Department of Computer Science and Technology

Security Group

TAMPER Laboratory

The TAMPER (Tamper And Monitoring Protection Engineering Research) Lab at the University of Cambridge Department of Computer Science and Technology focuses on the hardware aspects of computer and communication security.

Experience shows that the most commonly exploited vulnerabilities in modern information security systems result from implementation defects, user errors and poorly understood characteristics of computer hardware. Hardware security is a particularly neglected field.

Hardware vendors have often made claims about the tamper resistance or even the correct functioning of their products which turned out to be unjustified, and the lack of published information about attack techniques made it difficult for customers to evaluate their claims. This has led to widespread and expensive security failures in applications such as pay-TV and banking. Yet we see the designers of newly fielded systems making the mistakes over and over again.

Research in hardware security requires a broad range of capabilities. This includes not only classical cryptography and computer security know-how, but also expertise in physics, electronics, chemistry, material sciences, microelectronics, communication systems and signal processing. It often requires the construction of specialised equipment, and it usually takes some practice to acquire laboratory skills - especially where attacks involve techniques such as microprobing silicon chips, analysing unintended radio frequency emanations or the disassembly of software.

In the TAMPER Lab, we study existing security products, document how they have been penetrated in the past, develop new attack techniques, and try to forecast how newly available technologies will make it easier to bypass hardware security mechanisms. We then develop and evaluate new countermeasures and assist industrial designers in staying ahead of the game, most of all by giving them an advanced understanding of which attack techniques are most dangerous. We are especially interested in protection systems for mass-market applications, and in forensic applications.

We have in-depth expertise in semiconductor and emissions security. We are also interested in biometrics, physical seals, signal remanence in storage media, and whatever other technologies come along that may be useful to attack, defence or both.

People

Compromising emanations / emissions security / side-channel attacks

What can we learn from a system (whether an office PC or a smartcard) by studying the electromagnetic, optic, acoustic and other signals that it emits? How can we either suppress the information leakage, or (if we are the attacker) covertly broadcast secrets over large distances?

Selected publications

Posters

Semiconductor security

How can we extract software from a security processor or otherwise reconstruct cryptographic keys stored in it? This may involve invasive techniques where we decapsulate the chip package and use semiconductor test equipment to probe, modify and interfere with the die; it may also involve non-invasive techniques such as monitoring electromagnetic leakage and inducing faults using power transients and similar techniques.

Some extreme cases lie at the intersection of Hardware Security with Failure Analysis and Forensic Analysis. Imagine a situation where the embedded software and data need to be recovered from a chip exposed to electric shock, high temperature and strong mechanical force. Recovering any information from a die cracked in half with burned I/O pads sounds unrealistic, while 100% success rate would be impossible. Nevertheless, our ongoing research is aimed at solving this challenge.

Selected Publications

Posters

Hardware assurance and reliability

With the growing complexity of integrated circuits the importance of post production testing and functional verification is growing. This is necessary to address the issues in failure analysis and to perform design verification for correctness, and to eliminate inevitable bugs. Another important question to answer is whether the device be fully functional in 10, 20 or 50 years time? Not only it is important that the hardware does what it is supposed to, but also whether the hardware has any additional and sometime unintentional functionality. This could be in the form of disguised factory test or debug interface, silicon level backdoor or deliberately inserted Trojan. Most silicon chips are now designed and made abroad by third parties. Is there any independent way to evaluate these products that are used in critical systems? Until the development of the efficient silicon scanning techniques, it would be unfeasible to test real silicon chips for Trojans or backdoors.

Selected Publications

Posters