Smart security management in secure devices - CMPGC / SAS : Systèmes et Architectures Sécurisées
Article Dans Une Revue Journal of Cryptographic Engineering Année : 2016

Smart security management in secure devices

Résumé

Among other threats, secure components aresubjected to physical attacks whose aim is to recoverthe secret information they store. Most of the work carried out to protect these components generally consistsin developing protections (or countermeasures) takenone by one. But this “countermeasure-centered” approach drastically decreases the performance of the chipin terms of power, speed and availability. In order toovercome this limitation, we propose a complementaryapproach: smart dynamic management of the whole setof countermeasures embedded in the component. Threemain specifications for such management are requiredin a real world application (for example, a conditionalaccess system for Pay-TV): it has to provide capabilities for the chip to distinguish between attacks and normal use cases (without the help of a human being andin a robust but versatile way); it also has to be basedon mechanisms which dynamically find a trade-off between security and performance; all these mecanismshave to be formalized in a way that is clearly understandable by the designer. In this article, a prototype implementing such a security management system isdescribed. The solution is based on a double-processorarchitecture: one processor embeds a representative setof countermeasures (and mechanisms to define their parameters) and executes the application code. The second processor, on the same chip, applies a given securitystrategy, but without requesting sensitive data from thefirst processor. The chosen strategy is based on fuzzylogic reasoning to enable the designer to describe, using a fairly simple formalism, both the attack paths andthe normal use cases. A proof of concept has been proposed for the smart card part of a conditional accessfor Pay-TV, but it could be easily fine-tuned for otherapplications.
Fichier principal
Vignette du fichier
2015-670.pdf (476.87 Ko) Télécharger le fichier
Origine Fichiers produits par l'(les) auteur(s)

Dates et versions

emse-01447976 , version 1 (08-12-2023)

Identifiants

Citer

Bruno Robisson, Michel Agoyan, Patrick Soquet, Sébastien Le-Henaff, Franck Wajsbürt, et al.. Smart security management in secure devices. Journal of Cryptographic Engineering, 2016, ⟨10.1007/s13389-016-0143-4⟩. ⟨emse-01447976⟩
303 Consultations
51 Téléchargements

Altmetric

Partager

More