With these simple examples, we see how much the trust that is imbued to the secure core of a personal electronic device is dependent on security, which is the capability of the secure core to not reveal its secrets. An example of a non-destructive internal attack consists in disturbing the electric circuitry with an appropriate laser beam. This creates perturbations in the functioning of the secure core that affect how the flow of information inside the card is directed toward providing an answer to specific data probes. To the careful eye, this can provide telltale information that can help decode and find information hidden in the card. This is not necessarily a sport for amateurs, but experts know how to interpret virtually any form of information they can get from a disturbed electronic circuit. If the circuitry inside is not designed with such attacks in mind, it is not beyond possibility to see the card simply spew out its most intimate secrets directly. However, with modern trusted cores, the perturbations are typically much harder to decode and require considerable expertise. Still, there are those who may want to spend the money for the machinery and for hiring top experts if the information inside is of high enough value. It is possible to protect against light-beam attacks with proper coatings on the circuit chips, but it is much more difficult to defend against another natural perturbation of electronic circuits, that caused by cosmic rays. These can disturb the functioning of the trusted core either temporarily or permanently. Certain defenses are themselves destructive, as the circuitry can detect the malfunctioning and decide to just shut down. More sophisticated defenses involve having enough redundancy in the circuitry to detect an anomaly and attempt to remedy it. When trust depends on a response to cosmic rays, we certainly reach a significant, if not ultimate boundary.

Let’s consider an example of a destructive, external attack. It consists in imaging particular elements of the circuitry inside after peeling the inner layers of electronics, which is a destructive operation. If the hacker has for example, several secure cores to experiment with so that damaged ones can be replaced, then it is possible to use the information on those various secure cores to decrypt internal information. That’s why trusted cores can be coated with protective armor making it very difficult to peel them off without breaking at the same time the circuitry so protected.

So we have reviewed two kinds of attacks; one that relies on perturbing circuitry, the other on imaging it. The defenses are of multiple kinds, from the design of the circuitry to using special coatings with several properties of interest. This illustrates that trust can come from multiple, reinforcing, sources, and we can readily understand that the security of electronic components is a complex field of technology.

We see that destructive external attacks can be very treacherous, and obviously expensive to counter. This allows us to illustrate an important aspect of trust derived from causality through security. Before one engages in defending circuitry against attacks, one must be well-aware of the value of the information being protected because the cost of protection can easily exceed the value of that information. Trust has a price. More trust is more expensive, and one needs to know where in the trust spectrum one wants to be, depending on the costs and associated value of the trust granted. Finally, let’s consider destructive internal attacks. Those consist in dismantling the card but not its contained computer chip. The secure core is now open, and it is possible to directly probe the circuitry. One way to protect against such threats is to make it very likely that as the card is dismantled, it is irreparable damaged, for example by causing the component to burn or to shatter. However, it is easy to see that one who is determined enough may be able to assemble (or disassemble) the puzzle anyway, albeit at considerable effort. Here then, we see yet another principle of security in action, that involving time. If we can make it hard enough to get to the secret, it may take so much time that it is no longer relevant if and when it is revealed. In this case, security is based on the consideration that the secrets are temporarily safe, which brings a time component to the concept of trust.

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)