hwsec carey clampettmeseec.ce.rit.edu/551-projects/spring2014/3-5.pdfsecurity in hardware offers...
TRANSCRIPT
![Page 1: HWSEC CAREY CLAMPETTmeseec.ce.rit.edu/551-projects/spring2014/3-5.pdfSecurity in hardware offers performance and power consumption advantages over its software equivalents. o Increasing](https://reader033.vdocuments.us/reader033/viewer/2022052008/601d6370dded940f92442d43/html5/thumbnails/1.jpg)
Hardware SecurityA Presentation by Eli Clampett and James Carey
![Page 2: HWSEC CAREY CLAMPETTmeseec.ce.rit.edu/551-projects/spring2014/3-5.pdfSecurity in hardware offers performance and power consumption advantages over its software equivalents. o Increasing](https://reader033.vdocuments.us/reader033/viewer/2022052008/601d6370dded940f92442d43/html5/thumbnails/2.jpg)
Agenda● Introduction to Hardware Security● History of Hardware Security● Why do we need it?● Types of Conventional Hardware Security
o Cryptoprocessorso Hardware Security Modules
● What does hardware security actually do?● Hardware Security Modules (HSMs)
![Page 3: HWSEC CAREY CLAMPETTmeseec.ce.rit.edu/551-projects/spring2014/3-5.pdfSecurity in hardware offers performance and power consumption advantages over its software equivalents. o Increasing](https://reader033.vdocuments.us/reader033/viewer/2022052008/601d6370dded940f92442d43/html5/thumbnails/3.jpg)
Introduction to Hardware Security● Physical device that provides a layer of security.● Protects data from unwanted accesses.● Helps prevent exploits of specific vulnerabilities.● Provides some advantages over security via software.
o Actual degree of securityo Speedo Tampering
![Page 4: HWSEC CAREY CLAMPETTmeseec.ce.rit.edu/551-projects/spring2014/3-5.pdfSecurity in hardware offers performance and power consumption advantages over its software equivalents. o Increasing](https://reader033.vdocuments.us/reader033/viewer/2022052008/601d6370dded940f92442d43/html5/thumbnails/4.jpg)
History of Hardware Security● Literal Hardware Security
o 1853 - First patent on an electro-magnetic alarm.o Late 1800s - Electronically controlled vaults.
● Conventional Hardware Security started with Military Applicationso Weapons arming, communications.
● First civilian use in the 1980’s, primarily in the financial industry with ATMs and mainframe computers.
● Now used in numerous consumer level applicationso sim cards, smart cards, game controllers, cars, and various other
consumer electronics.● Recent standards created for cryptoprocessors
o Trusted Platform Module (TPM) - 2009
![Page 5: HWSEC CAREY CLAMPETTmeseec.ce.rit.edu/551-projects/spring2014/3-5.pdfSecurity in hardware offers performance and power consumption advantages over its software equivalents. o Increasing](https://reader033.vdocuments.us/reader033/viewer/2022052008/601d6370dded940f92442d43/html5/thumbnails/5.jpg)
Why do we need it?● Modern security work is largely focused on either protecting or attacking
target operating systems● Software is not enough to fully protect a system.● Security in hardware offers performance and power consumption
advantages over its software equivalents.o Increasing amounts of data being processed and the complexity of
encryption algorithms slows down security implementations severely.
o Often times these same encryption algorithms can be implemented in hardware.
![Page 6: HWSEC CAREY CLAMPETTmeseec.ce.rit.edu/551-projects/spring2014/3-5.pdfSecurity in hardware offers performance and power consumption advantages over its software equivalents. o Increasing](https://reader033.vdocuments.us/reader033/viewer/2022052008/601d6370dded940f92442d43/html5/thumbnails/6.jpg)
Types of Hardware Security
● Cryptoprocessors ● Hardware Security Modules
![Page 7: HWSEC CAREY CLAMPETTmeseec.ce.rit.edu/551-projects/spring2014/3-5.pdfSecurity in hardware offers performance and power consumption advantages over its software equivalents. o Increasing](https://reader033.vdocuments.us/reader033/viewer/2022052008/601d6370dded940f92442d43/html5/thumbnails/7.jpg)
Cryptoprocessors
● Dedicated processor for cryptographic operations.
● Has some degree of tamper resistance.● Limits the amount of physical security
needed via compartmentalizing secure portions of the system.
![Page 8: HWSEC CAREY CLAMPETTmeseec.ce.rit.edu/551-projects/spring2014/3-5.pdfSecurity in hardware offers performance and power consumption advantages over its software equivalents. o Increasing](https://reader033.vdocuments.us/reader033/viewer/2022052008/601d6370dded940f92442d43/html5/thumbnails/8.jpg)
What does Hardware Security Do?● Implements encryption algorithms to secure data.● Store encrypted data in a difficult to access fashion.● Prevents unencrypted data from existing in an idle state on the system.● In the US, Hardware security conforms to the Federal Information
Processing Standards (FIPS).● In general, it works just like any other processing hardware only its
optimized for encryption algorithms and secured more thoroughly.
![Page 9: HWSEC CAREY CLAMPETTmeseec.ce.rit.edu/551-projects/spring2014/3-5.pdfSecurity in hardware offers performance and power consumption advantages over its software equivalents. o Increasing](https://reader033.vdocuments.us/reader033/viewer/2022052008/601d6370dded940f92442d43/html5/thumbnails/9.jpg)
Trusted Platform Module Standard
![Page 10: HWSEC CAREY CLAMPETTmeseec.ce.rit.edu/551-projects/spring2014/3-5.pdfSecurity in hardware offers performance and power consumption advantages over its software equivalents. o Increasing](https://reader033.vdocuments.us/reader033/viewer/2022052008/601d6370dded940f92442d43/html5/thumbnails/10.jpg)
Processor with Double Encryption
![Page 11: HWSEC CAREY CLAMPETTmeseec.ce.rit.edu/551-projects/spring2014/3-5.pdfSecurity in hardware offers performance and power consumption advantages over its software equivalents. o Increasing](https://reader033.vdocuments.us/reader033/viewer/2022052008/601d6370dded940f92442d43/html5/thumbnails/11.jpg)
Hardware Security Modules
● HSM’s provide both logical and physical protection of data
● Possess tools to protect against tampering● Contains one or more cryptoprocessors● Can have multiple levels of security● Often operates within a lock safe or chest to further
prevent hardware tampering
![Page 12: HWSEC CAREY CLAMPETTmeseec.ce.rit.edu/551-projects/spring2014/3-5.pdfSecurity in hardware offers performance and power consumption advantages over its software equivalents. o Increasing](https://reader033.vdocuments.us/reader033/viewer/2022052008/601d6370dded940f92442d43/html5/thumbnails/12.jpg)
HSM Example
![Page 13: HWSEC CAREY CLAMPETTmeseec.ce.rit.edu/551-projects/spring2014/3-5.pdfSecurity in hardware offers performance and power consumption advantages over its software equivalents. o Increasing](https://reader033.vdocuments.us/reader033/viewer/2022052008/601d6370dded940f92442d43/html5/thumbnails/13.jpg)
Concerns● What are the concerns if Hardware security protects against remote
attacks?o Physical Access to the Hardware Module
Drill into module, probe components Power Analysis of Module UV Light Memory Reading Setting/Resetting SRAM via light injection Fault Injection
o “Remote Analysis of Module” Listening on the network for server based HSMs.
![Page 14: HWSEC CAREY CLAMPETTmeseec.ce.rit.edu/551-projects/spring2014/3-5.pdfSecurity in hardware offers performance and power consumption advantages over its software equivalents. o Increasing](https://reader033.vdocuments.us/reader033/viewer/2022052008/601d6370dded940f92442d43/html5/thumbnails/14.jpg)
Solutions● Hardware security components must provide some tamper resistance.
o Sensors for tampering detection Tampering results in zeroizing of data (keys and hashes) Self-destruction?
o UV Light Protection● Limit physical access to systems● Active vs Passive Modules
o Active, “full-sized” processors have an ability to recognize tampering.o Passive modules such as smartcards won’t know and thus need different tampering
resistance.
![Page 15: HWSEC CAREY CLAMPETTmeseec.ce.rit.edu/551-projects/spring2014/3-5.pdfSecurity in hardware offers performance and power consumption advantages over its software equivalents. o Increasing](https://reader033.vdocuments.us/reader033/viewer/2022052008/601d6370dded940f92442d43/html5/thumbnails/15.jpg)
Sources● http://perspecsys.com/history/● http://www.princeton.edu/~achaney/tmve/wiki100k/docs/Secure_cryptoprocessor.htm● http://www.openmpe.com/cslproceed/HPW04CD/papers/3327.pdfl● http://www.engr.uconn.edu/~tehrani/teaching/hst/● http://www.seagate.com/staticfiles/SeagateCryptofaceoff.pdf● http://www.safenet-inc.com/data-encryption/hardware-security-modules-hsms/luna-hsms-key-
management/luna-sa-network-hsm/● http://www.cren.net/crenca/onepagers/hsm2.html● http://www.cisco.com/c/dam/en/us/products/collateral/video/headend-digital-equipment/7016137.pdf● http://assets.citrix.com/NetScaler_0911/ASSETS/Citrix_2048_SSL_Best_Practices.pdf
![Page 16: HWSEC CAREY CLAMPETTmeseec.ce.rit.edu/551-projects/spring2014/3-5.pdfSecurity in hardware offers performance and power consumption advantages over its software equivalents. o Increasing](https://reader033.vdocuments.us/reader033/viewer/2022052008/601d6370dded940f92442d43/html5/thumbnails/16.jpg)
Questions?