems Security Conf., Arlington, VA, 1999.
33. J. Dyer, M. Lindemann, R. Perez, R. Sailer, S. W. Smith, L. van Doom, and S. Weingart, "Building the IBM 4758 secure coprocessor," IEEE Computer, vol. 34, no. 10, pp. 57-66, Oct. 2001.
34. EMV 4.1, "Integrated circuit card specifications for payment systems" Jun. 2004 [Online]. Available: http://www.emvco.com
35. Security requirements for cryptographic modules, NIST Federal Information Processing Standards 140-1, 140-2 [Online]. Available: http://csrc.nist.gov/ cryptval/
36. V. Ganapathy, S. A. Seshia, S. Jha, T. W. Reps, and R.E. Bryant, "Automatic discovery of API-level vulnerabilities" Univ. Wisconsin-Madison Computer Sciences, Tech. Rep. UW-CS-TR-1512, Jul. 2004 [Online]. Available: http://www.cs.wisc.edu/vg/writings/papers/tr1512.pdf
37. IBM, "IBM 3614 consumer transaction facility implementation planning guide," IBM Doc. ZZ20-3789-1, 2nd ed., Dec. 1977.
38. IBM, IBM 4758 PCI Cryptographic Coprocessor-CCA basic services reference and guide, Release 1.31 for the IBM 4758-001, 1999.
39. IBM enhanced media management system [Online]. Available: http://www-306.ibm.com/software/data/emms/
40. J. King, "Bolero - A practical application of trusted third party services," Comput Fraud Secur. Bull., pp. 12-15, Jul. 1995.
41. P. Kocher, "Timing attacks on implementations of Diffle-Hellman, RSA, DSS, and other systems," in Advances in Cryptology - Crypto '96. Heidelberg, Germany: Springer-Verlag, vol. 1109, Lecture Notes in Computer Science, pp. 104-113.
42. P. Kocher, J. Jaffe, and B. Jun, "Differential power analysis," in Advances in Cryptology - Crypto '99. Heidelberg, Germany: Springer-Verlag, vol. 1666, Lecture Notes in Computer Science, pp. 388-397.
43. O. Kommerling and M. Kuhn, "Design principles for tamper-resistant smartcard processors," in Proc. USENIX Workshop Smartcard Technology 1999, pp. 9-20.
44. M. Kuhn, "Probability theory for pickpockets - ec-PIN guessing" [Online]. Available: www.cl.cam.ac.uk/~mgk25/ec-pin-prob.pdf
45. D. Longley and S. Rigby, "An automatic search for security flaws in key management," Comput. Secur., vol. 11, pp. 75-89, Mar. 1992.
46. D. Longley, "Expert systems applied to the analysis of key management schemes," Comput. Secur., vol. 6, no. 1, pp. 54-67, Feb. 1987.
47. D. Longley and S. Vasudevan, "Effects of key generators on the automatic search for flaws in key management schemes," Comput. Secur., vol. 13, no. 4, pp. 335-347, 1994.
48. S. M. Matyas, "Key handling with control vectors," IBM Syst. J., vol. 30, no. 2, pp. 151-174, 1991.
49. S. M. Matyas, A. V. Le, and D. G. Abraham, "A key management scheme based on control vectors," IBM Syst. J., vol. 30, no. 2, pp. 175-191, 1991.
50. "Microsoft next-generation secure computing base (NGSCB)" [Online], Available: http://www.microsoft.com/resources/ngscb/ default.mspx
51. A.M. Odlyzko, The Internet and 19th century railways 2003, unpublished.
52. P. van Oorschot and M. Wiener, "Parallel collision search with applications to hash functions and discrete logarithms," in Proc. 2nd ACM Conf. Computer and Communications Security 1994, pp. 210-218.
53. Otter - An automated deduction system [Online]. Available: http:// www-unix.mcs.anl.gov/AR/otter
54. S. Rigby, "Key management in secure data networks," M.Sc. thesis, Queensland Inst. Technol., Brisbane, Qld., Australia, 1987.
55. D. Samyde and J. Quisquater, "Electromagnetic analysis (EMA): Measures and counter-measures for smartcards," in Smart Card Programming and Security. Heidelberg, Germany: Springer-Verlag, 2001, vol. 2140, Lecture Notes in Computer Science, pp. 200-210.
56. D. Samyde, S. Skorobogatov, R. Anderson, and J. Quisquater, "On a new way to read data from memory," in Proc. 1st Int. IEEE Security in Storage Workshop (SISW 2002) pp. 65-69.
57. S. Skorobogatov and R. Anderson, "Optical fault induction attacks," in Cryptographic Hardware and Embedded Systems Workshop, CHES 2002. Heidelberg, Germany: Springer-Verlag, vol. 2523, Lecture Notes in Computer Science, pp. 2-12.
58. S. Skorobogotov, "Low temperature data remanence in static RAM" Univ. Cambridge Computer Laboratory, Tech. Rep. TR-536 [Online], Available: http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-536.pdf
59. _, "Semi-invasive attacks - A new approach to hardware security analysis," Ph.D. dissertation, Univ. Cambridge, Cambridge, U.K., Sep. 2004.
60. S. W. Smith and V. Austel, "Trusting trusted hardware: Toward a formal model for programmable secure coprocessors," presented at the 3rd USENIX Workshop Electronic Commerce, Boston, MA, 1998.
61. S. W. Smith, R. Perez, S. H. Weingart, and V. Austel, "Validating a high-performance, programmable secure coprocessor," in Five. 22nd Nat. Information Systems Security Conf. 1999 [Online]. Available: http://csrc.ncsl.nist.gov/nissc/1999/proceeding/papers/p16.pdf
62. S. W. Smith, "Outbound authentication for programmable secure coprocessors," in Computer Security - ESORICS 2002. Heidelberg, Germany: Springer-Verlag, 2002, vol. 2502, Lecture Notes in Computer Science, pp. 72-89.
63. S.W. Smith, E.R. Palmer, and S. Weingart, "Using a high-performance, programmable secure coprocessor," in Financial Cryptography. Heidelberg, Germany: Springer-Verlag, 1998, vol. 1465, Lecture Notes in Computer Science, pp. 73-89.
64. S. W. Smith and S. Weingart, "Building a high-performance, programmable secure coprocessor," Comput. Netw. (Special Issue on Computer Network Security), vol. 31, pp. 831-860, Apr. 1999.
65. S. W. Smith, "Fairy dust, secrets and the real world," IEEE Security Privacy, vol. 1, no. 1, pp. 89-93, Jan/Feb. 2003.
66. "SPASS - An Automated theorem prover for first-order logic with equality" [Online]. Available: http://spass.mpi-sb.mpg.de
67. Trusted Computing Group, "Trusted platform module specifications v1.2" [Online]. Available: https://www.trustedcomputing-group.org
68. S. Weingart, "Physical security devices for computer subsystems: A survey of attacks and defenses," in Cryptographic Hardware and Embedded Systems-CHES 2000. Heidelberg, Germany: Springer-Verlag, 2000, vol. 1965, Lecture Notes in Computer Science, pp. 302-317.
69. P. Youn, "The analysis of cryptographic APIs using formal methods," M.S. thesis, Massachusetts Inst. Technol, Cambridge, Jun. 2004.