Certification Schemes

2011 Hardware Security Components: Vulnerabilities, Evaluation and Certification Dr CEA/LETI Alain.merle@cea.fr 1 Certification Schemes n Driven by National Authorities In France: ANSSI n License laboratories Emit Certificates Independent laboratories (ITSEF, CESTIs) Perform the evaluations n n Areas of Licensing Hardware (and embedded software) Software Levels of licensing Semi-formal and formal EAL4/5 or EAL7 Organisme! d accréditation! COFRAC! Organisme de Certification :! A.N.S.S.I.! Accréditation Agrément! Certification CESTI! Centre d Evaluation de la Sécurité! Certificat des Technologies de l Information! Le Schéma Français de Certification 2 1

n Standardized & efficient methodology for security analysis (ISO IS 15408) n International recognition of the certificates n In Europe, mainly used for Integrated Circuits Integrated Circuits with embedded software Smartcards 3 Common Criteria Basic Ideas n Description of the security Justified Security Specifications (The Security target) n Verification of the conformance to the security specifications n Tests (functional and penetration testing) n Verification of the environmental hypothesis 4 2

Smartcards evaluation n Common Criteria, EAL4+ (EAL5+ for the IC) «Top level» evaluations (banking, health, Id) White Box evaluations w Access to the design w Access to the source code w For the conformity checking and the attacks n A table rating the «attack potential» Time, expertise, equipment, knowledge, The card must resist to an attacker with the maximum capabilities w All realistic attacks w In a time compatible with the life time of a product 5 CC: Norm or Open Standard n Widely used for Smartcards n But, heavy adaptations have been necessary to have an efficient process 6 3

Resistance rating Ref: http://www.commoncriteriaportal.org 7 What kind of testing? n Functional (Security functions) Conformance with the security specifications n Attacks Independent vulnerability analysis Challenge: In 3 / 4 months, how to: w Cover all the attack possibilities w Guarantee (estimate) an higher resistance duration? 8 4

Test strategies R&D Potential vulnerabilities Attacks and Potential Vulnerabilities Attacks and Strategies Tests State of the art Add Remove Customize Evaluation tasks Add Remove Customize The evaluation is a tool for optimizing the testing duration: Ø By giving to the evaluator the knowledge the attacker will have to find Ø By enabling the definition of test strategies Ø By enabling a limitation of the testing 9 Requirements for the ITSEFs n Specific competences in Attacks in the licensing area State of the Art (not always published) R&D in Attacks Multi-competences w Cryptography, microelectronic, signal processing, measures, lasers, etc Microelectronics Equipments w MEB, FIB, plasma etching, chemical etching, Security is a constant and fast evolving area w Strong background and followed activities n Reduce uncertainties Quality, Security, Training, etc 10 5

Potential vulnerabilities n Physical (Si modifications) Memories Internal signals Modifications of the IC n Observation: Side Channel Analysis SPA, EMA, DPA, DEMA n Perturbations: Inject faults Exploitation (examples) w IO errors (reading, writing) w Program disruption (jump, skip, change instruction) w Dynamic rewriting of the code Cryptography (DFA) n Attacks on the embedded software Protocols, overflows, errors, 11 1996 2010: Security & Attacks 1996: «Manual» design Firsts APL External clock No internal cyphering 1996 2010 12 6

1996 2009: Security & Attacks 1998: P. Kocher announces DPA 2001: Perturbations: EMA Power gliches DFA 2003: Laser perturbations Memory Dumps 1996 1998 2001 2003 2010 13 1996 2010: Security & Attacks 2006: Laser Cartography RSA Registers RNG Registers DES Registers 1996 1998 2001 2003 2006 2010 14 7

1996 2010: Security & Attacks 2000 Light perturbation 2006 2009 Source Riscure 1996 1998 2001 2003 2006 2010 15 1996 2010: Security & Attacks 1996 1998 2001 2003 2006 2010 16 8

1996 2010: Security & Attacks A 12 years old circuit is now a student exercise 1996 1998 2001 2003 2006 2010 17 And? n Negative view Is it any good reason for the next 10 years to be different from the previous ones? n Positive view Each attack has been efficiently countered (all what is seen is no more to be seen) Resistance level has been dramatically improved Very few new ideas 18 9

To be noticed: n Security / Confidentiality requirements for ITSEFs No example of attacks «transferred» to the public area before counter-measures implemented Few example of attacks developed in the public area before implemented in Labs n Evaluation / Certification A responsible actor for implementing challenging conditions A controlled race between Attacks & Defense 19 Absolute resistance: myth or goal? n Crypto schemes are based on a secret Gaining access to the secret kills the system n Theoretical resistance is also evolving Moore s law of microelectronics DES, TDES, AES, RSA key length, Hash fns n Hardware can t be the perfect & unique solution A Physical object could always be attacked New attacks discovered «every days» w DPA, EMA, DFA, Laser, Questions about the life time w A 12 years old circuit is a student exercise The hypothesis of facing a successful attack must be taken into account 20 10

Trust and Common Criteria n An hardware component can t be broken n A certified IC can t be broken n A certified IC has a resistance at the state of the art n Can I trust a certified component? If I know and understand the limits w What is the state of the art? w Life time of the product Yes Yes ü Yes ü Yes No ü No ü No No 21 Conclusion n «Nobody s perfect». Hardware is a good solution but limits exist Any scheme limited to the resistance of a single component is limited n Evaluation/Certification brings Confidence/Trust n Evaluation/Certification is a limited risk process to create efficient challenging conditions 22 11

Questions? 23 12