All Topics  
Secure cryptoprocessor

 

 
   Email Print
   Bookmark   Link
 

 

Secure cryptoprocessor
 
 
  Topics Secure cryptoprocessor Topic Home

A secure cryptoprocessor is a dedicated computer
Computer

A computer is a machine that manipulates Data according to a list of Code .The first devices that resemble modern computers date to the mid-20th century , although the computer concept and various machines similar to computers existed earlier....
 or microprocessor
Microprocessor

A microprocessor incorporates most or all of the functions of a central processing unit on a single integrated circuit . The first microprocessors emerged in the early 1970s and were used for electronic calculators, using Binary-coded decimal arithmetic on 4-bit Word ....
 for carrying out cryptographic operations, embedded in a packaging with multiple physical security
Physical security

Physical security describes both measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media and guidance on how to design structures to resist various hostile acts....
 measures, which give it a degree of tamper resistance
Tamper resistance

Tamper resistance is resistance to wiktionary:tamper by either the normal users of a product, package, or system or others with physical access to it....
.

The purpose of a secure cryptoprocessor is to act as the keystone of a security sub-system, eliminating the need to protect the rest of the sub-system with physical security measures.

tcards are probably the most widely deployed form of secure cryptoprocessor, although more complex and versatile secure cryptoprocessors are widely deployed in systems such as Automated teller machine
Automated teller machine

An automated teller machine is a computerized telecommunications device that provides the customers of a financial institution with access to financial transactions in a public space without the need for a human clerk or bank teller....
s, TV set-top box
Set-top box

A set-top box or set-top unit is a information appliance that connects to a television and an external source of signal , turning the signal into content which is then displayed on the television screen....
es, and high-security portable communication equipment.






Discussion
Ask a question about 'Secure cryptoprocessor'
Start a new discussion about 'Secure cryptoprocessor'
Answer questions from other users
Full Discussion Forum



Encyclopedia


A secure cryptoprocessor is a dedicated computer
Computer

A computer is a machine that manipulates Data according to a list of Code .The first devices that resemble modern computers date to the mid-20th century , although the computer concept and various machines similar to computers existed earlier....
 or microprocessor
Microprocessor

A microprocessor incorporates most or all of the functions of a central processing unit on a single integrated circuit . The first microprocessors emerged in the early 1970s and were used for electronic calculators, using Binary-coded decimal arithmetic on 4-bit Word ....
 for carrying out cryptographic operations, embedded in a packaging with multiple physical security
Physical security

Physical security describes both measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media and guidance on how to design structures to resist various hostile acts....
 measures, which give it a degree of tamper resistance
Tamper resistance

Tamper resistance is resistance to wiktionary:tamper by either the normal users of a product, package, or system or others with physical access to it....
.

The purpose of a secure cryptoprocessor is to act as the keystone of a security sub-system, eliminating the need to protect the rest of the sub-system with physical security measures.

Examples

Smartcards are probably the most widely deployed form of secure cryptoprocessor, although more complex and versatile secure cryptoprocessors are widely deployed in systems such as Automated teller machine
Automated teller machine

An automated teller machine is a computerized telecommunications device that provides the customers of a financial institution with access to financial transactions in a public space without the need for a human clerk or bank teller....
s, TV set-top box
Set-top box

A set-top box or set-top unit is a information appliance that connects to a television and an external source of signal , turning the signal into content which is then displayed on the television screen....
es, and high-security portable communication equipment. Some secure cryptoprocessors can even run general-purpose operating systems such as Linux
Linux

Linux is a generic term referring to Unix-like computer operating systems based on the Linux kernel. Their development is one of the most prominent examples of free and open source software collaboration; typically all the underlying source code can be used, freely modified, and redistributed by anyone under the terms of the GNU GPL license...
 inside their security boundary. Cryptoprocessors input program instructions in encrypted form, decrypt the instructions to plain instructions which are then executed within the same cryptoprocessor chip where the decrypted instructions are inaccessibly stored. By never revealing the decrypted program instructions, the cryptoprocessor prevents tampering of programs by technicians who may have legitimate access to the sub-system data bus. This is known as bus encryption
Bus encryption

Bus encryption is the use of Encryption program instructions on a data Bus in a computer that includes a secure cryptoprocessor for executing the encrypted instructions....
. Data processed by a cryptoprocessor is also frequently encrypted.

The Trusted Platform Module
Trusted Platform Module

File:TPM english.svgIn computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptography key that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security Device" ....
 is an implementation of a secure cryptoprocessor that brings the notion of trusted computing
Trusted Computing

Trusted Computing is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning....
 to ordinary PC
Personal computer

A personal computer is any general-purpose computer whose original sales price, size, and capabilities make it useful for individuals, and which is intended to be operated directly by an end user, with no intervening computer operator....
s by enabling a secure environment
Secure environment

In computing, a secure environment is any system which implements the controlled storage and use of information.Often, secure environments employ cryptography as a means to protect information....
. While envisioned by some as being a method to make it much harder to illegally copy copyright
Copyright

Copyright is a form of intellectual property which gives the creator of an original work exclusive rights for a certain time period in relation to that work, including its publication, distribution and adaptation; after which time the work is said to enter the public domain....
ed software, present implementations tend to focus more on providing a tamper-proof boot environment.

Features

Security measures used in secure cryptoprocessors:
  • Tamper-detecting and tamper-evident
    Tamper-evident

    Tamper-evident describes a device or process that makes unauthorized access to the protected object easily detected. Seals, markings or other techniques may be tamper indicating....
     containment.
  • Automatic zeroization
    Zeroisation

    In cryptography, zeroisation is the practice of erasing sensitive parameters from a cryptographic module to prevent their disclosure if the equipment is captured....
     of secrets in the event of tampering.
  • Internal battery backup.
  • Chain of trust
    Chain of trust

    In computer security, a chain of trust is established by validating each component of hardware and software from the bottom up. It is intended to ensure that only trusted software and hardware can be used while still remaining flexible....
     boot-loader which authenticates the operating system before loading it.
  • Chain of trust operating system which authenticates application software before loading it.
  • Hardware-based capability
    Capability

    Capability is the ability to perform actions.As it applies to human capital, capability is the sum of expertise and capacity.It is a component within the theories of:...
     registers, implementing a one-way privilege separation
    Privilege separation

    In computer programming and computer security, privilege separation is a technique in which a computer program is divided into parts which are limited to the specific privilege they require in order to perform a specific task....
     model.


Degree of security

Secure cryptoprocessors, while useful, are not invulnerable to attack, particularly for well-equipped and determined opponents (e.g. a government intelligence agency) who are willing to expend massive resources on the project.

The most famous attack on a secure cryptoprocessor targeted the IBM 4758
IBM 4758

The IBM 4758 PCI Cryptographic Coprocessor is a secure cryptoprocessor implemented on a high-security, programmable Peripheral Component Interconnect board....
. A team at the University of Cambridge reported the successful extraction of secret information from an IBM 4758, using a combination of mathematics, and special-purpose codebreaking hardware.

Whilst the vulnerability they exploited was a flaw in the software loaded on the 4758, and not the architecture of the 4758 itself, their attack serves as a reminder that a security system is only as secure as its weakest link: the strong link of the 4758 hardware was rendered useless by flaws in the design and specification of the software loaded on it.

Smartcards are significantly more vulnerable, as they are more open to physical attack.

In the case of full disk encryption
Full disk encryption

Full disk encryption is a kind of disk encryption software or disk encryption hardware which encryption every bit of data that goes on a disk storage or disk volume ....
 applications, especially when implemented without a boot
Booting

In computing, booting is a Bootstrapping process that starts operating systems when the user turns on a computer system. A boot sequence is the initial set of operations that the computer performs when it is switched on....
 PIN
Personal identification number

A personal identification number is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system....
, a cryptoprocessor does not offer any protection against a cold boot attack
Cold boot attack

In cryptography, a cold boot attack, platform reset attack, cold ghosting attack or iceman attack is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption key from a running operating system after using a Booting#Hard_reboot to restart the machine from a complet...
. In this scenario, data remanence
Data remanence

Data remanence is the residual representation of data that has been in some way nominally erased or removed. This residue may be due to data being left intact by a nominal file deletion operation, or through physical properties of the data storage device....
 is exploited to dump memory
Static random access memory

Static random access memory is a type of semiconductor memory where the word static indicates that, unlike dynamic random access memory, it does not need to be periodically memory refresh, as SRAM uses bistable latch to store each bit....
 contents after the operating system
Operating system

An operating system is an interface between hardware and applications; it is responsible for the management and coordination of activities and the sharing of the limited resources of the computer....
 has retrieved the cryptographic keys
Key (cryptography)

In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would have no result....
 from its TPM
Trusted Platform Module

File:TPM english.svgIn computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptography key that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security Device" ....
.

The first single-chip cryptoprocessor design was for copy protection
Copy protection

Copy protection, also known as content protection, copy prevention, or copy restriction, is a technology for preventing the reproduction of copyrighted software, movies, music, and other media....
 of personal computer software (see US Patent 4,168,396, Sept 18, 1979) and was inspired by Bill Gates' Open Letter to Hobbyists
Open Letter to Hobbyists

The Open Letter to Hobbyists was an open letter written by Bill Gates, the co-founder of Microsoft, to early personal computer hobbyists, in which Gates expresses dismay at the rampant copyright infringement taking place in the hobbyist community, particularly with regard to his company's software....
.

See also

  • Computer insecurity
    Computer insecurity

    Many current computer systems have only limited security precautions in place. This computer insecurity article describes the current battlefield of computer security exploit s and defenses....
  • Secure computing
    Secure Computing

    Secure Computing Corporation, or SCC, was a public company that developed and sold computer security appliances and hosted services to protect users and data....
  • Security engineering
    Security engineering

    Security engineering is a specialized field of engineering that deals with the development of detailed engineering plans and designs for security features, controls and systems....