[Cryptech Tech] Lattice boards for developing a custom master key memory

Peter Stuge peter at stuge.se
Sun May 13 09:55:13 UTC 2018


Pavel Shatov wrote:
> taper detection input is supposed to be sensitive, isn't it?

Yes.



> I may be wrong, but what I understood from Jacob's talk during the f2f was
> that reaction time is very important. In that sense not having any
> synchronous elements between tamper inputs and flip-flop reset inputs is
> more attractive,

Right, that's my argument too.


Vasily Dolmatov wrote:
> 3 clock cycles - how many microseconds? ;)

It depends on the clock obviously. ;)

> I wonder the possibility of accessing master key storage chip and
> extracting keys from it in ___ (please fill in the number ;) )
> microseconds after for instance opening the surrounding case.

While three cycles of the 12 MHz iCEstick clock take 249 ns I do not
want to introduce any unneccessary delay.

Attacks are not limited to "opening the surrounding case" by hand in
free air room temperature, where 249 ms (1000000 times longer delay)
may even be short enough, but I assume that an attacker against whom
tamper protection should protect may use techniques that are unknown
to me.

That makes it critical to react as quickly as possible; I do not want
to give an attacker extra time, because I don't know if 240 ns may
make the difference between successful/reliable and unsuccessful attack.


> The possibility of accidentally wiping the keys without _real_ reason
> seems more harmful to me.

Tamper detection can fail in two ways:

1. Detection wipes keys too often.

In this case, the device requires more maintenance, worst case M of N
officers on 24/7 standby for key recovery. (Once that is implemented.)


2. Detection doesn't wipe key when attacked.

In this case, the attacker may get the key.


I think which failure mode one prefers depends on the application,
but as Pavel Shatov wrote:

> I believe that with careful board design we can avoid any glitches.

For digital glitches I agree. For sensor glitches it depends on the
particular sensor - there's not much we can do about those - but I
don't think we want to..?


//Peter


More information about the Tech mailing list