Countermeasures and their Limitations
FIPS 140-1 [http://www.itl.nist.gov/fipspubs/fip140-1.htm] addresses this.
[snip]
*SECURITY LEVEL 4*
In addition to the requirements for Security Levels 1, 2 and 3, the
following requirements shall also apply to a multiple-chip embedded
cryptographic module for Security Level 4.
* The contents of the module shall be completely contained within a
tamper detection envelope (e.g., a flexible mylar printed circuit
with a serpentine geometric pattern of conductors or a wire- wound
package or a non-flexible, brittle circuit) which will detect
tampering by means such as drilling, milling, grinding or
dissolving of the potting material or cover.
* The module shall contain tamper response and zeroization
circuitry. The circuitry shall continuously monitor the tamper
detection envelope for tampering, and upon the detection of
tampering, shall immediately zeroize all plaintext cryptographic
keys and other unprotected critical security parameters (see
Section 4.8.5). The circuitry shall be operational whenever
plaintext cryptographic keys or other unprotected critical
security parameters are contained within the cryptographic module.
* The module shall either include environmental failure protection
(EFP) features or undergo environmental failure testing (EFT) as
specified in Section 4.5.4.
[snip]
Consider the IBM 4758
[http://www-03.ibm.com/security/cryptocards/pcicc/overproduct.shtml] as
a good example of how it's implemented.
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
