Hardware Cryptographic Coprocessor

Peter R. WihlSecurity in Software

The Problem

• Need for secure computing in an environment where computing is distributed, insecure, and even hostile

• More and more, we use computers that belong to others, but we need to know our data is safe.

The Goal

• Create a trusted computing device that can be added to an untrusted computing system to make it secure.

• Isolate your secure processing from the rest of your system.

Example 1 - Database

• Create a central database system that allows only authorized users to access to only their data on the system.

• Exclude even the system administrator from viewing any data in the database.

Example 2 – Trusted Boot

• You have an untrusted computing system, but you want to ensure that it boots the correct machine code.

• Want to make sure that the boot code has not been altered or tampered with

Example 3 – Protected Data At Rest(My Favorite!)

• You have sensitive data that you can access in a controlled, protected environment but must be protected when not being accessed

• Protection of data needed between use of it i.e. during transportation

A Secure Coprocessor

• A general-purpose computing environment • Withstands physical attacks and logical attacks• Must run the programs that it is supposed to,

and must distinguish between the real device and application and a clever impersonator

• Must remain secure even if adversaries carry out destructive analysis of one or more devices

• Started in the early 1990’s

Evaluation Parameters

• Physical Protection (tamper resistant)• Reliability (physical or electrical damage)• Computational Ability (Speed bps)• Communications• Portability• Cost

Applications

• Generalized Access• Generalized Revelation• Autonomous Auditing• Trusted Execution

Classes of Solutions

• IC Chip Cards (Smart Cards, Your GSM Phone has one)

• PCMCIA Tokens (Fortezza)• Other Card Tokens (Secure ID)• Smart Disks (Obsolete)• Bus Cards (IBM 4758)• Your Body (the future is now)

FORTEZZA™ CRYPTOCARD

Fortezza Features

• Data Privacy• User ID Authentication• Data Integrity• Non-Repudiation• Time stamping

RSA SecurID

• Software tokens support qualified smart cards or USB authenticators

• Stores symmetric key and is PIN protected• Stores digital credentials• Only secures the login process

The IBM 4758• Tamper-responding hardware design certified under

FIPS PUB 140-1. Suitable for high-security processing and cryptographic operations

• Hardware to perform DES, random number generation, and modular math functions for RSA and similar public-key cryptographic algorithms

• Secure code loading that enables updating of the functionality while installed in application systems

• IBM Common Cryptographic Architecture (CCA) and PKCS #11 as well as custom software options

• Provides a secure platform on which developers can build secure applications

The 4758 Architecture

SafeNet SafeXcel™ 241-PCI Card

• Provides industry-leading cryptography throughput for operations such as:– DES and Triple-DES encryption– MD5 and SHA-1 Hashing– Random number generation– Public key computations:

- Diffie-Hellman key negotiation- RSA encryption and signatures- DSA signatures

SafeXcel™ 241-PCI Architecture