Browse Prior Art Database

Method to deter attacks on secure computer systems.

IP.com Disclosure Number: IPCOM000016173D
Original Publication Date: 2002-Oct-11
Included in the Prior Art Database: 2003-Jun-21
Document File: 4 page(s) / 54K

Publishing Venue

IBM

Abstract

A hardware method is disclosed that makes tampering with logic elements of computer systems that are related to security much more difficult. In discussions of security schemes involving BIOS code on personal computer systems it is often mentioned that "the security goes out the window if someone unsolders the BIOS flash EEPROM and replaces it with a part with a non-secure bios". It has been suggested that the flash part be covered with some sort of tamper evident tape but this only aids in an investigation of what happened after a security breach has taken place that was facilitated by replacement of the flash part by someone intent on mischief. It should be noted that flash parts are fairly small devices with a modest number of interface connections. They can be removed and replaced by someone of modest electronic board rework skills with tools that are readily available and fairly inexpensive.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 40% of the total text.

Page 1 of 4

Method to deter attacks on secure computer systems.

    A hardware method is disclosed that makes tampering with logic elements of computer systems that are related to security much more difficult.

In discussions of security schemes involving BIOS code on personal computer systems it is often mentioned that "the security goes out the window if someone unsolders the BIOS flash EEPROM and replaces it with a part with a non-secure bios".

It has been suggested that the flash part be covered with some sort of tamper evident tape but this only aids in an investigation of what happened after a security breach has taken place that was facilitated by replacement of the flash part by someone intent on mischief.

It should be noted that flash parts are fairly small devices with a modest number of interface connections. They can be removed and replaced by someone of modest electronic board rework skills with tools that are readily available and fairly inexpensive.

Our disclosure makes this sort of attack several orders of magnitude more difficult, greatly increases the skill level required of the attacker, and would require much more sophisticated (i.e., expensive) tools to carry out.

Current design of personal computers includes the following elements:

1. A central processing unit (CPU).
2. A "north bridge" chip that interfaces to the CPU, system memory, a "south bridge" chip and, in some designs, a video function.
3. A "south bridge" chip that interfaces to the north bridge, various common input/output functions (such as disk drives and audio) and the flash memory part that contains the system BIOS code.

Today, when the system is powered on, the CPU issues a read command to an industry standard memory location (contained in the flash part). This read request flows from the CPU to the north bridge, then on to the south bridge and finally to the flash interface that responds with the first command of the BIOS code.

Our invention adds control logic to each of these chip interfaces, changes the initial power up sequence and adds program logic in the BIOS code that can effectively "bind" all of the system logic elements together.

It should be noted in the following descriptions of the logic elements the register sizes can be larger than described and the actual implementation circuit details can vary as long as the behaviour described is achieved.

Logic element description:

North Bridge interface key register (see A in figure below):

This is a 64 bit register contained in the north bridge with the following characteristics.

1. Cannot be read
2. Has a value of all "1's" when the chip is manufactured,
3. Can only be written <once> in the life of the chip.

1

Page 2 of 4

4. Contents of the register are permanent (I.E., not changed by the power state of the system).

South bridge interface lock register (C in figure below)

This is a 64 bit register contained in the north bridge with the following characteristics.

1. Cannot be read
2. Has a value of all "1's" wh...