Tamper resistance

Tamper resistance is resistance to tampering (intentional malfunction or sabotage) by either the normal users of a product, package, or system or others with physical access to it. There are many reasons for employing tamper resistance.

Tamper resistance ranges from simple features like screws with special drives, more complex devices that render themselves inoperable or encrypt all data transmissions between individual chips, or use of materials needing special tools and knowledge. Tamper-resistant devices or features are common on packages to deter package or product tampering.

Anti-tamper devices have one or more components: tamper resistance, tamper detection, tamper response, and tamper evidence. ^[1] In some applications, devices are only tamper-evident rather than tamper-resistant.

Tampering

Tampering involves the deliberate altering or adulteration of a product, package, or system. Solutions may involve all phases of product production, packaging, distribution, logistics, sale, and use. No single solution can be considered as "tamper-proof". Often multiple levels of security need to be addressed to reduce the risk of tampering. Some considerations might include:

Identify who a potential tamperer might be: average user, child, psychopath, misguided joker, saboteur, organized criminals, terrorists, corrupt government. What level of knowledge, materials, tools, etc. might they have?
Identify all feasible methods of unauthorized access into a product, package, or system. In addition to the primary means of entry, also consider secondary or "back door" methods.
Control or limit access to products or systems of interest.
Improve the tamper resistance to make tampering more difficult, time-consuming, etc.
Add tamper-evident features to help indicate the existence of tampering.
Educate people to watch for evidence of tampering.

Tamper means interfere with (something) without authority or so as to cause damage.

Safety

Nearly all mains appliances and accessories can only be opened with the use of a screwdriver (or a substitute item such as a nail file or kitchen knife). This prevents children and others who are careless or unaware of the dangers of opening the equipment from doing so and hurting themselves (from electrical shocks, burns or cuts, for example) or damaging the equipment. Sometimes (especially in order to avoid litigation), manufacturers go further and use tamper-resistant screws, which cannot be unfastened with standard equipment. Tamper-resistant screws are also used on electrical fittings in many public buildings primarily to reduce tampering or vandalism that may cause a danger to others.

Warranties and support

A user who breaks equipment by modifying it in a way not intended by the manufacturer might deny they did it, in order to claim the warranty or (mainly in the case of PCs) call the helpdesk for help in fixing it. Tamper-evident seals may be enough to deal with this. However, they cannot easily be checked remotely, and many countries have statutory warranty terms that mean manufacturers may still have to service the equipment. Tamper proof screws will stop most casual users from tampering in the first place. In the US, the Magnuson-Moss Warranty Act prevents manufacturers from voiding warranties solely due to tampering. A warranty may be dishonored only if the tampering actually affected the part that has failed, and could have caused the failure.

Chips

Tamper-resistant microprocessors are used to store and process private or sensitive information, such as private keys or electronic money credit. To prevent an attacker from retrieving or modifying the information, the chips are designed so that the information is not accessible through external means and can be accessed only by the embedded software, which should contain the appropriate security measures.

Examples of tamper-resistant chips include all secure cryptoprocessors, such as the IBM 4758 and chips used in smartcards, as well as the Clipper chip.

It has been argued that it is very difficult to make simple electronic devices secure against tampering, because numerous attacks are possible, including:

physical attack of various forms (microprobing, drills, files, solvents, etc.)
freezing the device
applying out-of-spec voltages or power surges
applying unusual clock signals
inducing software errors using radiation (e.g., microwaves or ionising radiation)
measuring the precise time and power requirements of certain operations (see power analysis)

Tamper-resistant chips may be designed to zeroise their sensitive data (especially cryptographic keys) if they detect penetration of their security encapsulation or out-of-specification environmental parameters. A chip may even be rated for "cold zeroisation", the ability to zeroise itself even after its power supply has been crippled. In addition, the custom-made encapsulation methods used for chips used in some cryptographic products may be designed in such a manner that they are internally pre-stressed, so the chip will fracture if interfered with.

Nevertheless, the fact that an attacker may have the device in his possession for as long as he likes, and perhaps obtain numerous other samples for testing and practice, means that it is practically impossible to totally eliminate tampering by a sufficiently motivated opponent. Because of this, one of the most important elements in protecting a system is overall system design. In particular, tamper-resistant systems should "fail gracefully" by ensuring that compromise of one device does not compromise the entire system. In this manner, the attacker can be practically restricted to attacks that cost less than the expected return from compromising a single device (plus, perhaps, a little more for kudos). Since the most sophisticated attacks have been estimated to cost several hundred thousand dollars to carry out, carefully designed systems may be invulnerable in practice.

Military

Anti-tamper (AT) is required in all new military programs in the U.S.^[1]

DRM

Tamper resistance finds application in smart cards, set-top boxes and other devices that use digital rights management (DRM). In this case, the issue is not about stopping the user from breaking the equipment or hurting themselves, but about either stopping them from extracting codes, or acquiring and saving the decoded bitstream. This is usually done by having many subsystem features buried within each chip (so that internal signals and states are inaccessible) and by making sure the buses between chips are encrypted.

DRM mechanisms also use certificates and asymmetric key cryptography in many cases. In all such cases, tamper resistance means not allowing the device user access to the valid device certificates or public-private keys of the device. The process of making software robust against tampering attacks is referred to as "software anti-tamper".

Nuclear industry

Nuclear reactors that are intended to be sold to countries that otherwise do not possess nuclear weapons must be made tamper-resistant to prevent nuclear proliferation. For example, the proposed SSTAR will feature a combination of anti-tamper techniques that will make it difficult to get at the nuclear material, ensure that where the reactors are transported to is closely tracked, and have alarms in place that sound if attempts at entry are detected (which can then be responded to by the military).

Packaging

Tamper resistance is sometimes needed in packaging. for example:

Regulations for some pharmaceuticals require it
High value products may be subject to theft and pilferage
Evidence needs to remain unaltered for possible legal proceedings

Resistance to tampering can be built in or added to packaging.^[2] Examples include:

Extra layers of packaging (no single layer or component is "tamper-proof")
Packaging that requires tools to enter
Extra-strong and secure packaging
Packages that cannot be resealed
Tamper-evident seals and features

The tamper resistance of packaging can be evaluated by consultants and experts in the subject. Also, comparisons of various packages can be made by careful field testing of the lay public.

Software

Main article: anti-tamper software

Software is also said to be tamper-resistant when it contains measures to make reverse engineering harder, or to prevent a user from modifying it against the manufacturer's wishes (removing a restriction on how it can be used, for example). One commonly used method is code obfuscation.

However, effective tamper resistance in software is much harder than in hardware, as the software environment can be manipulated to near-arbitrary extent by the use of emulation.

If implemented, trusted computing would make software tampering of protected programs at least as difficult as hardware tampering, as the user would have to hack the trust chip to give false certifications in order to bypass remote attestation and sealed storage. However, the current specification makes it clear that the chip is not expected to be tamper-proof against any reasonably sophisticated physical attack;^[3] that is, it is not intended to be as secure as a tamper-resistant device.

A side effect of this is that software maintenance gets more complex, because software updates need to be validated and errors in the upgrade process may lead to a false-positive triggering of the protection mechanism.

References

1 2 Altera. "Anti-Tamper Capabilities in FPGA Designs". p. 1.
↑ Rosette, J L (2009), "Tamper-Evident Packaging", in Yam, K L, Encyclopedia of Packaging Technology, Wiley (published 2010), ISBN 978-0-470-08704-6
↑ Microsoft Word – TPM 1_2 Changes final.doc

Smith, Sean; Weingart, Steve (1999). "Building a High-Performance, Programmable Secure Coprocessor". Computer Networks. 31 (9): 831–860. doi:10.1016/S1389-1286(98)00019-X.
Rosette, Jack L (1992). Improving tamper-evident packaging: Problems, tests, and solutions. ISBN 978-0877629061.

External links

Packaging

General topics	Active packaging Child-resistant packaging Disposable food packaging Food packaging Luxury packaging Modified atmosphere/modified humidity packaging Package pilferage Package testing Packaging engineering Pharmaceutical packaging Reusable packaging Shelf life Sustainable packaging Tamper-evident Tamper resistance Wrap rage

Containers	Aerosol Container Aluminium bottle Aluminum can Ampoule Antistatic bag Bag-in-box Bags and flexible containers Barrel Beer bottle Biodegradable bag Blister pack Boil-in-Bag Bottle Box Bulk box Carboy Carton Chub Clamshell Corrugated box design Crate Disposable cup Drum Envelope Flexible intermediate bulk container Foam food container Folding carton Growler Insulated shipping container Intermediate bulk container Jar Jerrycan Jug Juicebox Keg Multi-pack Oyster pail Packet (container) Padded mailer Pail Paper bag Paper sack Plastic bag Plastic bottle Popcorn bag Retort pouch Sachet Security bag Self-heating can Self-heating food packaging Shaker-style pantry box Shipping container Skin pack Spray bottle Tin can Tube Unit load Vial Wooden box

Materials and components	Adhesive Aluminium foil Bioplastic Biodegradable plastic BoPET Bubble wrap Bung Cellophane Closure Coated paper Coating Corrugated fiberboard Corrugated plastic Cushioning Desiccant Double seam Foam peanut Glass Hot-melt adhesive Kraft paper Label Linear low-density polyethylene Liquid packaging board Low-density polyethylene Metallised film Modified atmosphere Molded pulp Nonwoven fabric Overwrap Oxygen scavenger Packaging gas Pallet Paper Paper pallet Paperboard Plastic film Plastic pallet Plastic wrap Polyester Polyethylene Polypropylene Pressure-sensitive tape Screw cap Screw cap (wine) Security printing Security seal Shock detector Shock and vibration data logger Shrink wrap Slip sheet Staple (fastener) Strapping Stretch wrap Susceptor Tear tape Temperature data logger Time temperature indicator Tinplate Velostat

Processes	Aseptic processing Authentication Automatic identification and data capture Blow fill seal Blow molding Calendering Canning Coating Containerization Curtain Coating Die cutting Die forming (plastics) Electronic article surveillance Extrusion Extrusion coating Glass production Graphic design HACCP Hermetic seal Induction sealing Injection molding Laminating Laser cutting Molding Papermaking Plastic welding Plastics extrusion Printing Quality assurance Radio-frequency identification Roll slitting Shearing (manufacturing) Thermoforming Track and trace Vacuum forming Ultrasonic welding Vacuum packaging Verification and validation

Machinery	Barcode printer Barcode reader Bottling line Calender Can seamer Cartoning machine Case sealer Check weigher Conveyor system Extended core stretch wrapper Filler Heat gun Heat sealer Industrial robot Injection molding machine Label printer applicator Lineshaft roller conveyor Logistics automation Material handling equipment Mechanical brake stretch wrapper Multihead weigher Orbital stretch wrapping Palletizer Rotary wheel blow molding systems Shrink tunnel Staple gun Tape dispenser Turntable stretch wrapper Vertical form fill sealing machine

Environment, post-use	Biodegradation Environmental engineering Glass recycling Industrial ecology Life-cycle assessment Litter Paper recycling Plastic recycling Recycling Reusable packaging Reverse logistics Source reduction Sustainable packaging Waste management

This article is issued from Wikipedia - version of the 10/6/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.