Security testing for hardware product : the security evaluations practice

Similar documents

Security testing of hardware product

Side Channel Analysis and Embedded Systems Impact and Countermeasures

Supporting Document Mandatory Technical Document. Application of Attack Potential to Smartcards. March Version 2.7 Revision 1 CCDB

On Security Evaluation Testing

Microsemi Security Center of Excellence

Supporting Document Guidance. Security Architecture requirements (ADV_ARC) for smart cards and similar devices. April Version 2.

Supporting Document Guidance. ETR template for composite evaluation of Smart Cards and similar devices. September Version 1.

PUF Physical Unclonable Functions

A Study on Smart Card Security Evaluation Criteria for Side Channel Attacks

Certification Report. NXP Secure Smart Card Controller P40C012/040/072 VD

What is a Smart Card?

Joint Interpretation Library

Introduction Page 4. Inspector SCA Page 6. Inspector FI Page 10. Service & Product support Page 13. Inspector Hardware Matrix Page 14

Joint Interpretation Library. Guidance for smartcard evaluation

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Developing a new Protection Profile for (U)SIM UICC platforms. ICCC 2008, Korea, Jiju Septembre 2008 JP.Wary/M.Eznack/C.Loiseaux/R.

Embedded Java & Secure Element for high security in IoT systems

Smart Secure Devices & Embedded Operating Systems

Secure Hardware PV018 Masaryk University Faculty of Informatics

FIME SECURITY OFFER. PCI PTS POI security evaluation process

Using BroadSAFE TM Technology 07/18/05

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

Reviving smart card analysis

MAKING SENSE OF SMART CARD SECURITY CERTIFICATIONS

VON BRAUN LABS. Issue #1 WE PROVIDE COMPLETE SOLUTIONS ULTRA LOW POWER STATE MACHINE SOLUTIONS VON BRAUN LABS. State Machine Technology

Joint Interpretation Library

Soitec. Eric Guiot, Manager R&D Soitec. 7 mars 2011 JSIam 2011

22 July, 2010 IT Security Center (ISEC) Information-technology Promotion Agency (IPA) Copyright 2010 Information-Technology Promotion Agency, Japan 1

Entrust Smartcard & USB Authentication

Hardware Trojans Detection Methods Julien FRANCQ

CIS 551 / TCOM 401 Computer and Network Security

Client Server Registration Protocol

AES1. Ultra-Compact Advanced Encryption Standard Core. General Description. Base Core Features. Symbol. Applications

Hardware Security Modules for Protecting Embedded Systems

APPLIED AND INTEGRATED SECURITY

ADVANCED IC REVERSE ENGINEERING TECHNIQUES: IN DEPTH ANALYSIS OF A MODERN SMART CARD. Olivier THOMAS Blackhat USA 2015

NATIONAL SUN YAT-SEN UNIVERSITY

Cryptographic and Security Testing Laboratory. Deputy Laboratory Director, CST Laboratory Manager

How To Perform Differential Frequency Analysis (Dfa) On A Powerline (Aes) On An Iphone Or Ipad (Ase) On Microsoft Powerline 2 (Aces) On Pc Or Ipa (Aas)

Today. Important From Last Time. Old Joke. Computer Security. Embedded Security. Trusted Computing Base

Joint Interpretation Library. Security Evaluation and Certification of Digital Tachographs

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Joint Interpretation Library. ETR-lite for composition : Annex A Composite smartcard evaluation : Recommended best practice. IC and ES composition

Supporting Document Guidance. Smartcard Evaluation. February Version 2.0 CCDB

Certifications and Standards in Academia. Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute

Security IC Platform Protection Profile

CMP. A dynamic link between research and industry. Center of Microelectronics in Provence - Georges Charpak Campus.

CryptoFirewall Technology Introduction

OPTIMIZE DMA CONFIGURATION IN ENCRYPTION USE CASE. Guillène Ribière, CEO, System Architect

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

COURTESY TRANSLATION

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

Smartcard IC Platform Protection Profile

Secure My-d TM and Mifare TM RFID reader system by using a security access module Erich Englbrecht (info@eonline.de) V0.1draft

Smart Card Security How Can We Be So Sure?

Courtesy Translation

Secure application programming in the presence of side channel attacks. Marc Witteman & Harko Robroch Riscure 04/09/08 Session Code: RR-203

- Table of Contents -

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS security requirement

Secure egovernment Where convenience meets security.

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

Advances in Smartcard Security

Department of Electrical and Computer Engineering Naval Postgraduate School Monterey, California

Applied and Integrated Security. C. Eckert

More effective protection for your access control system with end-to-end security

Leti Introduction and Overview

MXMedia CipherStream. Preliminary Assessment. Copyright 2012 Farncombe 1.0. Author: T F

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

Silicon Cluster Grenoble Microelectronics ICT and beyond

A Model Program for Computer Engineering Master of Science Degree Embedded Systems

Depth and Excluded Courses

EMC / EMI issues for DSM: new challenges

Computer Security. Draft Exam with Answers

Draft dpt for MEng Electronics and Computer Science

Broadcasting encryption or systematic #FAIL? Phil

Telecom Testing and Security Certification. A.K.MITTAL DDG (TTSC) Department of Telecommunication Ministry of Communication & IT

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph I MCA

CHASE Survey on 6 Most Important Topics in Hardware Security

Security Security by Separation

Study Paper on Security Accreditation Scheme for SIM

SENSE Security overview 2014

Chapter 1: Introduction

CSE331: Introduction to Networks and Security. Lecture 32 Fall 2004

Java Card. Smartcards. Demos. . p.1/30

Common Criteria for Information Technology Security Evaluation. Part 1: Introduction and general model. August Version 2.

Sony FeliCa Contactless Smart Card RC-S860

Information Security Group (ISG) Core Research Areas. The ISG Smart Card Centre. From Smart Cards to NFC Smart Phone Security

Authentication requirement Authentication function MAC Hash function Security of

Self Testing and Product Qualification Processes

PFP Technology White Paper

Side Channels: Hardware or Software threat?

Transcription:

Alain MERLE CESTI LETI CEA Grenoble Alain.merle@cea.fr Security testing for hardware product : the security evaluations practice DCIS/SASTI/CESTI 1

Abstract «What are you doing in ITSEFs?» Testing, Security testing, Attacks, Evaluations, Common Criteria, Certification, Security evaluations: The French Certification Scheme The Common Criteria Smartcards evaluations Smartcard security testing Strategy Attacks DCIS/SASTI/CESTI 2

Common Criteria The basic ideas Describe what is the security of a product Verifythat the developer has done what it was supposed to do (and only that) Test (functional and attacks) the product Verify environmental constraints DCIS/SASTI/CESTI 3

A standardized, objective and efficient Security Analysis Method (ISO IS 15408) An International Recognition through Mutual Recognition Arrangements. In Europe, mostly used for smartcards Integrated Circuits IC with embedded software DCIS/SASTI/CESTI 4

CESTI LETI Information Technology Security Evaluation Facilities ITSEF of the French Certification Scheme Area : hardware and embedded software Organisme d accréditation COFRAC Accréditation Organisme de Certification : D.C.S.S.I. Agrément Certification Smartcards Security equipments Level: Up to EAL7 Localization: Grenoble Part of the biggest French Research center in Microelectronics CESTI Centre d Evaluation de la Sécurité des Technologies de l Information Certificat Le Schéma Français de Certification DCIS/SASTI/CESTI 5

Smartcard evaluation Common Criteria, EAL4+ level High Security level (banking applications) White box evaluation Design information Source code A table defining the «attack potential» Time, expertise, equipment, knowledge, The card must resist to the «maximum» (ie all realistic attacks) DCIS/SASTI/CESTI 6

What kind of testing? Functional testing but security oriented Are the Security Functions working as specified? Attacks Independent vulnerability analysis Higher levels (VLA.4): adaptation of the classical attack methods to the specificities of the product DCIS/SASTI/CESTI 7

Test strategy (Attacks) State of the art R&D Potential vulnerabilities Add Remove Customize Attacks and Potential Vulnerabilities Add Remove Customize Evaluation tasks Attacks and Potential Vulnerabilities Add Remove Customize Attacks and Strategies Tests DCIS/SASTI/CESTI 8

Attacks on smartcards Physical (Silicon related) Memories Access to internal signals (probing) Observation: Side Channel Analysis SPA, EMA, DPA, DEMA Perturbations: inducing errors Cryptography (DFA) Generating errors IO errors (reading, writing) Program disruption (jump, skip, change instruction) Specifications/implementation related attacks Protocol, overflows, errors in programming, DCIS/SASTI/CESTI 9

Optical reading of ROM Reverse Engineering Probing : MEB Probing : laser preparation DCIS/SASTI/CESTI 10

Modification : FIB Modification : Laser cut DCIS/SASTI/CESTI 11

EM signal analysis DCIS/SASTI/CESTI 12

SPA/EMA Analysis DES AES DCIS/SASTI/CESTI 13

SPA/DPA analysis DCIS/SASTI/CESTI 14

Cartography Electro-magnetic signal during DES execution. Hardware DES Differential signal DCIS/SASTI/CESTI 15

Cartography DCIS/SASTI/CESTI 16

Perturbations examples Branch on error Initializations valid = TRUE; If got ^= expected then valid = FALSE ; If valid Then critical processing; Non critical processing; If not authorized then goto xxx; Critical processing; Re-reading after integrity checking Memory integrity checking; Non critical processing; Data 1 reading; Critical processing; Data 2 reading; Critical processing; DCIS/SASTI/CESTI 17

What is requested from a lab? Good knowledge of the state of the art Not always published Internal R&D on attacks Equipment Competences Multi-competences Cryptography, microelectronics, signal processing, lasers, etc Competence areas defined in the French Scheme Hardware (IC, IC with embedded software) Software (Networks, OS, ) DCIS/SASTI/CESTI 18

Test benches DCIS/SASTI/CESTI 19

Competences Microelectronic Testbenches Software DCIS/SASTI/CESTI 20

Some rules Security is the whole product: IC + software The IC must hide itself Critical processing,sensitive data handling,consistency checking, Memory access, The IC must control itself Consistency checking,audits, log, But some attacks are now dedicated to these counter-measures DCIS/SASTI/CESTI 21

CONCLUSION (1) Evaluation is Rigorous & normalized process But attacks require specific «human» skills Attack is Gaining access to secret/forbidden operations Free to «play» with the abnormal conditions An error is not an attack But an error can often be used in attacks DCIS/SASTI/CESTI 22

CONCLUSION (2) The evaluation guarantees that The product is working as specified It has a good resistance level Perfection as absolute security does not exist DCIS/SASTI/CESTI 23