Proceedings of the 7th ACM conference on Computer and communications security - CCS '00
We investigate a simple method of fraud management for secure devices that may serve as an alternative or complement to conventional hardware-based tamper resistance. Under normal operating conditions in our scheme, a secure device includes an authentication code in its communications, e.g., in the digital signatures it issues. This code may be verified by a fraud management center under a pre-determined key σ. When the device detects an attempted break-in, it modifies σ. This results in a
... s results in a change to the authentication codes issued by the device such that the fraud management center can detect the apparent break-in. Hence, in contrast to the case with typical tamper-resistance schemes, the deployer of our proposed scheme seeks to trace break-ins, rather than prevent them. In reference to the wartime practice of physically capturing and subverting underground radio transmitters -a practice analogous to the capture and use of secret information on secure devices -we denote this idea by the German term funkspiel, meaning "radio game." One challenge in constructing a funkspiel scheme is to ensure that an attacker privy to the authentication codes of the secure device both before and after the break-in, as well as the secrets of the device following the break-in, cannot detect the alteration to σ. Additional challenges * Some of this work was done while visiting RSA Laboratories. involve minimizing the communication and computation overhead, the requirement for use of shared secrets, and the state information associated with the authentication codes. We present several simple and practical schemes in this paper.