[Cryptech Tech] Fwd: Status tamper detection and MKM erasure (low dose gamma ray)

Joachim Strömbergson joachim at secworks.se
Wed Jun 29 14:14:26 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Richard Lamb wrote:
> Pardon me if this has already been discussed but in my own
> commercial HSM development efforts I have ran across a relatively
> simple but effective protection against attempts to discern memory
> states using low dose gamma rays such as those from a lab Co-60
> source.  Simply inverting the bits of the MKM every tenth of a second
> or so may be effective. Even with X,gamma, etc detectors built into
> my HSM, distinction between high dose and low dose is a difficult
> task given unknown deployment environments. Hence this suggestion.
> 
> Again, I apologize if this has been discussed already.

Very interesting, thank you for sharing this info with us.

We have discussed methods for mitigating different remanence and leakage
problems with the MKM. But we have not gone into much specifics as of
yet. Moving info around, rotating bits and bit flipping are things we
have talked about as possible methods. Your input shows that there are
issues but also ways of mitigating them.

the mkmif block in the FPGA could in a future version (post Berlin) get
this functionality. The AVR tamper CPU could also be responsible for
this functionality. Right now we don't do anything in neither regarding
these issues.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJXc9fBAAoJEF3cfFQkIuyNiNgQAKws7+MsrVuldM81GwEHcf+x
sg/Nw578I3nRiqVt2B/kkFXs8yheWM+DU4HjvCl6UsSmOUkLkVvfEHfaDiGLbO0o
lSaEs2foNNDeWctw7/5r8H2cQGvHK7tsNQWVpU3yQVJFHvO2qmxX9M2Q5gWY29/h
7b/rNsdHje0k8Yuizu8E+eXAuRuoMjPGVChk0dXQm3mZUWjnszKJ9szf/gXNKdxt
T9osmE1OBAfKJOBZJBfbXFAvBqTW+9l6kljiItM3BxpNw6y1pwDzCq5PCqki+5V4
dMnN5s6q0sgu2uAehoybJv//Nn3yvUBisrxStlM9iq1W92mJwXKJg0m91BWWLiFS
v9Ke+sDm/1YIaQcspPPf1np9DoI/raMULAMQNOjQgldEiAo6R8eFQNtfyYOP9PHz
L0n0/Zvu4yx3ZddFCZwPtLb6IivQHFngiHe5WFPd9Hkfd+CZnp3ioiPmFY5e3QmC
n+d0TOfPf2zbScvVLlfTNfXdzuBngje/u2wgld08nXdv4JMaCIbsDrTlTbjiBn1t
unb92SSfMVVlhZ90F3HbXHlUlDNE9OWspGmFgvCBFoirD/qekBpWrhd0zoFQyBqZ
MvotrZ7sdVNR/m9jPZ7kmK+2AaYXJxVHxF6zSJySFt1YQzape4y2xGCdRE+HGMeF
YEFx2rXmxqwDRcxCTXw+
=GfSp
-----END PGP SIGNATURE-----


More information about the Tech mailing list