This Article 
 Bibliographic References 
 Add to: 
Analyzing a Family of Key Protection Schemes against Modification Attacks
September/October 2011 (vol. 8 no. 5)
pp. 770-776
Tieyan Li, Institute for Infocomm Research, Singapore
Guilin Wang, University of Birmingham, Birmingham
Protecting cryptographic keys in hardware devices is challenging. In this work, we reinvestigate a family of key protection schemes proposed by Fung, Golin and Gray (2001), which use permutations to protect keys stored in Electrically Erasable Programmable Read-Only Memory (EEPROM). Our analysis discovers vulnerabilities in the use of mathematical permutations. Specifically, we successfully identify two practical attacks—batch card attack and relative probing attack—which allow an adversary to discover the secret key stored in the EEPROM. Contrary to the claims of Fung et al., these attacks are realizable with a relatively small number of probes. Moreover, we examine the rationale of their security assumptions, which are mainly based on the modification attack described by Anderson and Kuhn (1997), and conclude that recent advances in hardware security (w.r.t. both attacks and countermeasures) suggest a stronger adversary model on designing such secure devices.

[1] Advanced Access Content System, Prerecorded Video Book v0.91, http://www.aacsla.comspecifications, Feb. 2006.
[2] D. Abraham, G. Dolan, G. Double, and J. Stevens, “Transaction Security System,” IBM Systems J., vol. 30, no. 2, pp. 206-229, 1991.
[3] R. Anderson and M. Kuhn, “Tamper Resistance—A Cautionary Note,” Proc. Second USENIX Workshop Electronic Commerce, pp. 1-11, 1996.
[4] R. Anderson and M. Kuhn, “Low Cost Attacks on Tamper Resistant Devices,” Proc. Fifth Int'l Workshop Security Protocols, pp. 125-136, 1997.
[5] R. Anderson, M. Bond, J. Clulow, and S. Skorobogatov, “Cryptographic Processors—A Survey,” Technical Report UCAM-CL-TR-641, Univ. of Cambridge, Computer Laboratory, Aug. 2005.
[6] B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, and K. Yang, “On the (Im)possibility of Obfuscating Programs,” Proc. 21st Ann. Int'l Cryptology Conf. Advances in Cryptology (CRYPTO '01), 2001.
[7] Dallas Semiconductor/Maxim, High-Speed Secure Microcontroller DS5250, qv_pk3932, 2006.
[8] W.W. Fung, M.J. Golin, and J.W. GrayIII, “Protection of Keys against Modification Attack,” Proc. IEEE Symp. Security and Privacy, pp. 26-36, 2001.
[9] R. Gennaro, A. Lysyanskaya, T. Malkin, S. Micali, and T. Rabin, “Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering,” Proc. Theory of Cryptography Conf., 2004.
[10] H. Handschuh, P. Paillier, and J. Stern, “Probing Attacks on Tamper-Resistant Devices,” Proc. First Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '99), pp. 303-315, 1999.
[11] IBM, “IBM 4758 PCI Cryptographic Coprocessor-CCA Basic Services Reference and Guide,” Release 2.54, Dec. 2004.
[12] Y. Ishai, A. Sahai, and D. Wagner, “Private Circuits: Securing Hardware against Probing Attacks,” Proc. 23rd Ann. Int'l Cryptology Conf. Advances in Cryptology (Crypto '03), pp. 462-479, 2003.
[13] Y. Ishai, M. Prabhakaran, A. Sahai, and D. Wagner, “Private Circuits II: Keeping Secrets in Tamperable Circuits,” Proc. 25th Ann. Int'l Conf. Thoery and Applications of Cryptographic Techniques (Eurocrypt '06), 2006.
[14] R.B. Lee, R.L. Rivest, M.J.B. Robshaw, Z.J. Shi, and Y.L. Yin, “Permutation Operations in Block Ciphers,” Embedded Cryptographic Hardware: Design and Security, Nova Science, Sept. 2004.
[15] T. Li and G. Wang, “Analyzing a Family of Key Protection Schemes against Modification Attacks (Full Version),” technical report, 2008.
[16] D. Lim, J.W. Lee, B. Gassend, G.E. Suh, M. van Dijk, and S. Devadas, “Extracting Secret Keys from Integrated Circuits,” IEEE Trans. Very Large Scale Integration (VLSI) Systems, vol. 13, no. 10, pp. 1200-1205, Oct. 2005.
[17] S. Micali and L. Reyzin, “Physically Observable Cryptography,” Proc. Theory of Cryptography Conf. (TCC '04), pp. 278-286, 2004.
[18] D. Samyde, S. Skorobogatov, R. Anderson, and J.-J. Quisquater, “On a New Way to Read Data from Memory,” Proc. First Int'l IEEE Security in Storage Workshop, pp. 65-69, 2002.
[19] S. Skorobogatov and R. Anderson, “Optical Fault Induction Attacks,” Proc. Fourth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '02), pp. 2-12, 2002.
[20] S. Skorobogatov, “Semi-Invasive Attacks: A New Approach to Hardware Security Analysis,” PhD thesis, Technical Report UCAM-CL-TR-630, Univ. of Cambridge, Computer Laboratory, Apr. 2005.
[21] P. Tuyls, G. Schrijen, B. Skoric, J. Geloven, N. Verhaegh, and R. Wolters, “Read-Proof Hardware from Protective Coatings,” Proc. Eighth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '06), 2006.
[22] J. Waddle and D. Wagner, “Fault Attacks on Dual-Rail Encoded Systems,” Proc. 21st Ann. Computer Security Applications Conf. (ACSAC '05), 2005.

Index Terms:
Secret protection, modification attack, permutation, hardware security.
Tieyan Li, Guilin Wang, "Analyzing a Family of Key Protection Schemes against Modification Attacks," IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 5, pp. 770-776, Sept.-Oct. 2011, doi:10.1109/TDSC.2010.44
Usage of this product signifies your acceptance of the Terms of Use.