Physical Tamper-Resistant Devices - Essay Example

PHYSICAL TAMPER-RESISTANT DEVICES due: Introduction Creating a safe and sound computer system is not just a case of prediction and design of possible security breaches and issues, it is very vital to wisely design software and make sure to protect the inner implementation, by utilizing several engineering software procedures as the encapsulation that reduces the code exposure to objects and classes. This being done, is not enough, software developers must monitor both the software after deployment and also monitor behavioral usage. The monitoring process can be applied for various purposes. It can aid in review performance, but the most significant monitoring applications help in protecting as well as adding fixes for security gaps. As stated by Brain Gladman “it is fairly easy to create an encryption methodology that is safe, if it is functioning as intended and is correctly utilized. But it remains very hard to develop a methodology which does not compromise its security in circumstances whereby it is either abused or one or several of its subcomponents malfunction” (Gladman 2001, p. 4). Physical tamper resistance is a characteristic or security concept that is applicable to various fields and not limited to the digital area or computing. Anti-tamper device comprises of tamper detection, tamper responses, and tamper resistance (Rannenberg et al. 2010, p. 16). The 4758 IBM crypto-processor is an example of a resistant device, which provides the highest tamper resistant levels. List of different kinds of tamper-resistant devices as well as their characteristics Various Physical tamper-resistant devices exist. These include high-end, low-end, and mid-range devices. However, one aspect worth noting is that these devices vary in cost and range classification in various countries. For example, China can cost and categorize a tamper resistance device according to geographical boundaries. Below is the list: 1. High end physical tamper-resistant devices Just like the 4785 IBM, these resistant devices are of a very strong crypto system that is surrounded with a tamper sensing mesh. If an attempt at tampering is noticed, the mesh permanently deletes the main material and renders the device unrecoverable as well as unreadable. This device is significant for two reasons. Firstly, it is the only available commercial processor to have been successfully evaluated at the highest stages of tamper resistance. Secondly, the IBM 4758 has an extensive literature concerning its history, design evolution, protective procedures (Gladman 2001, p.3). Figure below: An IBM 4785 Crypto-processor device 2. Low end physical tamper-resistant devices These kind of resistant devices comprise of a symmetric cryptosystem key. These devices are normally protected against unauthorized reads, and the procedures are designed on a very basic foundation. Cheap Microcontrollers are one of the examples of low-end resistant devices. Microcontrollers are designed for fixed applications, in contrast to microprocessors that are used in computers or general-purpose applications. Microcontrollers are normally used in automatically controlled devices like car engines, remote controls, toys, office machines and many other embedded systems (Gladman 2001, p.12-13). Figure 1 below: An Intel 8742 die, an 8-bit microcontroller, which includes a CPU running at 12MHz, RAM of 128 bytes, EPROM of 2048 bytes, and I/O within the chip. Figure 2 below: 2 AT mega microcontrollers 3. Mid-range physical tamper-resistant devices These devices are single chip products that can avoid physical attacks. Smart cards as well as TPM chips are common examples of mid-range resistant devices (Buttyan 2008, p. 35). However, some of the mi-range devices are classified differently in certain countries. Good examples of the devices are the 5002 security processor and the iButton processor. The iButton is designed to be a minimalistic and self-contained cryptographic processor, which has an 8051 microcontroller with a modular exponentiation circuit, a clock, tamper sensors, and RAM for software and keys. The iButton is small enough to be put on as a signet ring or carried as a key fob (Gladman 2001, p.9). Figure 1 below: iButton signet ring Figure 2 below: iButton key fob Emergent themes/trends On comparing these three types of physical tamper resistance devices, it is obvious that the high-end resistant devices offer the best secure mechanism because of the mesh it has, which erases and kills its main material of which makes the device unusable. In addition, it also has no rollbacks or mechanisms for restoration of information. This is a great protection method that is useful for very sensitive devices such as military and nuclear devices. The low-end devices (second type) have the capability to only perform symmetric key cryptography, which essentially means that, it can only secure the device from unauthorized access. In addition, low-end devices cannot guarantee protection from persistent and skilled hackers. The final type of device, the mid-range device is well suited for small chips as well as smart cards, of which are hard to crack. The design of the security model is meant for protection against physical attacks. The key similarity of all three devices is that through the variances and application areas of each physical tamper resistant device, it is clear that each device is made to perform a specific protection task (Grand 2004, para 6-7). The concept is a combination of several designs that create a strong and protected device. Is it feasible, yes, because a combination of sensing mesh with a key symmetric cryptosystem and integrating a chip can be implemented in the design that will offer better and stronger security, across all three types of physical tamper resistance devices? Effectiveness of different strategies The protection of the physical tamper resistant devices or software should not primarily focus on designing and pre-deployment stages. Focus should also be targeted towards the availability of the device to potential hackers (Smith 2014, para 25-32). Therefore, different strategies exist that can safeguard the devices, for both devices as well as software. For software protection, use of code obfuscation and ID-based cryptosystems is required. One of the main advantages of code obfuscation is that the programmer can intentionally make the machine or source code difficult for humans to comprehend. This is significant in that the secret source code in the code obfuscation can be protected from alteration or modification, and destruction of program coding from unethical programmers. While two key benefits of the ID-based cryptosystems is that, every number of fixed users is issued with encryption keys, and the ID-based cryptosystems eliminates the risk of encryption key compromise at hardware level. This is significant in that it helps keep and protect passwords and valuable personal data. Conclusion Physical tamper-resistant devices, as well as systems, have a history and precede the electronic computing development. Computer can be safeguarded from physical tampering in various ways, for instance by keeping the computers locked up in a guarded room. However, there are several cheaper and more portable ways of protection. Additionally, the research found that there were three elements in tamper resistant processor design. The high-end devices of which concern themselves with how to make faster, better, and cheaper processors. The second design, the mid-range device concerns itself with how to push the boundaries of the art of hacking by using chip testing technologies, and the third design, the low cost device, which concerns itself with logical aspects of protection. This paper looked at several of the protective mechanisms of the devices that are deployed by government agencies to stop all forms of known attacks, down to smart cards which can be hacked by hackers with almost basic hacking equipment. Bibliography BUTTYAN, L. 2008. Tamper resistant devices. Laboratory of Cryptography and System Security (CrySyS) Budapest University of Technology and Economics [online]. Available at: [Accessed 09 January 2015] GLADMAN, B. 2001. Physical Tamper Resistance. Security Engineering: A Guide to Building Dependable Distributed Systems, [online]. Available at: [Accessed 09 January 2015] GRAND, J. 2004. Practical secure hardware design for embedded systems (part 1 of 2), [online] Available at: [Accessed 09 January 2015] RANNENBERG, K., VARADHARAJAN, V. AND WEBER.C. 2010. Security and Privacy – Silver Linings in the Cloud: 25th IFIP TC 11 International Information Security Conference, SEC 2010, Held as Part of WCC 2010, Brisbane, Australia, September 20-23, 2010, Proceedings. Springer, ISBN: 3642152562. SMITH, B. 2010. Tampering with the easy targets, [online]. Available at: [Accessed 09 January 2015] Read More