1 / 17

Hardware Cryptographic Coprocessor

Hardware Cryptographic Coprocessor. Peter R. Wihl Security in Software. The Problem. Need for secure computing in an environment where computing is distributed, insecure, and even hostile More and more, we use computers that belong to others, but we need to know our data is safe. The Goal.

theophilus
Download Presentation

Hardware Cryptographic Coprocessor

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software

  2. The Problem • Need for secure computing in an environment where computing is distributed, insecure, and even hostile • More and more, we use computers that belong to others, but we need to know our data is safe.

  3. The Goal • Create a trusted computing device that can be added to an untrusted computing system to make it secure. • Isolate your secure processing from the rest of your system.

  4. Example 1 - Database • Create a central database system that allows only authorized users to access to only their data on the system. • Exclude even the system administrator from viewing any data in the database.

  5. Example 2 – Trusted Boot • You have an untrusted computing system, but you want to ensure that it boots the correct machine code. • Want to make sure that the boot code has not been altered or tampered with

  6. Example 3 – Protected Data At Rest(My Favorite!) • You have sensitive data that you can access in a controlled, protected environment but must be protected when not being accessed • Protection of data needed between use of it i.e. during transportation

  7. A Secure Coprocessor • A general-purpose computing environment • Withstands physical attacks and logical attacks • Must run the programs that it is supposed to, and must distinguish between the real device and application and a clever impersonator • Must remain secure even if adversaries carry out destructive analysis of one or more devices • Started in the early 1990’s

  8. Evaluation Parameters • Physical Protection (tamper resistant) • Reliability (physical or electrical damage) • Computational Ability (Speed bps) • Communications • Portability • Cost

  9. Applications • Generalized Access • Generalized Revelation • Autonomous Auditing • Trusted Execution

  10. Classes of Solutions • IC Chip Cards (Smart Cards, Your GSM Phone has one) • PCMCIA Tokens (Fortezza) • Other Card Tokens (Secure ID) • Smart Disks (Obsolete) • Bus Cards (IBM 4758) • Your Body (the future is now)

  11. FORTEZZA™ CRYPTOCARD

  12. Fortezza Features • Data Privacy • User ID Authentication • Data Integrity • Non-Repudiation • Time stamping

  13. RSA SecurID • Software tokens support qualified smart cards or USB authenticators • Stores symmetric key and is PIN protected • Stores digital credentials • Only secures the login process

  14. The IBM 4758 • Tamper-responding hardware design certified under FIPS PUB 140-1. Suitable for high-security processing and cryptographic operations • Hardware to perform DES, random number generation, and modular math functions for RSA and similar public-key cryptographic algorithms • Secure code loading that enables updating of the functionality while installed in application systems • IBM Common Cryptographic Architecture (CCA) and PKCS #11 as well as custom software options • Provides a secure platform on which developers can build secure applications

  15. The 4758 Architecture

  16. SafeNet SafeXcel™ 241-PCI Card • Provides industry-leading cryptography throughput for operations such as: • DES and Triple-DES encryption • MD5 and SHA-1 Hashing • Random number generation • Public key computations:- Diffie-Hellman key negotiation- RSA encryption and signatures- DSA signatures

  17. SafeXcel™ 241-PCI Architecture

More Related