Secure Coprocessor What is Secure coprocessor: Robust. (A system - - PowerPoint PPT Presentation

secure coprocessor
SMART_READER_LITE
LIVE PREVIEW

Secure Coprocessor What is Secure coprocessor: Robust. (A system - - PowerPoint PPT Presentation

Oct 31, 2022 217 likes •366 views

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is not wholly affected by a bug in one aspect of it. ) General-purpose computational environments. Secure temper responsive physical package.

slide-1
SLIDE 1

Secure Coprocessor

What is Secure coprocessor:

  • Robust. (A system that is not easily or is not wholly affected by a bug in one aspect of it. )
  • General-purpose computational environments.
  • Secure temper responsive physical package.
  • Trusted to execute the software correctly, despite physical attacks.

.

Broad Definition: A secure coprocessor consists of a computational engine and memory (at least a

portion of which is designated as “secure”) contained in a physical package designed to render the contents

  • f the secure memory unavailable to an adversary who physically attacks the device.

Motivation: computation as well as cryptographic secrets inside the same secure box.

slide-2
SLIDE 2

Secure Coprocessor

Engineering and Business decisions

  • How powerful is the engine?

Maximize computational power (e.g., use as big a CPU as is reasonable, good cryptographic accelerators).

  • How much memory?

Support it with ample RAM.

  • How is it secured?

Use a smaller amount of battery-backed RAM (BBRAM) as the non-volatile, secure memory.

  • How effective are the tamper protections?

Assemble this on a circuit board with technology to actively sense tamper and near-instantly zeroize the SRAM.

slide-3
SLIDE 3

Example: IBM 4758 PCI Cryptographic Coprocessor

Other Examples

IC chip cards, PCMCIA tokens, and “smart buttons”—might also be considered part of the secure coprocessing family. (With limited computation power and physical security.)

slide-4
SLIDE 4

IBM 4758 PCI Cryptographic Coprocessor

Features:

1. High security, programmable, 486-class processing PCI board. 2. Highly suitable for data processing and cryptography

  • perations.

3. Specialized cryptographic electronics for random number generation, DES and public key algorithms. 4. Digitally signed software loading. 5. Tamper sensing and responding design (certified under USA FIPS 140-1 standard at levels 3 and 4 ). 6. Custom programming, user can implement his own

  • application. (Require unique identifier and code

signing key from IBM).

slide-5
SLIDE 5

IBM 4758 PCI Cryptographic Coprocessor

Performance:

1. Models 002 and 023 support up to 175 1024-bit RSA private key operations per second. 2. DES encryption throughput of 15.3 MBytes/second has been measured on fast host systems.

Avalability:

IBM4758 Model 002 and 023 PCI cryptographic processors are the latest generations of IBM4758 family. Available for i-series, p-series and older z-series and generally Intel based servers running Windows 2000. NOTE: IBM4758 model 023 has been withdrawn from 4 June, 2004.

slide-6
SLIDE 6

Features of IBM4758 family

slide-7
SLIDE 7

Terminologies

FIPS PUB 140-1

The rigorous Security Requirements for Cryptographic Modules is the benchmark standard by which cryptographic implementations are measured. The highest level is 4. FIPS 140 is unique with its emphasis on clear testing criteria for anti-tamper design validation.

DES

Data Encryption Standard is a symmetric key block cipher developed in 1975. It was the first official U.S. government cipher intended for commercial use.

RSA

RSA is a public key cipher which can be used both for encrypting messages and making digital signatures.

SHA

The SHA (Secure Hash Algorithm) family is a set of related cryotographic hash functions designed by the National Security Agency (NSA) and published by the National Institute of Standards and Technology (NIST).

slide-8
SLIDE 8

Security Model

Sample lifecycle of a high-end secure coprocessor with active tamper response.

slide-9
SLIDE 9

Application Design

The hardware philosophy (more powerful and secure ) also shapes the model for application software. It is differentiator between week member of the family such as chip cards.

  • Protect the critical portion of the application software by having it execute inside the secure coprocessor
  • Exploit the computational power of the coprocessor by allowing this critical portion to be fairly complex.
  • Structure this critical software to exploit the fact that tamper destroys only contents of volatile

DRAM/SRAM and the smaller BBRAM—but not, for example, the contents of FLASH or ROM.

slide-10
SLIDE 10

Physical Security (design approaches)

  • tamper evidence, where packaging forces tamper to leave indelible physical changes.
  • tamper resistance, where the device packaging makes tamper difficult.
  • tamper detection, where the device actually is aware of tamper.
  • tamper response, where the device actively takes countermeasures upon tamper.

Previous efforts – defence against penetration. Current efforts – defence against incorrect device operations allowing security functions to be bypassed

  • No provable tamper-proof system exists.
  • Designs get better and better, but so do the adversary’s skill and tools.
slide-11
SLIDE 11

Tamper detect/response mechanism

Detecting penetration

1. Sensing grid of conductors wrapped around the secure device. 2. Detecting changes in the properties (open, short, changes in conductivity) of conductors. 3. Ground shielding to reduce susceptibility to electromagnetic interference.

Response to Tamper

1. Erase secrets that are contained in the unit, by erasing (zeroizing) a StaticRandom Access Memory (SRAM) that contains the secrets, 2. Erasing the operating memory and 3. Ceasing operation.

slide-12
SLIDE 12

Attacks by manipulating conditions

Temperature sensor

Low temperatures will allow SRAM to retain its data. High temperatures will damages device processor

Ionization Radiation detector

These radiations will allow SRAM to retain its data and disrupt the device circuit operations.

Voltage sensors Phase Locked loops

Its prevent clock signals which are too fast ( signal with missing or extra pulses ) NOTE: Storing the same value in a bit in SRAM over long periods can also cause that value to imprint.

slide-13
SLIDE 13

1. Shipping-condition specifications apply when the product is transported in its original IBM packaging. 2. MHz: Megahertz; MB: Megabytes; KB: Kilobytes; mbar: millibar.

slide-14
SLIDE 14

Software Attacks

We cannot rely on the device operating system, since we do not know what it will be—and a corrupt or faulty OS might be what we need to defend against.

Hardware Access Locks (Ratchet locking )

In order to limit the abilities of rogue but privileged software, we use hardware locks: independent circuitry that restricts the activities of code executing on the main CPU.