Activity of Tamper-resistance Standardization Research Committee (TSRC)

1
Activity of Tamper-resistance Standardization
Research Committee (TSRC)
Japanese Standards Association (JSA) Information
Technology Research and Standardization Center
(INSTAC)
CHES Rump Session

• Shinichi Kawamura
• Tamper-resistance Standardization Research
  Committee (TSRC)
• Toshiba Corporation
• shinichi2.kawamura_at_toshiba.co.jp

2
TSRC Activity Report Completed!

• Tamper-resistance Standardization Research
  Committee --- The Activity Report 2003-2006
• Available at the desk in front of the white board
• Also available at
• http//www.jsa.or.jp/stdz/instac/committe/index
  .htm

3
Appendix!!
4
Four Main Activities of TSRC

• Systematic study of various tampering techniques
• ( Survey of literature )
• Developing standard evaluation platform for
  side-channel attacks
• Proposing methods to describe requirements to
  tamper-resistance
• Contributing to the international standardization
• ( Ex. Physical Security Testing Workshop, Sept
  2005 hosted with NIST and IPA )

5
Standard Evaluation Platforms

• Motivation
• Lack of standard platform seems to hinder the
  development of tamper-resistance technology.
• It will change the situation if there is a
  standard platform whose specification is publicly
  available and non-proprietary.
• Solusion
• INSTAC-8 8bit CPU. Its target is a low-end
  embedded system.
• INSTAC-32 32-bit CPU and FPGA. Its target is a
  middle to high-end system as well as
  semi-hardware implementation.

6
An INSTAC-8 Compliant Board
7
An INSTAC-32 Compliant Board
8
Some Results Reported

• K. Fujisaki, et al. ISEC2004-No.55, 2004
• Proposal of INSTAC-8 and self-evaluation
• H. Miyake, et al. SCIS2005, January 2005
• DPA evaluation on INSTAC-8
• Y. Takahashi, et al. ISEC2004-No.114, March 2005
• EM analysis on INSTAC-8
• K. Fujisaki, et al. ISEC2005-No.19, July 2005
• Proposal of INSTAC-32 and self-evaluation
• Y. Tsunoo, et al. This conference, Sept. 2005
• Analysis report on INSTAC-8
• Notes) ISEC IEICE Tech. Rep. on Information
  Security (Bi-monthly)
• SCIS Symp. on Cryptography and
  Information Security (Annual)

9
Proposal of metric-based description of security
requirement

• There are three approaches recognized to describe
  the requirement for tamper-resistance of
  cryptographic module
• Description focusing on attacks
• Description focusing on countermeasures
• Description focusing on metrics
• We think that approach 3 has not been
  established, so far
• Our proposal is that intensive research is
  necessary to establish metric-based description

10
Description Focusing on Attacks
Example Cryptographic module is required to be
resistant to Timing Attack
Cryptographic Module
Timing Attack
SPA
Core of Cryptographic Module
DPA
Fault-based Attack
EMA
Other attacks

• Concrete attack is focused ---Natural approach
• Appropriate listing up of attacks is necessary
• Adapting to emerging attack is an issue since
  more attacks seem still to come

11
Description Focusing on Countermeasures
Example Cryptographic module is required to
implement Data Masking or Documentation shall
specify countermeasures employed
Cryptographic Module
Randomized Timing
Timing Attack
Data Masking
Core of Cryptographic Module
SPA
DPA
Other Measures
Fault-based Attack
EMA
Other attacks

• Countermeasure to prevent attacks is specified
• Appropriate listing up of countermeasures is
  necessary
• Adapting emerging attack is an issue since more
  attacks seem still to come
• Vender would not like to explicitly describe
  countermeasures because they are
• sometimes vendor know-how

12
Description Focusing on Metrics
Example Cryptographic module is required to
have metric A within a given range B with a
given test method C
Presently, A, B, and C is not established.
Cryptographic Module
Test Method 1
Metric 1
Countermeasures
Core of Cryptographic Module
Test Method 2
Metric 2
Other Test Methods
Metric x

• Ideal approach -- if appropriate metrics and test
  method are defined
• Searching for appropriate metrics is a big issue
  --- Intensive research is required
• Good metrics may cover some emerging attacks

13
Members of TSRC WG1 (As of March 2006)

• Tsutomu Matsumoto (Chair, Yokohama National
  University)
• Shinichi Kawamura (Secretary, Toshiba Corp.)
• Koichi Fujisaki (Toshiba Corp.)
• Naoya Torii (Fujitsu Laboratories Ltd.)
• Shuichi Ishida (Hitachi, Ltd.)
• Yukiyasu Tsunoo (NEC Corp.)
• Minoru Saeki (Mitsubishi Electric Corp.)
• Atsuhiro Yamagishi (IPA)

14
Organizational Structure
Ministry of Economy, Trade and Industry
Bureau of Industrial Technology
Environment Standardization Section
Japanese Standardization Association
Information Technology Research and
Standardization Center (INSTAC)
Tamper-resistance Standardization Research
Committee (TSRC)
Research Team
WG1 (Technical Committee)
15
Pointer to Activity Report, again

• Available at the desk in front of the white board
• Also available at
• http//www.jsa.or.jp/stdz/instac/committe/index.ht
  m

Thank you for your attantion.
16
End of Appendix!