Active hardware attacks and proactive countermeasures

Active hardware attacks succeed in deriving cryptographic secrets from target devices. They were originally proposed for systems implementing RSA, Fiat-Shamir (1988) scheme, and Schnorr´s scheme. Common targets for these attacks are systems used for client authentication in order to access services, e.g., pay-per view TV, video distribution and cellular telephony. These client systems hold secrets, typically cryptographic keys, owned by the service provider and often implement the Fiat-Shamir identification scheme. Given the strength of active attacks and the increasingly wide deployment of client systems, it is desirable to design proactive countermeasures for them. We focus on the Fiat-Shamir scheme. We prove that the conventional active attack can be easily avoided through appropriate system and protocol configuration; we denote this configuration as the precautious Fiat-Shamir Scheme. We argue that proactive countermeasures against active attacks are feasible and lead to systems that are inherently resistant to active attacks by careful protocol design, rather than ad hoc solutions.