Transcript Tamper-resistance Standardization Research Committee
Japanese Standards Association (JSA) Information Technology Research and Standardization Center (INSTAC) CHES Rump Session
Activity of Tamper-resistance Standardization Research Committee (TSRC)
Shinichi Kawamura
Tamper-resistance Standardization Research Committee (TSRC)
Toshiba Corporation [email protected]
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 1
TSRC Activity Report Completed!
“Tamper-resistance Standardization Research Committee --- The Activity Report 2003-2006” Available at the desk in front of the white board Also available at http://www.jsa.or.jp/stdz/instac/committe/index.htm
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 2
Appendix!!
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 3
Four Main Activities of TSRC
1. Systematic study of various tampering techniques ( Survey of literature ) 2. Developing standard evaluation platform for side channel attacks 3. Proposing methods to describe requirements to tamper-resistance 4. Contributing to the international standardization ( Ex. Physical Security Testing Workshop, Sept 2005 hosted with NIST and IPA )
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 4
Standard Evaluation Platforms
• Motivation: – Lack of standard platform seems to hinder the development of tamper resistance technology .
– It will change the situation if there is a standard platform whose specification is publicly available and non-proprietary.
• Solusion: – INSTAC-8 : 8bit CPU. Its target is a low-end embedded system.
– INSTAC-32 : 32-bit CPU and FPGA. Its target is a middle to high-end system as well as semi-hardware implementation.
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 5
An INSTAC-8 Compliant Board
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 6
An INSTAC-32 Compliant Board
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 7
Some Results Reported
• K. Fujisaki, et al. ISEC2004-No.55, 2004 – Proposal of INSTAC-8 and self-evaluation • H. Miyake, et al. SCIS2005, January 2005 – DPA evaluation on INSTAC-8 • Y. Takahashi, et al. ISEC2004-No.114, March 2005 – EM analysis on INSTAC-8 • K. Fujisaki, et al. ISEC2005-No.19, July 2005 – Proposal of INSTAC-32 and self-evaluation • Y. Tsunoo, et al. This conference, Sept. 2005 – Analysis report on INSTAC-8 Notes) ISEC : IEICE Tech. Rep. on Information Security (Bi-monthly) SCIS: Symp. on Cryptography and Information Security (Annual) October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 8
• • •
Proposal of metric-based description of security requirement
There are three approaches recognized to describe the requirement for tamper-resistance of cryptographic module: 1. Description focusing on attacks 2. Description focusing on countermeasures 3. Description focusing on metrics We think that approach 3 has not been established, so far Our proposal is that intensive research is necessary to establish metric-based description
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 9
Description Focusing on Attacks
Example: “Cryptographic module is required to be resistant to Timing Attack” Cryptographic Module Core of Cryptographic Module Timing Attack SPA DPA Fault-based Attack EMA Other attacks October 2006 •Concrete attack is focused ---Natural approach •Appropriate listing up of attacks is necessary •Adapting to emerging attack is an issue since more attacks seem still to come JSA/INSTAC/Tamper-resistance Standardization Research Committee 10
Description Focusing on Countermeasures
Example: “Cryptographic module is required to implement Data Masking” or “Documentation shall specify countermeasures employed” Cryptographic Module Core of Cryptographic Module Timing Attack SPA DPA Fault-based Attack EMA Other attacks October 2006 •Countermeasure to prevent attacks is specified •Appropriate listing up of countermeasures is necessary •Adapting emerging attack is an issue since more attacks seem still to come •Vender would not like to explicitly describe countermeasures because they are sometimes vendor know-how JSA/INSTAC/Tamper-resistance Standardization Research Committee 11
Description Focusing on Metrics
Example: “Cryptographic module is required to have metric
A
a given test method
C
” within a given range
B
with Presently,
A
,
B
, and
C
is not established.
Cryptographic Module Core of Cryptographic Module Test Method 1 Test Method 2 Other Test Methods Metric 1 Metric 2 Metric x •Ideal approach -- if appropriate metrics and test method are defined •Searching for appropriate metrics is a big issue --- Intensive research is required •Good metrics may cover some emerging attacks October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 12
• • • • • • • •
Members of TSRC WG1 (As of March 2006)
Tsutomu Matsumoto (Chair, Yokohama National University) Shinichi Kawamura (Secretary, Toshiba Corp.) Koichi Fujisaki (Toshiba Corp.) Naoya Torii (Fujitsu Laboratories Ltd.) Shuichi Ishida (Hitachi, Ltd.) Yukiyasu Tsunoo (NEC Corp.) Minoru Saeki (Mitsubishi Electric Corp.) Atsuhiro Yamagishi (IPA) October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 13
Organizational Structure
Ministry of Economy, Trade and Industry Bureau of Industrial Technology Environment Standardization Section Japanese Standardization Association Information Technology Research and Standardization Center (INSTAC) Tamper-resistance Standardization Research Committee (TSRC) WG1 (Technical Committee) Research Team
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 14
Pointer to Activity Report, again
Available at the desk in front of the white board Also available at
http://www.jsa.or.jp/stdz/instac/committe/index.htm
Thank you for your attantion.
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 15
End of Appendix!
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 16