Enclosure-PUF: Tamper Proofing Commodity Hardware and other Applications
Christian Zenger, Christof Paar, Lars Steinschulte, Johannes Tobisch, David Holin
35. Chaos Communication Congress (35c3), Leipzig, Germany, 2018.
We are presenting an innovative technology, which allows verifying the authenticity, integrity and/or the physical state of an item by employing the propagation behaviour of electromagnetic waves. In particular, it enables to check for any tamper attempts for larger structures, such as off-the-shelf computers and their periphery. The technology extends existing tamper proof approaches from the chip/PCB to a system level and is easily retrofittable. In this presentation, we are demonstrating exemplary tamper proofing in order to protect secret information without an attack-detection or data-deletion circuit (!), which is a known difficult problem and an imperfect undertaking. Therefore, we demonstrate the simplicity and effectiveness using a very cheap self-made testbed (using alumium foil) to protect standard hardware against invasive attacks, such as needle probing through the case.
Cyber-physical systems are ubiquitous and are often located in non-trustworthy environments, in which data is processed that is both sensitive and worth protecting. Despite employed protection, measures such as secured communication an extraction of data and/or manipulation of it are often easily feasible if physical access to the components of the system is given. Or with the words of Brian Gladman: “It is relatively easy to build an encryption system that is secure if it is working as intended and is used correctly but it is still very hard to build a system that does not compromise its security in situations in which it is either misused or one or more of its sub-components fails (or is ’encouraged’ to misbehave) ... this is now the only area where the closed world is still a long way ahead of the open world and the many failures we see in commercial cryptographic systems provide some evidence for this.” Our technology is aiming to verify the integrity of such systems in order to detect attempts of an attack and activate appropriate countermeasures. The propagation behaviour of electromagnetic waves allows for an extension of the protection from individual small components to the entire periphery of a system (or even object). This allows detecting attacks, like spudding/drilling into cash terminals. By deriving cryptographic key material based on physical disorder and unclonable complexity of an environment, it is possible to create a protection, which protects secret information without an attack-detection or data-deletion circuit. Due to its generic nature it is possible to flexibly use this protection concerning size and application.[Conference page] [Video]