potential chemical attacks on coatings and tamper evident seal adhesives carol cantlon, b.e....
TRANSCRIPT
![Page 1: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/1.jpg)
Potential Chemical Attacks on Coatings and Tamper Evident Seal
Adhesives
Carol Cantlon, B.E. (Chemical Engineering)
EWA-Canada IT Security Evaluation & Test Facility
![Page 2: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/2.jpg)
27 September 2005 Potential Chemical Attacks 2
OutlineOutline
• Chemical Security Mechanisms for FIPS 140-2 Physical Security
• Tamper Evident Seal Attacks• Comparison of Tamper Evident Seals to
Pick-Resistant Locks• Conformal Coatings and Paints• Epoxies• Conclusion• Recommendations
![Page 3: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/3.jpg)
27 September 2005 Potential Chemical Attacks 3
Chemical MechanismsChemical Mechanisms
Multiple-Chip Embedded• At Physical Security Level 2
– Bleeding paint or conformal coatings
Multiple-Chip Standalone• Tamper Evidence at Physical Security Level 2 and
Above– Tamper evident seals
![Page 4: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/4.jpg)
27 September 2005 Potential Chemical Attacks 4
Chemical Mechanisms ContinuedChemical Mechanisms Continued
Multiple-Chip Embedded or Multiple-Chip Standalone• Security Level 3
– Hard opaque coating or potting material
![Page 5: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/5.jpg)
27 September 2005 Potential Chemical Attacks 5
Tamper Evident SealsTamper Evident Seals
Tamper Evident Seals are comprised of the following:
– the paper- with label and/or serial number
– the adhesive
![Page 6: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/6.jpg)
27 September 2005 Potential Chemical Attacks 6
Adhesive BondAdhesive Bond
Paper
DiscontinuityEnclosureCover
or Door
Mechanical bond: adhesive of the tamper evident seal flows into microscopic holes of the surface and hardens
![Page 7: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/7.jpg)
27 September 2005 Potential Chemical Attacks 7
Successful AttackSuccessful Attack
• Cause adhesive to flow to break bond without damaging paper
• Tamper evidence is provided by the paper and not the adhesive since adhesive residue can be cleaned from the enclosure and/or cover.
• Just need to remove seal from one part
![Page 8: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/8.jpg)
27 September 2005 Potential Chemical Attacks 8
Paper DamagePaper Damage
• Breaks in the paper such as tears, scores or wording;
• Damage to the holograph;• Deformation, e.g. stretching of the paper;• Discoloration of the paper; and• Dye running – may also stain a hard plastic
enclosure
![Page 9: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/9.jpg)
27 September 2005 Potential Chemical Attacks 9
Effective Methods - SolventsEffective Methods - Solvents
• Water– Usually not effective since most adhesives do not
dissolve in water
• Methyl Hydrate– Dissolves some glues
• Acetone– Effective for acrylic-based adhesives
![Page 10: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/10.jpg)
27 September 2005 Potential Chemical Attacks 10
Effective Methods - HeatEffective Methods - Heat
• Hair dryer preferred over heat gun
• Heat gun’s high temperature-low humidity heat may crack the paper.
![Page 11: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/11.jpg)
27 September 2005 Potential Chemical Attacks 11
Heat vs. SolventsHeat vs. Solvents
Heat does not need to be directly applied to the adhesive.
For solvents, difficulty in targeting adhesive since the adhesive is entirely covered by the paper.
Plastic, e.g. low density polyethylene, paper or metalicized paper may allow soaking of the seal in the solvent for an attack because not damaged by wetting.
![Page 12: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/12.jpg)
27 September 2005 Potential Chemical Attacks 12
Successful Heat AttackSuccessful Heat Attack
![Page 13: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/13.jpg)
27 September 2005 Potential Chemical Attacks 13
Why Did It Work?Why Did It Work?
• Metallic surface of seal and metal plate both reflected heat:
– Surface of seal preventing damage– Surface of metal plate directing heat to adhesive
• Metal plate expanded slightly to allow adhesive to flow
![Page 14: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/14.jpg)
27 September 2005 Potential Chemical Attacks 14
Counteracting the Effect of Metal SurfacesCounteracting the Effect of Metal Surfaces
![Page 15: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/15.jpg)
27 September 2005 Potential Chemical Attacks 15
Tamper Evident Seal FeatureTamper Evident Seal Feature
• Words formed in paper
• Path of least resistance on pulling of tamper evident seal from surface leaves behind words
![Page 16: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/16.jpg)
27 September 2005 Potential Chemical Attacks 16
Seal Damaged from SolventSeal Damaged from Solvent
![Page 17: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/17.jpg)
27 September 2005 Potential Chemical Attacks 17
Acid and Base AttacksAcid and Base Attacks
• Not as successful as other mentioned attacks
• Weak acids (H+) and bases (-OH) are similar to neutral water as a solvents.
• Strong acids and bases will damage paper and/or surfaces.
![Page 18: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/18.jpg)
27 September 2005 Potential Chemical Attacks 18
Pick-Resistant LocksPick-Resistant Locks
• Superior to tamper evident seals for preventing access
• Require the use of drills, saws or picks to remove
![Page 19: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/19.jpg)
27 September 2005 Potential Chemical Attacks 19
Locks vs. Tamper Evident SealsLocks vs. Tamper Evident Seals
• Tamper evident seals are easy to add to off-the-shelf enclosures.
• Theft of the key for the lock is equivalent to theft of replacement tamper evident seals.
• Discovery of combination for logical lock – loss of tamper evidence
![Page 20: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/20.jpg)
27 September 2005 Potential Chemical Attacks 20
Adhesives Directly on CoversAdhesives Directly on Covers
• Used in the manufacturer of smaller devices, i.e. PCMCIA cards
• Thin line of adhesive exposed on the side
![Page 21: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/21.jpg)
27 September 2005 Potential Chemical Attacks 21
AttacksAttacks
• Use syringe to inject solvent.
• Freezing attacks may be successful if adhesive becomes brittle and the covers can be separated.
• Covers may be reattached without showing tamper evidence by applying glue.
![Page 22: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/22.jpg)
27 September 2005 Potential Chemical Attacks 22
CoatingsCoatings
• Conformal coatings include acrylics, epoxies, urethanes, parxylenes or silicones.
• Paints are polymer emulsions.
• Coatings are similar to adhesives in that they need to adhere to the circuit board.
• Epoxies can contain a tamper detection mesh.
![Page 23: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/23.jpg)
27 September 2005 Potential Chemical Attacks 23
PolymersPolymers
• Polymers are long chain hydrocarbons which may or may not have other elements such as chlorine, nitrogen, or fluorine as part of each repeating unit or monomer.
• Polymers, by their nature, are resistant to decomposition.
• Strong acids or bases may breakdown the polymer, but also may damage circuitry.
![Page 24: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/24.jpg)
27 September 2005 Potential Chemical Attacks 24
Common Cause of Polymer DecompositionCommon Cause of Polymer Decomposition
• A common cause of polymer decomposition is ultraviolet (UV) light.
• Free radicals generated by UV light cause monomer bonds to break.
• UV stabilizers are added to prevent decomposition.
• Use concentrated UV source to attack conformal coatings?
![Page 25: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/25.jpg)
27 September 2005 Potential Chemical Attacks 25
Epoxy ResinsEpoxy Resins
• Made from the chemical reaction of two compounds:
Bisphenol A-Bis A (or bisphenol F-Bis F- and/or ‘Novolac’)
and
Epichlorohydrin
![Page 26: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/26.jpg)
27 September 2005 Potential Chemical Attacks 26
Bisphenol A-Bis ABisphenol A-Bis A
Chemical product of one acetone unit
O
CH2 - C - CH2
with two phenol groups:
OH
![Page 27: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/27.jpg)
27 September 2005 Potential Chemical Attacks 27
Solvent for EpoxiesSolvent for Epoxies
Acetone could make a good solvent for epoxies since it is a building block of them.
![Page 28: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/28.jpg)
27 September 2005 Potential Chemical Attacks 28
ConclusionConclusion
• Chemical mechanisms used in physical security have similar properties.
![Page 29: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/29.jpg)
27 September 2005 Potential Chemical Attacks 29
RecommendationsRecommendations
• Standardization of chemical testing approaches amongst all Cryptographic Module Testing Laboratories while still encouraging laboratory innovation
![Page 30: Potential Chemical Attacks on Coatings and Tamper Evident Seal Adhesives Carol Cantlon, B.E. (Chemical Engineering) EWA-Canada IT Security Evaluation &](https://reader035.vdocuments.us/reader035/viewer/2022062404/551aa78755034656628b4a2b/html5/thumbnails/30.jpg)
27 September 2005 Potential Chemical Attacks 30
Recommendations ContinuedRecommendations Continued
• Encourage the use of multiple layers of physical security mechanisms:– Tamper evident seals (provides better tamper
evidence) with locks (provides better access prevention)
– Tamper evidence for enclosure plus epoxy on internal circuitry