AT Background Information

Internet references on anti-tamper, reverse engineering, and information assurance.

(These are external sites)

Caveat: The Department of Defense is not affiliated with these websites nor the information, products, services or organizations they represent (well, other than the .mil ones) and they are not subject to Federal information quality, privacy, security, and related guidelines. No endorsement or recommendation is implied or intended.
 

Introductions to the Field

Introduction to the security of military systems

Lt Col Arthur F. Huber II, USAF and Jennifer M. Scott, “The Role and Nature of Anti-Tamper Techniques in US Defense Acquisition”: http://www.dtic.mil/docs/citations/ADB250068

Introduction to the security of COTS cryptographic processors

Ross Anderson, Mike Bond, Jolyon Clulow, Sergei Skorobogatov, “Cryptographic Processors - A Survey”: http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-641.html

Introduction to software-based anti-tamper

Mikhail Atallah, Eric Bryant, Martin Stytz, “A Survey of Anti-Tamper Technologies”:
www.crosstalkonline.org/storage/issue-archives/2004/200411/200411-Atallah.pdf

Government Information Sources

Anti-Tamper and the defense acquisition process

Defense Acquisition University: http://www.dau.mil

  • CLE 022 Program Managers Introduction to Anti-Tamper
  • ACQ 101 Fundamentals of Systems Acquisition Management
  • Defense Acquisition Guidebook (DAG): https://dag.dau.mil/Pages/Default.aspx
        
  • Federal Information Processing Standards (FIPS): https://www.nist.gov/itl/current-fips/

    NSA Information Assurance: http://www.nsa.gov/ia/

    DoD Chief Information Officer: http://www.defenselink.mil/cio-nii/

    Defense Information Systems Agency: http://iase.disa.mil

    Defense Security Service (NISPOM): http://www.dss.mil/isp/fac_clear/download_nispom.html

    DHS Cyber Security Division: https://buildsecurityin.us-cert.gov/daisy/bsi/home.html

    Trusted supply chain

    Defense Microelectronics Activity (DMEA): a href="http://www.dmea.osd.mil/trustedic.html">http://www.dmea.osd.mil/trustedic.html

    ODASD Trusted and Assured Microelectronics: https://www.acq.osd.mil/se/initiatives/init_micro.html

    Cambridge University TAMPER Lab

    Focuses on the hardware aspects of computers and information security. This site is unique in that it describes exploits of commercial devices.

    Tamper Laboratory
    http://www.cl.cam.ac.uk/research/security/tamper/

    Ross J. Anderson, Markus G. Kuhn, “Tamper Resistance - a Cautionary Note”:
    http://www.cl.cam.ac.uk/~mgk25/tamper.pdf

    Ross J. Anderson, Markus G. Kuhn, “Low Cost Attacks on Tamper Resistant Devices”: http://www.cl.cam.ac.uk/~mgk25/tamper2.pdf

    Sergei Skorobogatov, “Semi-Invasive Attacks - A New Approach to Hardware Security Analysis”, Thesis UCAM-CL-TR-630: http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.html

    Supply Chain Risks

    "DSB Task Force on High Performance Microchip Supply, February 2005":
    https://www.acq.osd.mil/dsb/reports/2000s/ADA435563.pdf

    "Bogus! Electronic manufacturing and consumers confront a rising tide of counterfeit electronics", IEEE Spectrum, May 2006
    http://spectrum.ieee.org/computing/hardware/bogus

    "Fraud ring funnels data from cards to Pakistan", Wall Street Journal, October 11, 2008
    http://online.wsj.com/article/SB122366999999723871.html

    Hardware Security

    Security of computer hardware

    Joan Dyer, Mark Lindermann, Ronald Perez, Reiner Sailer, Leendert van Doorn, Sean Smith, Steve Weingart, “Building the IBM 4758 Secure Coprocessor”: http://www.cs.dartmouth.edu/~sws/pubs/comp01.pdf

    S.W. Smith, S.H. Weingart, "Building a High-Performance, Programmable Secure Coprocessor":
    http://www.cs.dartmouth.edu/~sws/pubs/sw99.pdf

    X-box Hacking: http://www.xenatera.com/bunnie/proj/anatak/xboxmod.html

    Hacking the X-box book site: http://hackingthexbox.com/

    Book publisher, No Starch Press: http://www.nostarch.com

    Andrew Huang’s company website: http://bunniestudios.com

    Peter Gutmann, “Secure Deletion of Data from Magnetic and Solid-State Memory”: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

    Attempts to exploit ATMs and Safes:

    http://www.youtube.com/watch?v=fjJqvtromEE

    http://www.youtube.com/watch?v=l6b5teuA6l0&feature=related

    http://www.youtube.com/watch?v=OtbGUbeM860

    Software Security

    Software attacks and defenses

    Ken Thompson, “Reflections on Trusting Trust”: http://www.cs.washington.edu/education/courses/cse590s/02sp/Reflections.pdf

    Cryptography

    Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, ”Handbook of Applied Cryptography”: http://www.cacr.math.uwaterloo.ca/hac/index.htm

    Remembrances of Venona; W. Crowell (NSA): http://www.nsa.gov/public_info/declass/venona/

    NSA Suite B: http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml

    Barker, Barker, Burr, Polk, Smid, “Recommendation for Key Management”: http://csrc.nist.gov/groups/ST/toolkit/key_management.html

    Reverse Engineering Resources

    Hardware RE

    IC RE tools, Fibics (Focused Ion Beam): http://fibics.com

    Code extraction, Semiconductors Research: http://www.semiresearch.com

    FPGA and PC RE, Bottom Line Technologies: http://www.bltinc.com/XilinxTraining.htm

    Center for Advanced Lifecycle Engineering: http://www.calce.umd.edu/

    Failure analysis: http://www.semitracks.com

    Exploits: http://www.flylogic.net/blog/

    Software RE

    IDA Pro Disassembler and Debugger: http://www.hex-rays.com/idapro/

    Conferences, briefings and training, Black Hat: http://blackhat.com

    Win32 reverse engineering, OpenRCE: http://www.openrce.org/about/


    Caveat: The Department of Defense is not affiliated with these websites nor the information, products, services or organizations they represent (well, other than the .mil ones) and they are not subject to Federal information quality, privacy, security, and related guidelines. No endorsement or recommendation is implied or intended.