Tamperproofing
This article needs additional citations for verification. (January 2008) |
Tamperproofing, conceptually, is a methodology used to hinder, deter or detect unauthorised access to a device or circumvention of a security system. Since any device or system can be foiled by a person with sufficient knowledge, equipment, and time, the term "tamperproof" is a misnomer unless some limitations on the tampering party's resources is explicit or assumed.
Tamper resistance is resistance to tampering (intentional malfunction or sabotage) by either the normal users of a product, package, or system or others with physical access to it.
Tamper resistance ranges from simple features like screws with special drives, more complex devices that render themselves inoperable or encrypt all data transmissions between individual chips, or use of materials needing special tools and knowledge. Tamper-resistant devices or features are common on packages to deter package or product tampering.
Anti-tamper devices have one or more components: tamper resistance, tamper detection, tamper response, and tamper evidence.
Tampering
Tampering involves the deliberate altering or adulteration of a product, package, or system. Solutions may involve all phases of product production, packaging, distribution, logistics, sale, and use. No single solution can be considered as "tamper-proof". Often multiple levels of security need to be addressed to reduce the risk of tampering.[2]
Some considerations might include:
- Identify who a potential tamperer might be: average user, child, person under medical care, misguided joker, prisoner, saboteur, organized criminals, terrorists, corrupt government. What level of knowledge, materials, tools, etc. might they have?
- Identify all feasible methods of unauthorized access into a product, package, or system. In addition to the primary means of entry, also consider secondary or "back door" methods.
- Control or limit access to products or systems of interest.
- Improve the tamper resistance to make tampering more difficult, time-consuming, etc.
- Add tamper-evidentfeatures to help indicate the existence of tampering.
- Educate people to watch for evidence of tampering.
Methods
Mechanical
Some devices contain non-standard screws or bolts in an attempt to deter access. Examples are telephone switching cabinets (which have triangular bolt heads that a hex socket fits), or bolts with 5-sided heads used to secure doors to outdoor electrical distribution transformers. A standard Torx screw head can be made in a tamper-resistant form with a pin in the center, which excludes standard Torx drivers. Various other security screw heads have been devised to discourage casual access to the interior of such devices as consumer electronics.
Electrical
This style of tamper resistance is most commonly found in
Sensors such as movement detectors, tilt detectors, air-pressure sensors, light sensors, etc., which might be employed in some burglar alarms, might also be used in a bomb to hinder defusing.
Safety
Nearly all appliances and accessories can only be opened with the use of a tool. This is intended to prevent casual or accidental access to energized or hot parts, or damage to the equipment. Manufacturers may use tamper-resistant screws, which cannot be unfastened with common tools. Tamper-resistant screws are used on electrical fittings in many public buildings to reduce tampering or vandalism that may cause a danger to others.
Warranties and support
A user who breaks equipment by modifying it in a way not intended by the manufacturer might deny they did it, in order to claim the warranty or (mainly in the case of PCs) call the helpdesk for help in fixing it.
Chips
Tamper-resistant
Examples of tamper-resistant chips include all
It has been argued that it is very difficult to make simple electronic devices secure against tampering, because numerous attacks are possible, including:
- physical attack of various forms (microprobing, drills, files, solvents, etc.)
- freezing the device
- applying out-of-spec voltages or power surges
- applying unusual clock signals
- inducing software errors using radiation (e.g., ionising radiation)
- measuring the precise time and power requirements of certain operations (see power analysis)
Tamper-resistant chips may be designed to
Nevertheless, the fact that an attacker may have the device in their possession for as long as they like, and perhaps obtain numerous other samples for testing and practice, means that it is impossible to totally eliminate tampering by a sufficiently motivated opponent. Because of this, one of the most important elements in protecting a system is overall system design. In particular, tamper-resistant systems should "
In the United States, purchasing specifications require anti-tamper (AT) features on military electronic systems. [1]
Digital rights management
Tamper resistance finds application in smart cards, set-top boxes and other devices that use digital rights management (DRM). In this case, the issue is not about stopping the user from breaking the equipment or hurting themselves, but about either stopping them from extracting codes, or acquiring and saving the decoded bitstream. This is usually done by having many subsystem features buried within each chip (so that internal signals and states are inaccessible) and by making sure the buses between chips are encrypted. [citation needed]
DRM mechanisms also use certificates and
Packaging
Tamper resistance is sometimes needed in packaging, for example:
- Regulations for some pharmaceuticals require it.
- High value products may be subject to theft.
- Evidence needs to remain unaltered for possible legal proceedings.
Resistance to tampering can be built in or added to packaging.[3] Examples include:
- Extra layers of packaging (no single layer or component is "tamper-proof")
- Packaging that requires tools to enter
- Extra-strong and secure packaging
- Packages that cannot be resealed
- Tamper-evident seals, security tapes, and features
Software
Software is also said to be tamper-resistant when it contains measures to make
However, effective tamper resistance in software is much harder than in hardware, as the software environment can be manipulated to near-arbitrary extent by the use of emulation.
If implemented,
That has the side effect that software maintenance gets more complex because software updates need to be validated, and errors in the upgrade process may lead to a false-positive triggering of the protection mechanism.
See also
- Chicago Tylenol murders
- Child-resistant packaging
- FIPS 140-2
- Ink tag
- Packaging and labelling
- Package pilferage
- Tamper-resistant switch
- Tamper-evident technology
- Wrap rage
References
- ^ a b Altera. "Anti-Tamper Capabilities in FPGA Designs". p. 1.
- ^ Johnston, R G (1997). "Physical Security and Tamper-Indicating Devices". LA-UR-96-3827. Vulnerability Assessment Team, Los Alamos National Laboratory. Retrieved 30 August 2019.
- ISBN 978-0-470-08704-6
- ^ Microsoft Word – TPM 1_2 Changes final.doc
Bibliography
- Smith, Sean; Weingart, Steve (1999). "Building a High-Performance, Programmable Secure Coprocessor". Computer Networks. 31 (9): 831–860. .
- Rosette, Jack L (1992). Improving tamper-evident packaging: Problems, tests, and solutions. ISBN 978-0877629061.