[dm-crypt] Quick dm-crypt questions

Arno Wagner arno at wagner.name
Wed Oct 29 17:30:09 CET 2014


Sorry, but no. I do not think any books on that topic exist.
The best you can do is to try research papers, but a lot of
what is used in practice will be secret and developed 
in-house.

For instances that are known to have failed in the past,
stories in Anderson's Book are likely a good place to 
start and then you can follow the literature references.
Youc an also look more specifically for articles on hacking
chip-cards, as that has been done by quite a few people.

But notice that nobody professional these days ever talks
about "tamper proof", it is always "tamper resistant", even
for secure microcontrollers. Too many past designs were
successfully attacked, often in ways that their designers
never expected. For exmaple, a "secure" Java card was 
successfully attacked by uploading a class file and then
holding it up to a light-bulb to heat it up. 

For how to do it right, you are mostly on your own. It is
not an accident that HSMs (Hardware Securty Modules) cost
$50'000 and upwards. Nobody really knows whether they are
worth that money, but the people that have tried to break
into them are not talking and are not even admiting that
they tried.

Gr"usse,
Arno


On Wed, Oct 29, 2014 at 16:53:08 CET, Cpp wrote:
> Arno Wagner: Can you recommend any decent books on the subject of
> physical tampering resistance and secure cryptographic hardware
> design?
> 
> Thanks.
> 
> On 10/29/14, Arno Wagner <arno at wagner.name> wrote:
> > On Wed, Oct 29, 2014 at 11:33:24 CET, Ralf Ramsauer wrote:
> >> On 29.10.2014 11:24, Cpp wrote:
> >> > The thing is I planned to use a microcontroller to store an encryption
> >> > key in its RAM, and I see the device uses SRAM, so this might be a
> >> > problem?
> >> > http://www.atmel.com/Images/Atmel-8271-8-bit-AVR-Microcontroller-ATmega48A-48PA-88A-88PA-168A-168PA-328-328P_datasheet_Summary.pdf
> >>
> >> Yes, comments :-)
> >>
> >> First of all: are you going to store the Masterkey or the Passphrase /
> >> Keyfile which is used for key derivation?
> >> If you're going to store the master key, you don't need Luks at all,
> >> this would also be a solution for your detached-header problem.
> >>
> >> But....
> >>
> >> How do you want to realize the communication between the µC and you
> >> Linux Box? Over Uart? (Uart communication can _easily_ be sniffed, so be
> >> aware of that....)
> >
> > If an attacker has access on that level, they can probaly just do
> > a memory-freeze attack or a fire-wire attack. Remember that
> > disk encryption does not protect data while the system is running
> > and has the data decrypted.
> >
> >> Also don't forget to deactivate the JTAG interface. Otherwise the µC
> >> could get debugged... And don't forget to set the correct FUSE bits
> >> (disallow reading / writing from / to flash / EPROM memory, ....)
> >> And did you know, that CPU operations can be reconstructed by small
> >> fluctuations in current[1]? How do you want to solve this issue?
> >>
> >> How does the key get to the µC?
> >>
> >> Aah, almost forgot to mention: you talked about to use a RNG on your AVR
> >> to move the key around. RNG on AVR? From where do you get your entropy?
> >> I don't know much about this project, but maybe this helps you [2].
> >>
> >> There are *so* many traps... Do you really think this is a good idea?
> >
> > I think this is mostly intended as a project to learn. As such
> > it should do well. But do not expet this to be secure against a
> > competent attacker.
> >
> > Arno
> >
> >> [1] http://en.wikipedia.org/wiki/Power_analysis
> >> [2] http://www.das-labor.org/wiki/AVR-Crypto-Lib //
> >> http://www.das-labor.org/wiki/AVR-Crypto-Lib#PRNGs
> >>
> >> Regards
> >>   Ralf
> >> _______________________________________________
> >> dm-crypt mailing list
> >> dm-crypt at saout.de
> >> http://www.saout.de/mailman/listinfo/dm-crypt
> >
> > --
> > Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
> > GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
> > ----
> > A good decision is based on knowledge and not on numbers. -- Plato
> >
> > If it's in the news, don't worry about it.  The very definition of
> > "news" is "something that hardly ever happens." -- Bruce Schneier
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt at saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> >
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list