|Anti-tamper protective systems for NATO operations|
|Applied Vehicle Technology|
security evaluation, standardization, Tamper protection
Anti-tamper protection is a technical counter-measure for preventing unwanted exploration, modification or copying of a given system. Military electronic equipment often contains sensitive or classified information, which e.g. could be in form of algorithms, proprietary software or cryptographic keys. In order to protect the system or equipment from an adversary getting access to this information, anti-tamper mechanisms have to be implemented to obtain a given level of security. The anti-tamper mechanism should prevent or delay reverse engineering of the system, and make it possible to detect whether an intrusion or physical manipulation has occurred, where the goal of the attack is to access sensitive information. Lastly, if possible, an alarm should be sent giving information about the event.
Cryptographic equipment is often implemented with Application Specific Integrated Circuits (ASICs) and/or RAM-based Field Programmable Gate Arrays (FPGAs). Although these circuits provide various degrees of security, additional mechanisms must be implemented to provide a sufficiently high level of protection, as these components alone are not able to protect the sensitive data they store in the face of high level attacks.
Autonomous vehicles and remote sensors are other examples of vulnerable equipment if they are lost or stolen, and their tactical use increases the risk of loss or theft. Tamper protection is therefore of paramount importance to prevent extraction of cryptographic keys, reverse engineering and the risk that counter-measures against these systems will be developed.
This RWS proposal is a follow-on activity from AVT-ET-183 – Tamper Protection Technologies. As tamper technology includes different technology areas, a cross-panel activity is considered relevant.
A common standard for secure design, implementation and test of cryptographic modules that include both hardware and software is the Federal Information Processing Standard (FIPS)-140-2. In these cases the cryptographic key is stored as a bit string. However, this does not hold for emerging technologies based on e.g. physical unclonable functions (PUFs). A PUF based anti-tamper enclosure will take advantage of inherent process variations and (deliberate) randomness in the material itself to create a unique and unclonable entropy, which again is utilized to generate a valid cryptographic key. Once the enclosure has been tampered with, the entropy has changed and a valid key can no longer be extracted. An advantage of these types of technologies is that it enables battery-less enclosure solutions. However, it is not clear how well current established standards cover the secure design, implementation and testing of anti-tamper systems based on such emerging technologies. It is therefore a need to evaluate if these security mechanisms are well covered by existing standards, or if a new set of design and test criteria ought to be sought after.
This workshop aims to gather researchers in the area of tamper protection technologies to exchange ideas and explore solutions related to emerging technologies for which there are not yet established security standards for design and test procedures, such as PUF. An emphasis will be on enclosures/envelopes to protect data streams.
One main objective is to establish common areas of interest across participating nations for exploring the development of a new standard for design and test of anti-tamper solutions for which such standards are not currently well established, such as PUF based enclosures.
Possible areas where this has likely military benefit include, but not limited to, the following topics:
• Tamper protection for autonomous systems
• Tamper protection for communication and information systems, and sensors
The RWS should be a cross-panel activity, including contributions from the IST, SET and SCI panels.
The RWS will provide meeting proceedings.
The scope of the RWS and topics to be covered can be summarized as follows:
• Explore new/extend existing security design and test standards to cover:
o new solutions/approaches (e.g. PUF based enclosures, but not limited to)
o further advances of existing solutions
o analysis of several current test approaches to explore their:
? ability to cover PUF based anti-tamper technologies
? adaptability to current needs of new emerging products
? absolute valuation levels, in order to authorise its use in a security context
? relative valuation, allowing to compare different solutions
? validity of a valuation, taking into account that attack levels are continuously rising and new attacks can appear
• Explore suitable concepts for which conformance to the desired criteria appears feasible, and to encourage collaboration within NATO towards hardware demonstrators