october 2006jsa/instac/tamper-resistance standardization research committee1 activity of...
TRANSCRIPT
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 1
Activity of Tamper-resistance Standardization Research Committee (TSRC)
Shinichi KawamuraTamper-resistance Standardization Research Committee (TSRC)
Toshiba Corporation
Japanese Standards Association (JSA)Information Technology Research and Standardization Center (INSTAC)
CHES Rump Session
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 2
TSRC Activity Report Completed!
“Tamper-resistance Standardization Research Committee --- The Activity Report 2003-2006”
Available at the desk in front of the white board
Also available at
http://www.jsa.or.jp/stdz/instac/committe/index.htm
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 3
Appendix!!
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 4
Four Main Activities of TSRC
1. Systematic study of various tampering techniques ( Survey of literature )
2. Developing standard evaluation platform for side-channel attacks
3. Proposing methods to describe requirements to tamper-resistance
4. Contributing to the international standardization ( Ex. Physical Security Testing Workshop, Sept 2005
hosted with NIST and IPA )
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 5
Standard Evaluation Platforms
• Motivation:– Lack of standard platform seems to hinder the development of tamper-
resistance technology.
– It will change the situation if there is a standard platform whose specification is publicly available and non-proprietary.
• Solusion:– INSTAC-8 : 8bit CPU. Its target is a low-end embedded system.
– INSTAC-32 : 32-bit CPU and FPGA. Its target is a middle to high-end system as well as semi-hardware implementation.
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 6
An INSTAC-8 Compliant Board
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 7
An INSTAC-32 Compliant Board
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 8
Some Results Reported
• K. Fujisaki, et al. ISEC2004-No.55, 2004– Proposal of INSTAC-8 and self-evaluation
• H. Miyake, et al. SCIS2005, January 2005– DPA evaluation on INSTAC-8
• Y. Takahashi, et al. ISEC2004-No.114, March 2005– EM analysis on INSTAC-8
• K. Fujisaki, et al. ISEC2005-No.19, July 2005– Proposal of INSTAC-32 and self-evaluation
• Y. Tsunoo, et al. This conference, Sept. 2005– Analysis report on INSTAC-8
Notes) ISEC : IEICE Tech. Rep. on Information Security (Bi-monthly) SCIS: Symp. on Cryptography and Information Security (Annual)
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 9
Proposal of metric-based description of security requirement
• There are three approaches recognized to describe the requirement for tamper-resistance of cryptographic module:
1. Description focusing on attacks
2. Description focusing on countermeasures
3. Description focusing on metrics
• We think that approach 3 has not been established, so far
• Our proposal is that intensive research is necessary to establish metric-based description
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 10
Description Focusing on Attacks
Core ofCryptographic
Module
Timing Attack
SPA
DPA
EMA
Fault-based Attack
Other attacks
•Concrete attack is focused ---Natural approach•Appropriate listing up of attacks is necessary•Adapting to emerging attack is an issue since more attacks seem still to come
•Concrete attack is focused ---Natural approach•Appropriate listing up of attacks is necessary•Adapting to emerging attack is an issue since more attacks seem still to come
Example:“Cryptographic module is required to be resistant to Timing Attack”
Cryptographic Module
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 11
Description Focusing on Countermeasures
Other
Measures
Data M
asking
Random
ized T
iming
Core ofCryptographic
Module
Timing Attack
SPA
DPA
EMA
Fault-based Attack
Other attacks
•Countermeasure to prevent attacks is specified•Appropriate listing up of countermeasures is necessary•Adapting emerging attack is an issue since more attacks seem still to come•Vender would not like to explicitly describe countermeasures because they are sometimes vendor know-how
•Countermeasure to prevent attacks is specified•Appropriate listing up of countermeasures is necessary•Adapting emerging attack is an issue since more attacks seem still to come•Vender would not like to explicitly describe countermeasures because they are sometimes vendor know-how
Example:“Cryptographic module is required to implement Data Masking” or“Documentation shall specify countermeasures employed”
Cryptographic Module
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 12
Description Focusing on Metrics
Counterm
easures
Core ofCryptographic
Module
•Ideal approach -- if appropriate metrics and test method are defined•Searching for appropriate metrics is a big issue --- Intensive research is required•Good metrics may cover some emerging attacks
•Ideal approach -- if appropriate metrics and test method are defined•Searching for appropriate metrics is a big issue --- Intensive research is required•Good metrics may cover some emerging attacks
Example:“Cryptographic module is required to have metric A within a given range B with a given test method C”
TestMethod 1
Metric 1
TestMethod 2
Other TestMethods
Metric 2
Metric x
Cryptographic Module
Presently, A, B, and C is not established.
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 13
Members of TSRC WG1 (As of March 2006)
• Tsutomu Matsumoto (Chair, Yokohama National University)
• Shinichi Kawamura (Secretary, Toshiba Corp.)
• Koichi Fujisaki (Toshiba Corp.)
• Naoya Torii (Fujitsu Laboratories Ltd.)
• Shuichi Ishida (Hitachi, Ltd.)
• Yukiyasu Tsunoo (NEC Corp.)
• Minoru Saeki (Mitsubishi Electric Corp.)
• Atsuhiro Yamagishi (IPA)
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 14
Organizational Structure
Bureau of Industrial Technology EnvironmentStandardization Section
Japanese Standardization Association
Information Technology Research and Standardization Center
(INSTAC)
Tamper-resistance Standardization Research Committee (TSRC)
Research TeamWG1 (Technical Committee)
Ministry of Economy, Trade and Industry
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 15
Pointer to Activity Report, again
Available at the desk in front of the white board
Also available athttp://www.jsa.or.jp/stdz/instac/committe/index.htm
Thank you for your attantion.
October 2006 JSA/INSTAC/Tamper-resistance Standardization Research Committee 16
End of Appendix!