Download - Hardware Cryptographic Coprocessor
![Page 1: Hardware Cryptographic Coprocessor](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815b63550346895dc95132/html5/thumbnails/1.jpg)
Hardware Cryptographic Coprocessor
Peter R. WihlSecurity in Software
![Page 2: Hardware Cryptographic Coprocessor](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815b63550346895dc95132/html5/thumbnails/2.jpg)
The Problem
• Need for secure computing in an environment where computing is distributed, insecure, and even hostile
• More and more, we use computers that belong to others, but we need to know our data is safe.
![Page 3: Hardware Cryptographic Coprocessor](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815b63550346895dc95132/html5/thumbnails/3.jpg)
The Goal
• Create a trusted computing device that can be added to an untrusted computing system to make it secure.
• Isolate your secure processing from the rest of your system.
![Page 4: Hardware Cryptographic Coprocessor](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815b63550346895dc95132/html5/thumbnails/4.jpg)
Example 1 - Database
• Create a central database system that allows only authorized users to access to only their data on the system.
• Exclude even the system administrator from viewing any data in the database.
![Page 5: Hardware Cryptographic Coprocessor](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815b63550346895dc95132/html5/thumbnails/5.jpg)
Example 2 – Trusted Boot
• You have an untrusted computing system, but you want to ensure that it boots the correct machine code.
• Want to make sure that the boot code has not been altered or tampered with
![Page 6: Hardware Cryptographic Coprocessor](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815b63550346895dc95132/html5/thumbnails/6.jpg)
Example 3 – Protected Data At Rest(My Favorite!)
• You have sensitive data that you can access in a controlled, protected environment but must be protected when not being accessed
• Protection of data needed between use of it i.e. during transportation
![Page 7: Hardware Cryptographic Coprocessor](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815b63550346895dc95132/html5/thumbnails/7.jpg)
A Secure Coprocessor
• A general-purpose computing environment • Withstands physical attacks and logical attacks• Must run the programs that it is supposed to,
and must distinguish between the real device and application and a clever impersonator
• Must remain secure even if adversaries carry out destructive analysis of one or more devices
• Started in the early 1990’s
![Page 8: Hardware Cryptographic Coprocessor](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815b63550346895dc95132/html5/thumbnails/8.jpg)
Evaluation Parameters
• Physical Protection (tamper resistant)• Reliability (physical or electrical damage)• Computational Ability (Speed bps)• Communications• Portability• Cost
![Page 9: Hardware Cryptographic Coprocessor](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815b63550346895dc95132/html5/thumbnails/9.jpg)
Applications
• Generalized Access• Generalized Revelation• Autonomous Auditing• Trusted Execution
![Page 10: Hardware Cryptographic Coprocessor](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815b63550346895dc95132/html5/thumbnails/10.jpg)
Classes of Solutions
• IC Chip Cards (Smart Cards, Your GSM Phone has one)
• PCMCIA Tokens (Fortezza)• Other Card Tokens (Secure ID)• Smart Disks (Obsolete)• Bus Cards (IBM 4758)• Your Body (the future is now)
![Page 11: Hardware Cryptographic Coprocessor](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815b63550346895dc95132/html5/thumbnails/11.jpg)
FORTEZZA™ CRYPTOCARD
![Page 12: Hardware Cryptographic Coprocessor](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815b63550346895dc95132/html5/thumbnails/12.jpg)
Fortezza Features
• Data Privacy• User ID Authentication• Data Integrity• Non-Repudiation• Time stamping
![Page 13: Hardware Cryptographic Coprocessor](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815b63550346895dc95132/html5/thumbnails/13.jpg)
RSA SecurID
• Software tokens support qualified smart cards or USB authenticators
• Stores symmetric key and is PIN protected• Stores digital credentials• Only secures the login process
![Page 14: Hardware Cryptographic Coprocessor](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815b63550346895dc95132/html5/thumbnails/14.jpg)
The IBM 4758• Tamper-responding hardware design certified under
FIPS PUB 140-1. Suitable for high-security processing and cryptographic operations
• Hardware to perform DES, random number generation, and modular math functions for RSA and similar public-key cryptographic algorithms
• Secure code loading that enables updating of the functionality while installed in application systems
• IBM Common Cryptographic Architecture (CCA) and PKCS #11 as well as custom software options
• Provides a secure platform on which developers can build secure applications
![Page 15: Hardware Cryptographic Coprocessor](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815b63550346895dc95132/html5/thumbnails/15.jpg)
The 4758 Architecture
![Page 16: Hardware Cryptographic Coprocessor](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815b63550346895dc95132/html5/thumbnails/16.jpg)
SafeNet SafeXcel™ 241-PCI Card
• Provides industry-leading cryptography throughput for operations such as:– DES and Triple-DES encryption– MD5 and SHA-1 Hashing– Random number generation– Public key computations:
- Diffie-Hellman key negotiation- RSA encryption and signatures- DSA signatures
![Page 17: Hardware Cryptographic Coprocessor](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815b63550346895dc95132/html5/thumbnails/17.jpg)
SafeXcel™ 241-PCI Architecture