CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Security Analysis of the Cryptographic Microprocessor DS5002FP

Markus Kuhn

Aug 30, 1996


In computer security applications like pay-TV access control devices, cellular phones, or financial transaction terminals, the attacker has easy full physical access to the system hardware over an extended period of time. It is essential for the security of these applications that the software executing in the system is not accessible for unauthorized persons, even if the attacker is very knowledgeable and well equipped (logic analyzer, chip test equipment, electron microscope, etc.).

In my talk, I will provide a brief overview over current physical security concepts used in commercial tamper-proof computer systems. I will describe the widely used DS5002FP bus encryption security processor, as well as a new effective attack that allows easy unauthorized low-cost access to the software stored by this processor. A number of new counter measures can be used to prevent this attack in future bus encryption processor designs. Next generation bus encryption processors could also be used in modern workstations in order to provide highly secure software and patch distribution.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.