Sorry, but no. I do not think any books on that topic exist. The best you can do is to try research papers, but a lot of what is used in practice will be secret and developed in-house. For instances that are known to have failed in the past, stories in Anderson's Book are likely a good place to start and then you can follow the literature references. Youc an also look more specifically for articles on hacking chip-cards, as that has been done by quite a few people. But notice that nobody professional these days ever talks about "tamper proof", it is always "tamper resistant", even for secure microcontrollers. Too many past designs were successfully attacked, often in ways that their designers never expected. For exmaple, a "secure" Java card was successfully attacked by uploading a class file and then holding it up to a light-bulb to heat it up. For how to do it right, you are mostly on your own. It is not an accident that HSMs (Hardware Securty Modules) cost $50'000 and upwards. Nobody really knows whether they are worth that money, but the people that have tried to break into them are not talking and are not even admiting that they tried. Gr"usse, Arno On Wed, Oct 29, 2014 at 16:53:08 CET, Cpp wrote: > Arno Wagner: Can you recommend any decent books on the subject of > physical tampering resistance and secure cryptographic hardware > design? > > Thanks. > > On 10/29/14, Arno Wagner <arno@xxxxxxxxxxx> wrote: > > On Wed, Oct 29, 2014 at 11:33:24 CET, Ralf Ramsauer wrote: > >> On 29.10.2014 11:24, Cpp wrote: > >> > The thing is I planned to use a microcontroller to store an encryption > >> > key in its RAM, and I see the device uses SRAM, so this might be a > >> > problem? > >> > http://www.atmel.com/Images/Atmel-8271-8-bit-AVR-Microcontroller-ATmega48A-48PA-88A-88PA-168A-168PA-328-328P_datasheet_Summary.pdf > >> > >> Yes, comments :-) > >> > >> First of all: are you going to store the Masterkey or the Passphrase / > >> Keyfile which is used for key derivation? > >> If you're going to store the master key, you don't need Luks at all, > >> this would also be a solution for your detached-header problem. > >> > >> But.... > >> > >> How do you want to realize the communication between the µC and you > >> Linux Box? Over Uart? (Uart communication can _easily_ be sniffed, so be > >> aware of that....) > > > > If an attacker has access on that level, they can probaly just do > > a memory-freeze attack or a fire-wire attack. Remember that > > disk encryption does not protect data while the system is running > > and has the data decrypted. > > > >> Also don't forget to deactivate the JTAG interface. Otherwise the µC > >> could get debugged... And don't forget to set the correct FUSE bits > >> (disallow reading / writing from / to flash / EPROM memory, ....) > >> And did you know, that CPU operations can be reconstructed by small > >> fluctuations in current[1]? How do you want to solve this issue? > >> > >> How does the key get to the µC? > >> > >> Aah, almost forgot to mention: you talked about to use a RNG on your AVR > >> to move the key around. RNG on AVR? From where do you get your entropy? > >> I don't know much about this project, but maybe this helps you [2]. > >> > >> There are *so* many traps... Do you really think this is a good idea? > > > > I think this is mostly intended as a project to learn. As such > > it should do well. But do not expet this to be secure against a > > competent attacker. > > > > Arno > > > >> [1] http://en.wikipedia.org/wiki/Power_analysis > >> [2] http://www.das-labor.org/wiki/AVR-Crypto-Lib // > >> http://www.das-labor.org/wiki/AVR-Crypto-Lib#PRNGs > >> > >> Regards > >> Ralf > >> _______________________________________________ > >> dm-crypt mailing list > >> dm-crypt@xxxxxxxx > >> http://www.saout.de/mailman/listinfo/dm-crypt > > > > -- > > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx > > GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 > > ---- > > A good decision is based on knowledge and not on numbers. -- Plato > > > > If it's in the news, don't worry about it. The very definition of > > "news" is "something that hardly ever happens." -- Bruce Schneier > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@xxxxxxxx > > http://www.saout.de/mailman/listinfo/dm-crypt > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
