Peter Gutmann wrote:

Ben Laurie <[EMAIL PROTECTED]> writes:

Peter Gutmann wrote:

Given the string of
attacks on crypto in embedded devices (XBox, iPhone, iOpener, Wii, some
not-yet-published ones on HDCP devices :-), etc) this is by far the most
at-risk category because there's a huge incentive to attack them, the result
affects tens/hundreds of millions of devices, and the attacks are immediately
and widely actively exploited (modchips/device unlocking/etc, an important
difference between this and academic proof-of-concept attacks), so this is the
one where I'd expect the vendors to care most.

But they've all been unlocked using easier attacks, surely?

The published ones seem to be the (relatively) easy ones, but the ones that
have been tried (and either not published or just had the easy outcome
published) have been pretty amazing.  This is another one of these things
where real figures are going to be near-impossible to come by, even harder
than my hypothetical public vendor survey of who uses SCA protection.  You'd
have to read about 20 blogs and a hundred mailing lists, many private, just to
keep up, but from various informal contacts with people working in this area
it seems you're not looking at anything like the conventional "identify the
weakest point, then attack there" approach.  Instead what's being done is more
like the Iraqi weapons program prior to 1991 where they were using every
imaginable type of approach, including ones like calutrons that had been
abandoned decades earlier by everyone else, for a first-past-the-post finish,
they'd try anything and everything and whatever got them there first would be
declared the winner.  It's the same with these attacks, whenever I've asked
"have you tried X" the answer is invariably "yes, we have".

This style of attack is quite different from the usual academic model, it
neatly illustrates Bruce Schneier's comment that a defender has to defend
every single point along the line while an attacker only has to find a single
weakness.  In this case it seems to be literally true, and the weakness won't
necessarily be the actual weakest point but merely the point where an attacker
with sufficient skill and access to the right tools got in.  Look at the XBox
attacks for example, there's everything from security 101 lack of
checking/validation and 1980s MSDOS-era A20# issues through to Bunnie Huang's
FPGA-based homebrew logic analyser and use of timing attacks to recover device
keys (oh, and there's an example of a real-world side-channel attack for you),
there's no rhyme or reason to them, it's just "hammer away at everything with
anything you've got and exploit the first bit that fails".

Now you seem to answer the question yourself: SCA protections apply to a single class of attacks, while there are many.

Going back to "who cares", having done certification consulting assignments for some devices with crypto, when there was no checklist-based standard to apply, "good practice" security criteria (to be briefly documented in the report) would include the following questions:

(A) Is the secret key inside a device unit applicable to this single unit, or is it a system-wide, or domain-wide key?

That's a key management scheme question.

(B) Is the attack destructive? Which device unit features (especially "be in working order", but also "be absent of actual tampering evidence" or even "remain under the control of the legitimate user without interruptions longer than X" ) need to be impaired for a given class of attack to succeed? This question pertains to the secret key as in (A) and also to any public-key-to-be-integrity-protected which would prevent malicious code download.

That's a product design question.

(C) What are the incentives, if any, for the legitimate user to remain well-behaved in the human aspects of device protection? (E.g. a merchant has some incentive to maintain a payment authorization device in good working order.) This leads to the question of insider threats, so satisfactory answers in this area are seldom present.

This is an application design question.

This gives an idea of analyses that drives security-related spendings (in my limited experience). Clients (intend to) pay for protections that will prevent financial losses and major public relations impacts (and then cut operating budgets soon after the project gets its authorization!). The consultant study must clearly link attackers' motivations to impacts and to countermeasures.

Refinements to the above analysis methodology call for the same creative mind that you assume from the part of the attackers. E.g. the usefulness of a device unit clone for the attacker should be considered for questions (B) and (C).

Does SCA protection enter the picture? Marginally at best.



- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada   H2M 2A1

Tel.: (514)385-5691
Fax:  (514)385-5900

web site:

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to