Secure cryptoprocessor

Secure cryptoprocessor

A secure cryptoprocessor is a dedicated computer on a chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance.

The purpose of a secure cryptoprocessor is to act as the keystone of a security sub-system, eliminating the need to protect the rest of the sub-system with physical security measures.

Contents

Examples

Smartcards are probably the most widely deployed form of secure cryptoprocessor, although more complex and versatile secure cryptoprocessors are widely deployed in systems such as Automated teller machines, TV set-top boxes, military applications,[1] and high-security portable communication equipment. Some secure cryptoprocessors can even run general-purpose operating systems such as Linux inside their security boundary. Cryptoprocessors input program instructions in encrypted form, decrypt the instructions to plain instructions which are then executed within the same cryptoprocessor chip where the decrypted instructions are inaccessibly stored. By never revealing the decrypted program instructions, the cryptoprocessor prevents tampering of programs by technicians who may have legitimate access to the sub-system data bus. This is known as bus encryption. Data processed by a cryptoprocessor is also frequently encrypted.

The Trusted Platform Module is an implementation of a secure cryptoprocessor that brings the notion of trusted computing to ordinary PCs by enabling a secure environment. While envisioned by some as being a method to make it much harder to illegally copy copyrighted software, present implementations tend to focus more on providing a tamper-proof boot environment and persistent and volatile storage encryption.

Hardware Security Modules contain one or more cryptoprocessors. These devices are high grade secure cryptoprocessors used with Enterprise servers. A hardware security module can have multiple levels of physical security with a single-chip cryptoprocessor as its most secure component. The cryptoprocessor does not reveal keys or executable instructions on a bus, except in encrypted form, and zeros keys by attempts at probing or scanning. The crypto chip(s) may also be potted in the hardware security module with other processors and memory chips that store and process encrypted data. Any attempt to remove the potting will cause the keys in the crypto chip to be zeroed. A hardware security module may also be part of a computer (for example an ATM) that operates inside a locked safe to deter theft, substitution, and tampering.

Features

Security measures used in secure cryptoprocessors:

  • Tamper-detecting and tamper-evident containment.
  • Automatic zeroization of secrets in the event of tampering.
  • Internal battery backup.
  • Chain of trust boot-loader which authenticates the operating system before loading it.
  • Chain of trust operating system which authenticates application software before loading it.
  • Hardware-based capability registers, implementing a one-way privilege separation model.

Degree of security

Secure cryptoprocessors, while useful, are not invulnerable to attack, particularly for well-equipped and determined opponents (e.g. a government intelligence agency) who are willing to expend massive resources on the project.

One attack on a secure cryptoprocessor targeted the IBM 4758.[2] A team at the University of Cambridge reported the successful extraction of secret information from an IBM 4758, using a combination of mathematics, and special-purpose codebreaking hardware.

While the vulnerability they exploited was a flaw in the software loaded on the 4758, and not the architecture of the 4758 itself, their attack serves as a reminder that a security system is only as secure as its weakest link: the strong link of the 4758 hardware was rendered useless by flaws in the design and specification of the software loaded on it.

Smartcards are significantly more vulnerable, as they are more open to physical attack.

In the case of full disk encryption applications, especially when implemented without a boot PIN, a cryptoprocessor would not be secure against a cold boot attack[3] if data remanence could be exploited to dump memory contents after the operating system has retrieved the cryptographic keys from its TPM.

Some secure cryptoprocessors contain dual processor cores and generate inaccessible encryption keys when needed so that even if the circuitry is reverse engineered, it will not reveal any keys that are necessary to securely decrypt software booted from encrypted flash memory or communicated between cores.[4]

The first single-chip cryptoprocessor design was for copy protection of personal computer software (see US Patent 4,168,396, Sept 18, 1979) and was inspired by Bill Gates' Open Letter to Hobbyists.

See also

References

  1. ^ military applications
  2. ^ attack on the IBM 4758
  3. ^ J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten (February 21, 2008). Lest We Remember: Cold Boot Attacks on Encryption Keys. Princeton University. http://citp.princeton.edu/memory/. Retrieved 2008-02-22. 
  4. ^ Secure CPU complies with DOD anti-tamper mandate

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Dongle — A dongle is a small piece of hardware that connects to a computer. [Late 20th century. Origin uncertain: probably an arbitrary formation. Microsoft Encarta Premium Suite 2004.] The usual function of a dongle is to authenticate a piece of software …   Wikipedia

  • Bus encryption — is the use of encrypted program instructions on a data bus in a computer that includes a secure cryptoprocessor for executing the encrypted instructions. Bus encryption is used primarily in electronic systems that require high security, such as… …   Wikipedia

  • Automated teller machine — cash machine redirects here. For the Hard Fi song, see Cash Machine. An NCR Personas 75 Series interior, multi function ATM in the United States …   Wikipedia

  • Software protection dongle — This article is about the software protection devices. Dongle can also refer to, e.g., serial ports, USB flash drives, wireless networking devices, USB Mobile broadband modems. Daisy chained parallel port copy protection dongles. A software… …   Wikipedia

  • Copy protection — Copy protection, also known as content protection, copy obstruction, copy prevention and copy restriction, refer to techniques used for preventing the reproduction of software, films, music, and other media, usually for copyright reasons.[1]… …   Wikipedia

  • Système d'exploitation pour carte à puce — Les systèmes d exploitation pour carte à puce aussi appelés COS[note 1] assurent fondamentalement les mêmes fonctions que les autres systèmes d exploitation, mais dans un contexte matériel où les limitations matérielles et les problématiques de… …   Wikipédia en Français

  • Smart card — This article is regarding smart cards that use electrical connectors to transmit data. For smart cards that use radio see contactless smart card Contact type smart cards may have many different contact pad layouts, such as these SIMs A smart card …   Wikipedia

  • Security engineering — is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. It is similar to… …   Wikipedia

  • Full disk encryption — (or whole disk encryption) is a kind of disk encryption software or hardware which encrypts every bit of data that goes on a disk or disk volume. The term full disk encryption is often used to signify that everything on a disk, including the… …   Wikipedia

  • Disk encryption — uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. Disk encryption prevents unauthorized access to data storage. The term full disk encryption (or whole disk encryption) is often used to… …   Wikipedia


Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.