Vol.3 No.1 2010

91/110

Research paper : Secure implementation of cryptographic modules (A. Satoh et al.)−88−Synthesiology - English edition Vol.3 No.1 (2010) the JIL (Joint Interpretation Library) Hardware Attacks Subgroup (JHAS), mainly consisting of European IC vendors, users, evaluation laboratories, and certification authorities, published a supporting document[11] that defines smart card physical security. Although the JIL has also accumulated the knowledge and technology about practical attacks and countermeasures on smart cards, it will not publish them.ISO/IEC 19790, a modification of the U.S. Federal standard FIPS (Federal Information Processing Standard) 140-2[12], addresses security requirements for cryptographic modules comprising software, firmware or hardware in ten areas of different design and implementation aspects. The standardization of the testing items for the security requirements, based on the FIPS 140-2 DTR (Derived Test Requirements)[13], resulted in a separate document known as ISO/IEC 24579[14]. Cryptographic module testing under ISO/IEC 24579 judges the target module with the security levels specified in ISO/IEC 19790 ranging from 1 to 4 for each of the ten areas and eventually with the overall level indicating the minimum level across all the areas. Unlike ISO/IEC 15408, the level represents a security strength.In Japan, Information-Technology Promotion Agency (IPA®) operates the following programs: JISEC (Japan Information Security Evaluation and Certification Scheme)[15] is based on ISO/IEC 15408. JCMVP® (Japan Cryptographic Module Validation Program)[16] is based on JIS X 19790 Security Requirements for Cryptographic Modules, which is equivalent to ISO/IEC 19790.Since FIPS 140-2 was signed-off, more than eight years has passed, and side-channel attacks, which examine the internal activities of a cryptographic module to extract its secret key with various physical measures, have become a more and more serious threat. To reflect the changing cryptographic situation, in 2005, NIST began the process of transitioning from FIPS 140-2 to FIPS 140-3 and published the first public draft of FIPS 140-3[17] in July 2007. The revising process for ISO/IEC 19790 will proceed accordingly. In Japan, the Cryptographic Implementation Committee formed by the National Institute of Information and Communications Technology (NICT) and IPA, and the Side-channel Security Working Group under the committee are discussing security evaluation guidelines for implementations within CRYPTREC.Side-channel attacks have drawn significant attention not only for standardization activities but also in academia, in which the international conferences on information security, hardware, or the like have held more and more sessions relevant to the attacks. In fact, technical papers on side-channel attacks account for a remarkable portion of the accepted papers in the Cryptographic Hardware and Embedded Systems (CHES)[18] workshop, which has a particularly high profile among such workshops.3 Unification of hardware experimental environments and standardization of evaluation method3.1 Research positionWe are studying cryptographic hardware as one of the fundamental technologies that support the advancement of information network society. Our efforts include research on countermeasures and security evaluation methods against physical attacks, side-channel attacks in particular, as well as development of compact, high-speed and power-saving implementation technology in preparation for further expansion of the use of cryptographic hardware.CRYPTREC is working for the revision of the E-Government Recommended Ciphers List scheduled for 2013. Involved with this, we are supporting CRYPTREC in their work on performance evaluation of hardware implementations of cryptographic algorithms and tamper resistance evaluation against side-channel attacks. In the development scheme for the current Recommended Ciphers List, security evaluations of theoretical aspects and performance evaluations of software implementations were performed for the proposed algorithms. While the software performance evaluations were carried out on the real processor platform specified by CRYPTREC, the hardware performance was not sufficiently evaluated and hardware implementations mainly provided by the proposers were merely presented as reference information. At that time, side-channel attacks had just emerged and were thus excluded from the evaluation elements. Thereafter, various attacking and protection schemes have been proposed and real platform evaluations with hardware have also been conducted. However, these changes have posed a problem such that third parties can hardly verify such evaluation results since each evaluator uses different experimental environments. In this regard, it may be possible to make a market-available cryptographic hardware product a common experimental platform for evaluators. However, evaluation results that may contain information about a serious vulnerability of such products should not be disclosed by third-party evaluators.To address the construction of a common experimental environment for security evaluations for cryptographic hardware, we developed the Side-channel Attack Standard Evaluation Board (SASEBO)[19] in collaboration with Tohoku University within a project commissioned by the Ministry of Economy, Trade and Industry, and have promoted its utilization for domestic and foreign research bodies. We have also conducted various experiments ourselves with the SASEBO platform and actively published the information on newly developed countermeasures and evaluation techniques on it. The SASEBO has become available on the market through domestic circuit board vendors, intended for users such as universities and companies who plan to

※このページを正しく表示するにはFlashPlayer9以上が必要です