TECHNICAL ISO/IEC TS SPECIFICATION 30104 First edition 2015-05-15 Information Technology Security Techniques Physical Security Attacks, Mitigation Techniques and Security Requirements Technologies de I'information Techniques de sécurité - Attaques de sécurité physique, techniques d'atténuation et exigences de sécurite Reference number IS0/IEC TS 30104:2015(E) E( . International Organization for Standardization Institute of Standardization 5956617 @IS0/IEC 2015 ted without license from IHS IS0/IEC TS 30104:2015(E) COPYRIGHTPROTECTEDDOCUMENT IS0/IEC 2015, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 . CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 [email protected] www.iso.org Internatinir Drganization for Standardization Not for Resale, 2015/7/30 02:51:39 No reproduction or networking permited without license from IHS IS0/IEC TS 30104:2015(E) Contents Page Foreword ..V Introduction. ..vi 1 Scope. 2 Normative references 3 Terms and definitions 4 Symbols and abbreviated terms. 5 Physical security ..5 6 Physical security invasive mechanisms ..6 6.1 Overview ..6 6.2 Tamper proof ..7 6.3 Tamper resistant .7 6.4 Tamper detection. ..7 6.5 Tamper evident. .7 6.6 Additional physical security considerations 6.6.1 Summary. ..8 6.6.2 Size and weight 6.6.3 Mixed and Layered Systems. ..8 7 Physical security invasive attacks and defences ..8 7.1 Overview ..8 7.2 Attacks. .9 7.2.1 Attack mechanisms. .9 7.2.2 Machining methods. .9 7.2.3 Shaped charge technology .11 7.2.4 Energy attacks. .11 7.2.5 Environmental conditions .12 7.3 Defences.... ..12 7.3.1 Overview ..12 7.3.2 Tamper resistant ..13 7.3.3 Tamper evident ..14 7.3.4 Tamper detection sensor technology .. 15 7.3.5 Tamper responding. ..18 8 Physical security non-invasive mechanisms .20 8.1 Overview .20 8.2 Mixed and Layered Systems. .20 9 Physical security non-invasive attacks and defences. .20 9.1 Overview 20 9.2 Attacks 20 9.2.1 Overview. 20 9.2.2 External Probe attacks 20 9.2.3 External EME attacks. 21 9.2.4 Timing analysis. .21 9.3 Defences .21 10 Operating Envelope Concept. .22 11 Development, delivery and operation considerations .22 11.1 Introduction 22 11.2 Development. .22 11.2.1 Functional test and debug 22 11.2.2 Security testing. 22 11.2.3 Environmental testing ..23 11.2.4 Factory installed keys or security parameters. ..23 ii Licensee=Zhejiang Institute of Standardization 5956617 No reproduction or networking permitted without license from IHS Not for Resale, 2015/7/30 02:51:39