Chapter 16. Physical Tamper Resistance

It is relatively easy to build an encryption system that is secure if it is working as intended and is used correctly but it is still very hard to build a system that does not compromise its security in situations in which it is either misused or one or more of its sub-components fails (or is 'encouraged' to misbehave) ... this is now the only area where the closed world is still a long way ahead of the open world and the many failures we see in commercial cryptographic systems provide some evidence for this.

— Brian Gladman

The amount of careful, critical security thinking that has gone into a given security device, system or program is inversely proportional to the amount of high-technology it uses.

— Roger Johnston


Low-cost tamper-resistant devices are becoming almost ubiquitous. Examples I've discussed so far include:

  • smartcards used as SIMs in mobile phones and as bank cards in Europe;

  • accessory control chips used in printer toner cartridges, mobile phone batteries and games-console memory modules;

  • the TPM chips being shipped in PCs and Macs to support hard-disk encryption, DRM and software registration;

  • security modules used to manage bank PINs, not just in bank server farms but in ATMs and point-of-sale terminals;

  • security modules buried in vending machines that sell everything from railway tickets through postage stamps to the magic numbers that activate your electricity meter.

Many of the devices on the market are simply pathetic, ...

Get Security Engineering: A Guide to Building Dependable Distributed Systems, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.