A Case for Tamper-Resistant and Tamper-Evident Computer Systems

Recent industrial efforts in architectural and system support for trusted computing still leave systems wide-open even to relatively simple and inexpensive hardware-based attacks. These attacks attempt to snoop or modify data transfer between various chips in a computer system such as between the processor and memory, and between processors in a multiprocessor interconnect network. Software security protection is completely exposed to these attacks because such transfer is managed by hardware without any cyptographic protection. In this paper, we argue that the threats from such attacks are serious and urgent, and that computer design should place a priority in protection against these attacks. 1 Fundamental limitations of today’s security mechanisms While data transfer between several computer systems that are networked is managed by software, data transfer within a computer system between its components is managed completely by hardware and is transparent to the software. For each computation task, lage amounts of data are transferred between various chips such as the processor and memory, or between processors in a multiprocessor system. Currently, such data transfer is completely unprotected, which can be snooped or altered through relatively simple hardware devices attached to various buses and the interconnects. This presents a serious security challenge in that even the most secure software protection can be broken because its sensitive information is stored as program variables off the processor chip. Furthermore, by snooping data brought into the processor chip, attackers can reverse engineer code, snoop unencrypted data, or even alter data before it enters the processor chip. Recognizing some of these challenges, industrial efforts have resulted in Trusted Computing efforts [9, 15]. Unfortunately, Trusted Computing only addresses a small subset of these attacks. While authentication of certain system software is provided with trusted computing, data transfer is still unprotected against snooping and tampering. Granted, such hardware attacks require the attackers to have physical access to the computer systems, so they are not commonplace yet. However, we believe that there are several important use scenarios of computer systems in which the possibility for such attacks is quite high and needs to be taken very seriously. The first scenario is when attackers has almost unlimited physical access to the system because they either own it, or they administer it. One example from this scenario is consumer electronics such as game consoles and portable media players. Such systems often come with copyright protection mechanism. Users or owners of the system can repeteadly attack the system in order to break such protection mechanism with a strong financial incentive because such devices are common and the cost of designing the attacks can be amortized over many instances. This seriousness of such attacks has been demonstrated by the commercial success of mod-chips, enabled by unencrypted transfer between the BIOS and the processor chip [4]. Another example of such scenario involves voting machines. Since these machines are placed in a great number of sites, it is hard to provide them with complete physical security. It is hard to ensure that administrators of the machines will not tamper the machines, or will not unintentionally let others to tamper with them. Another scenario is when attackers has limited physical access to the system but there are non-intrusive and traceless ways to attack the system. Large multiprocessor systems used for utility or ondemand computing servers are particularly vulnerable. In the utility computing model, companies “lease” resources of a large-scale, powerful servers (e.g. the HP Superdome [10]) to customers who need such resources on a temporary basis or who want to offload their IT operations. These large-scale systems are not under the control of the customers who are using their resources. The customers are likely to be wary about adopting the utility computing model unless the secrecy and integrity of their data can be ensured. In fact, concerns about data privacy have been reported to slow down the adoption of utility computing model [1]. If the server system itself does not ensure data confidentiality and integrity, malicious employees or other attackers who can get through the physical security protecting the machine could easily steal or modify important data. The risk of security attacks by selected employees or parties that have physical access to the machine should not be underestimated. For example, in the case of ATMs, Global ATM Security Alliance (GASA) reported that more than 80% of computer-based bank-related frauds involve employees [6]. In the case of DSM systems used for utility computing, the large amounts of sensitive data in these systems create a financial incentive for the attackers to perform corporate espionage or other malicious intents. To make matters worse, such attacks could be performed without disrupting the system, for example by attaching a simple device to an interconnect wire. Such attacks also do not produce traces that can alert other users about the existence of the attacks. These concerns may prompt customers to demand that DSM utility computing systems be equipped with hardware support for data confidentiality before they would be willing to use those systems. This also suggests that data security in DSM systems will become an increasingly important issue in the future. 2 Important research challenges One main research challenge is how to efficiently ensure privacy, tamper-resistant and tamper-evident properties for a computer system. Privacy requires data transfer to be encrypted so that attackers cannot gain much insight into the data from snooping it. Tamperresistance requires that data transfer is enrcypted in such a way that