An evaluation system for the physical security of computing systems

Weingart, Steve H.; White, Steve R.; Arnold, William; Double, G. P.

doi:10.1109/csac.1990.143780

Cited by 11 publications

(5 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The amount and diversity of criteria established from our work necessitated the classification of the criteria not only to present our results coherently but also to represent the main perspectives identified, which broadly align with three principles to evaluate APIMs (Warfel, 1979;Weingart et al, 1990): Risk management criteria category -Criteria in this category are designed to elicit information on the rationale and extent to which an APIM should protect an asset, or allow entitlement, commensurate with the risks and customs of the intended community; Requirements criteria Category -Criteria in this category are designed to elicit information regarding the degree of the identification reliability specified which should be consistent with the need; and Mechanism attributes criteria category -Criteria in this category are designed to elicit information regarding the APIM solution's ability to meet reliability requirements against the anticipated costs.…”

Section: Criteria Classificationmentioning

confidence: 95%

“…The Common Criteria, 2006 is a universally available evaluation framework for organisations to describe security requirements in the form of a Protection Profile, for a specific system or product (Target Of Evaluation) which may draw on interoperability standards (ISO/IEC 7816-4, 2005). The level of assurance sought for all APIMs should, in theory, match those required to control the identified risks (Weingart et al, 1990).…”

Section: Criterion Title Criterion Definitionmentioning

confidence: 99%

See 1 more Smart Citation

Criteria to evaluate Automated Personal Identification Mechanisms

Palmer

2008

Computers & Security

View full text Add to dashboard Cite

Section: Criteria Classificationmentioning

confidence: 95%

Section: Criterion Title Criterion Definitionmentioning

confidence: 99%

Criteria to evaluate Automated Personal Identification Mechanisms

Palmer

2008

Computers & Security

View full text Add to dashboard Cite

“…Programs, or parts of the program, can be run (in an encrypted form) on these devices thus never revealing the code in the untrusted memory and thereby providing a tamper resistant execution environment for that portion of the code. A number of secure coprocessing solutions have been designed and proposed, including systems such as IBM's Citadel [White et al 1991], Dyad [Tygar and Yee 1993;Yee 1994;Yee and Tygar 1995], the Abyss and µAbyss systems [Weingart 1987;Weingart et al 1990;White and Comerford 1987], and the commercially available IBM 4758 which meets the FIPS 140-1 level 4 validation [IBM 2002;Smith 1996;Smith and Weingart 1999]. Distributed secure coprocessing is achieved by distributing a number of secure coprocessors and some have augmented the Kerberos system by integrating secure coprocessing into it [Itoi 2000].…”

Section: Mostly-hardware Approachesmentioning

confidence: 99%

SAFE-OPS: An approach to embedded software security

Zambreno

Choudhary

Simha

et al. 2005

ACM Trans. Embed. Comput. Syst.

View full text Add to dashboard Cite

The new-found ubiquity of embedded processors in consumer and industrial applications brings with it an intensified focus on security, as a strong level of trust in the system software is crucial to their widespread deployment. The growing area of software protection attempts to address the key steps used by hackers in attacking a software system. In this paper, we introduce a unique approach to embedded software protection that utilizes a hardware/software codesign methodology. Results demonstrate that this framework can be the successful basis for the development of embedded applications that meet a wide range of security and performance requirements.

show abstract

“…To decrease the probability of successful attacks, Chaum suggested that inner-layer sensors be able to also detect tampering of outer layers. In 1990, Weingart et al [45] offered evaluation criteria for security modules, which take into account the environment and value of the protected modules; these criteria later formed the basis for NIST's FIPS 140-1. In 1999, Smith and Weingart [36] described the tamper proofing and the API design of the first FIPS 140 Level-4 approved security module, the IBM 4758.…”

Section: Tamperingmentioning

confidence: 99%

Thinking Inside the Box: System-Level Failures of Tamper Proofing

Drimer

Murdoch

Anderson

2008

2008 IEEE Symposium on Security and Privacy (Sp 2008)

View full text Add to dashboard Cite

PIN entry devices (PEDs) are critical security components in EMV smartcard payment systems as they receive a customer's card and PIN. Their approval is subject to an extensive suite of evaluation and certification procedures. In this paper, we demonstrate that the tamper proofing of PEDs is unsatisfactory, as is the certification process. We have implemented practical low-cost attacks on two certified, widely-deployed PEDs -the Ingenico i3300 and the Dione Xtreme. By tapping inadequately protected smartcard communications, an attacker with basic technical skills can expose card details and PINs, leaving cardholders open to fraud. We analyze the anti-tampering mechanisms of the two PEDs and show that, while the specific protection measures mostly work as intended, critical vulnerabilities arise because of the poor integration of cryptographic, physical and procedural protection. As these vulnerabilities illustrate a systematic failure in the design process, we propose a methodology for doing it better in the future. These failures also demonstrate a serious problem with the Common Criteria. So we discuss the incentive structures of the certification process, and show how they can lead to problems of the kind we identified. Finally, we recommend changes to the Common Criteria framework in light of the lessons learned.

show abstract

An evaluation system for the physical security of computing systems

Cited by 11 publications

References 3 publications

Criteria to evaluate Automated Personal Identification Mechanisms

Criteria to evaluate Automated Personal Identification Mechanisms

SAFE-OPS: An approach to embedded software security

Thinking Inside the Box: System-Level Failures of Tamper Proofing

Contact Info

Product

Resources

About