Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defenses

Weingart, Steve H.

doi:10.1007/3-540-44499-8_24

Cited by 133 publications

(69 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, the security measures should be taken upon detection of a problem (Grand, 2004). In the same context, (Weingart, 2000) describes the various mechanisms ranging from the easiest and cheapest to the most difficult and extremely expensive. To conclude, the definition of new methodologies for safety assessment, which takes into account the changing of security nature, could ensure security of our products.…”

Section: Resultsmentioning

confidence: 99%

Classification of Attacks on Embedded Systems

Z.¹

2012

Journal of Computer Science

View full text Add to dashboard Cite

The current growth of the number of Embedded Systems (ES) and their use in sensitive systems attract the attention of attackers. They are exposed to real threats and incur significant risks especially when they are involved in specific military or industrial systems. It is important to study the subject from different angles to understand, predict and learn how to protect our products against these attacks. So, evaluators of Embedded Systems (ES) need to organize structure and classify attacks in order to choose the relevant test sets. To do this, we propose a new classification of attacks on Embedded Systems, based on Classification Tree Method (CTM). As a result, thanks to our proposal, we were able to classify the various attacks en Embedded Systems (ES) to generate test cases automatically and usually select the relevant test cases. This allows to properly evaluate Embedded Systems (ES) especially since this type of system is very critical and requires a systematic evaluation.

show abstract

Section: Resultsmentioning

confidence: 99%

Classification of Attacks on Embedded Systems

Z.¹

2012

Journal of Computer Science

View full text Add to dashboard Cite

show abstract

“…Even though tag authentication protocols can provide significant improvements to a tag's cloning resistance, there are many ways to conduct a cloning attack even against a protected tag. These attacks include side channel attack that is based on information gained from the physical implementation of a cryptosystem (e.g., [3]), reverse-engineering and cryptanalysis that includes brute force attack but also much more sophisticated techniques (e.g., [4], [6]), and physical attacks where the goal is to read the secret key directly from tag's memory (e.g., [5]). In addition, tag authentication approach is always vulnerable to data theft where the secret encryption schemes of genuine tags are obtained from insiders through means of manipulation and fraud (social engineering) or even through threatening and blackmailing (rubber-hose cryptanalysis).…”

Section: ) Tag Removal and Reapplyingmentioning

confidence: 99%

Trust and Security in RFID-Based Product Authentication Systems

Lehtonen

Michahelles

Fleisch

2007

IEEE Systems Journal

View full text Add to dashboard Cite

Abstract-Product authentication is needed to detect counterfeit products and to prevent them from entering the distribution channels of genuine products. Security is a critical property of product authentication systems. In this paper, we study trust and security in RFID-based product authentication systems. We first present a formal definition for product authentication process and then derive the general chain of trust as well as functional and nonfunctional security requirements for product authentication. Most of the scientific literature that covers the topic focuses on cryptographic tag authentication only. This paper, however, provides a broader view including also other known approaches, most notably location-based authentication. To derive the functional security requirements, we employ the concept of misuse cases that extends the use case paradigm well known in the field of requirements engineering. We argue that the level of security of any RFIDbased product authentication application is determined by how it fulfills the derived set of functional and nonfunctional requirements. The security of different RFID-based product authentication approaches is analyzed. To study how RFID supports secure product authentication in practice, we investigate how the current EPC standards conform to the functional security requirements of product authentication and show how the unaddressed requirements could be fulfilled. The benefits of implementing a service that detects the cloned tags in the level of the network's core services are identified.Index Terms-Product authentication, product codes, radio frequency identification (RFID), security, system analysis and design.

show abstract

“…A gets back the internal data stored on the secure coprocessor. This query can be seen as an attack wherein A gets physical access to a secure coprocessor and bypasses the tamper detection mechanism [29]. This query is only available to the adversary when considering the strong-corruption model (see Section 5).…”

Section: Modelmentioning

confidence: 99%

“…-Corrupt s (U ): This query models the attacks in which the adversary gets access to the smart card and gets back the player's LL-key. This query models attacks like differential power analysis or other attacks by which the adversary bypasses the tamper detection mechanisms of the smart card [29].…”

Section: Modelmentioning

confidence: 99%

Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions

Bresson

Chevassut

Pointcheval

2002

Lecture Notes in Computer Science

179

View full text Add to dashboard Cite

Abstract. Authenticated Diffie-Hellman key exchange allows two principals communicating over a public network, and each holding public/private keys, to agree on a shared secret value. In this paper we study the natural extension of this cryptographic problem to a group of principals. We begin from existing formal security models and refine them to incorporate major missing details (e.g., strong-corruption and concurrent sessions). Within this model we define the execution of a protocol for authenticated dynamic group Diffie-Hellman and show that it is provably secure under the decisional Diffie-Hellman assumption. Our security result holds in the standard model and thus provides better security guarantees than previously published results in the random oracle model.

show abstract

Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defenses

Cited by 133 publications

References 5 publications

Classification of Attacks on Embedded Systems

Classification of Attacks on Embedded Systems

Trust and Security in RFID-Based Product Authentication Systems

Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions

Contact Info

Product

Resources

About