Introduction
Tamper-resistant range From simple features (such as special style screws) to complex devices, they make it indiscriminately or allocate all of the transfer data between the doubts, or It is necessary to use special tools and knowledge to operate. There are often tamper-proof equipment or features on packaging to prevent tampering for packaging or product. The tamper-proof equipment has one or more components: tamper-proof, tamper detection, tampering response, and tampering proof. In some applications, the device only has tampering proof without preventing tampering.
Tampering
tampering involves deliberately changing or adult product, packaging or system. Solutions may involve all phases of product production, packaging, distribution, logistics, sales and use. There is no single solution to complete "tamper-proof", often need to be equipped with a multi-level security program to reduce the risk of tampering. Aspects to consider, may include:
-
to determine who may be a potential tamper, such as ordinary users, children, mental illness, misleading people, destroyers, organized Criminals, terrorists, etc. What are their levels of knowledge, materials and tools such as materials and tools?
-
determines all possible methods for unauthorized access to the product, packaging or system. In addition to the main way, it should also be considered second or "back door".
-
Control or restrict access to related products, systems.
-
Improve the tamper-proof function, making tampering more difficult, time consuming.
-
adds a finishing key to help indicate that there is a tamper.
-
informing how people observe tampering proof.
Tamper means interfering with an item or causes damage without official authorization.
Security
Almost all power devices and accessories can only be opened using a screwdriver or similar alternative. This is to prevent children or other people from accidentally or unintentional to open their equipment, causing danger or harming themselves (eg, electric shock, burn or cut) or damage equipment. Sometimes it is to avoid lawsuits, manufacturers further use tamper-proof screws to open them with standard tools. Tamper-resistant screws are also used in many public buildings, reducing tampering or destructive behavior that may cause hazards to others.
Warranty and Support
User may reject the device failure by manufacturer non-expected manner, so that the manufacturer's after-sales service must provide warranty or help. Tampering printing seals may be enough to resolve this issue, but this imprint is not easy to be remotely checked, and many countries have statutory provisions, manufacturers may still provide services to such equipment. Tamper-resistant screws prevent most common curious users from tampered with. In the United States, Magnison-Moscute repair is prohibiting manufacturers from failing to make warrants only due to tampering. Warrants may be rejected only when tampering actually affects the fault.
Chip
Tabby microprocessor is used to store and process privacy or sensitive information, such as private key or electronic currency information. To prevent attackers from retrieving or modifying information, the chip is designed to access information from external access, and can only be accessed by internal embedded software. Embedded software should also contain appropriate security. Tabby chips include all security encryption processors, such as chips in IBM 4758 and smart cards, and Clipper chips. At this stage, it is considered that simple electronic devices are safe to prevent tampering, because there are many possible attacks, including:
-
various forms of physical attacks (micro-spray , Drilling, document, solution, etc.)
-
freezing device
-
applied over-limit voltage or power surges
-
Application abnormal clock signal
-
use radiation induced software errors (such as microwave or ionizing radiation)
-
Measuring the exact time and power requirements of certain operations (see the power analysis)
tamper-resistant chip may sensitive to data (especially Encryption key) Clear, if it detects that the secure package is penetrated or environmental parameters beyond the specification. The chip can even be designed to be "coldness zero", that is, the power of self-return after the power is cut off. In addition, the custom package method used by some encrypted products used can be designed to be internally pre-stress, so that the chip is broken when interference occurs.
However, an attacker may have any equipment he can get, and there may be a large number of samples to test and practice, which means that it is impossible to completely eliminate the opponents with full motives and prepared. Therefore, an important element of the protection system is the overall system design. In particular, the tamper-proof system should "elegance failure" to ensure that a device is captured throughout the system. Since the most complex attacks may take hundreds of thousands of dollars, well-designed systems may not be captured in practice.
Military
All new military programs in the United States requires tamper-proof.
DRM
Tampering technology is applied to smart cards, set-top boxes, and other devices that use Digital Rights Management (DRM). In these cases, the problem is not to prevent the user from damaging the device or hurt yourself, but preventing them from extracting code or obtaining and saving the decoded bitstream. This is typically completed by many subsystem functions implanted in each chip (not accessible to the internal signal and status), and ensures the bus between the chips being encrypted.
DRM mechanism is also encrypted by many aspects and asymmetric key. In these cases, the tamper-proof is a valid certificate or public key / private key to prohibiting the user accessing the device. The process of making the software to tamper with robustness is called "software tampermatheism".
Nuclear Industry
is ready to sell nuclear reactors for other countries that do not have nuclear weapons, must be tamperped to prevent nuclear proliferation. For example, the proposed small seal portable self-controlled reactor will have a variety of tamper-proof techniques to make the nuclear material to be acquired, ensuring that the transportation of the reactor is closely tracked, and the sound alarm (and can trigger) when detected attempting Military response).
Packaging
package sometimes needs to be tamperped. For example:
-
Decisive requirements
-
may encounter high value products for theft or stealing
-
For possible legal proceedings, it is necessary to keep the constant evidence
Tamper-like function can be built-in or added to the package. For example:
-
Additional packaging layer (single layer packaging or component cannot be "tamper-resistant")
-
require tool to open Packaging
-
Super and secure packaging
-
can not re-seal
-
Remastered imprint seal and characteristics
The tamper-proof of packaging can be evaluated by the topic consultant and expert. In addition, various packaging can be compared by the public.
Software
When the software contains measures to contain reverse engineering, or prevent users from violating manufacturers to make changes (for example, to remove certain use restrictions), it is also a tamper-proof . A common method is code confusion. However, effective tamper-proof changes in the software are more difficult than in hardware, because almost any operating environment can be operated by simulation.
If you have trusted computing, the software's tamper protection program can reach the level of hardware tampering, as the user may have to break the trust chip to bypass remote authentication and trusted storage. However, the current specifications are clearly shown that the chip tampermat should not be expected to be a complex physical attack; that is, it is not intended to achieve the same security with the tamper-proof equipment.
This side effect is to increase the complexity of software maintenance, because if the software update, any errors during the update process may result in false positives and failure.