Tamper-Resistance Evalution of Digital Signature Softwares by Runtime-Data Searching Method

摘要

Tamper-resistance, which means in this paper protection of secret key of digital signature, is important for digital signature softwares in which secret key is stored and calculated. There is a method to evaluate tamper-resistance of a software, the runtime-data search method: extracting data appered in the computer in which the software is runnning and cheking each data as secret data. We developed a tool to evaluate tamper-resistance on this method. Then, we carried out experiments with this tool for tamper-resistance evaluation of RSA signature softwares written with a popular Java-JCE-providers. It was found that these Java-JCE-providers have very low tamper-resistance, and BigInteger class in JDK used in these Java-JCE-providers leads to this low tamper-resistance. We also investigate effectiveness of secret data split methods for high tamper-resistance.