the ibm 4758 secure cryptographic coprocessor hardware
play

The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture - PDF document

Jan 07, 2024 •261 likes •386 views

The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve Weingart Senior Engineer (561) 392 6100 c1shw@us.ibm.com Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY 4758 PCI

  1. The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve Weingart Senior Engineer (561) 392 6100 c1shw@us.ibm.com Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY

  2. 4758 PCI Cryptographic Adapter/Secure Processor • History • IBM 4758 PCI Cryptographic Adapter • Architecture • New Features • Implementation • Physical Security Steve H. Weingart IBM T. J. Watson Research Center, Hawthorne, NY Page 2 (561) 392-6100. Secure Systems and Smart Cards c1shw@us.ibm.com

  3. 4758 PCI Cryptographic Adapter/Secure Processor IBM Cryptographic Adapters History • Effort started in 1983 • Provided input and design assistance to IBM • IBM FBU Charlotte Castle Products (4753) • IBM ESD ICRF Strengths • Architecture Has Been In Use Since 1987, So It is Well Known. • General Purpose Processor • Fast DES • Reasonably Easy to Write Code Weaknesses • No Hardware RSA • No Good (Hardware) Random Number Generation. • General Purpose Processor was Underpowered • Existing Crypto Interface is Cumbersome for RSA and Transaction Type Processes • Not Easy Enough to Write code Steve H. Weingart IBM T. J. Watson Research Center, Hawthorne, NY Page 3 (561) 392-6100. Secure Systems and Smart Cards c1shw@us.ibm.com

  4. 4758 PCI Cryptographic Adapter/Secure Processor Architecture: Product Design New Features • Faster Processor • Full PC Compatibility • PCI Bus Attach to Permit Wider HW Base • Hardware RSA (Math Support) • Packet Mode for Lower Overhead for Non-Bulk Operations • Half Card PCI Design (PCI base card plus secure processor assembly) • Physical Security (FIPS 140-1 Level 4) • Good Random Number Generation. Steve H. Weingart IBM T. J. Watson Research Center, Hawthorne, NY Page 4 (561) 392-6100. Secure Systems and Smart Cards c1shw@us.ibm.com

  5. 4758 PCI Cryptographic Adapter/Secure Processor Architecture: New Features Block Diagram 486 PC Compatible Computer Physical Security Boundary MATH FIFO Router Control DES Gate Gate Array Array FIFO Intermediate Parallel Bus PCI Interface PCI Bus Steve H. Weingart IBM T. J. Watson Research Center, Hawthorne, NY Page 5 (561) 392-6100. Secure Systems and Smart Cards c1shw@us.ibm.com

  6. 4758 PCI Cryptographic Adapter/Secure Processor New Features: Communications • Communications Paths: • All Controlled From Adapter Processor • Data Paths to: • PCI Controller for Mailbox access • FIFOs for DES & Packet Mode • Directly to RSA & DES Devices • Controller/State Machine • Crypto Modes: • DES, High Speed • PCI Bus or Adapter Processor Memory Space as Source, FIFOs for Speed Balancing • PCI Bus or Adapter Processor Memory Space as Target, FIFOs for Speed Balancing • DMA/Busmaster on Both Sides Controlled by State Machine • Once Established it is Independent of Adapter CPU • DES Low Speed • I/O From Adapter Processor (Use for Triple Encryption) • RSA • I/O From PCI Cryptographic Adapter Processor • Packet Mode (RSA or DES) • One FIFO Open From PCI Bus to PCI Cryptographic Adapter • One FIFO Open From PCI Cryptographic Adapter to PCI Bus • Lowers Overhead for Small Transaction Packets Compared to Bulk DES Overhead Steve H. Weingart IBM T. J. Watson Research Center, Hawthorne, NY Page 6 (561) 392-6100. Secure Systems and Smart Cards c1shw@us.ibm.com

  7. 4758 PCI Cryptographic Adapter/Secure Processor New Features: Operating Environment • All Standard PC Functions Available, Including: • Address Space • Interrupts • DMA • Serial Communications (limited use) • Counter/Timer • RTC • Improves Development Environment • Can Develop/Test On Standard PC • Embedded OS (CP/Q) Environment Permits Development on Host Steve H. Weingart IBM T. J. Watson Research Center, Hawthorne, NY Page 7 (561) 392-6100. Secure Systems and Smart Cards c1shw@us.ibm.com

  8. 4758 PCI Cryptographic Adapter/Secure Processor New Features: PCI Interface • Permits Wide Range of Hardware Platforms • PC and Compatible • PowerPC • PowerMac • Unix Workstations • Improved Performance • PCI Data Rates to 132 MBytes/sec. • Target or Bus Master Capability • Built in FIFOs at Max Bus Rate • Mailbox with Interrupts for Command/Control Interface Steve H. Weingart IBM T. J. Watson Research Center, Hawthorne, NY Page 8 (561) 392-6100. Secure Systems and Smart Cards c1shw@us.ibm.com

  9. 4758 PCI Cryptographic Adapter/Secure Processor Implementation • PCI • 32 bit 5V card, Supports Target and Master • CPU Integrated 1 Chip 486 PC (CPU + PC Support) • 4 Mbytes RAM • 2 Mbytes Flash • Crypto • Custom DES Chip (25+ MBytes/sec (HW), 16 bit wide data interface) • RSA (Math) Chip (Fast, approx. 20 ops/sec for 1024 bit key/data & exponent, 2048 bit capable) • Gate Arrays for Router and Controller/State Machines • Hardware Noise-Based Random Number Generator Steve H. Weingart IBM T. J. Watson Research Center, Hawthorne, NY Page 9 (561) 392-6100. Secure Systems and Smart Cards c1shw@us.ibm.com

  10. 4758 PCI Cryptographic Adapter/Secure Processor Physical Security Requirements • Needed to meet FIPS 140-1 level 4 • To meet Tamper detection requirements • Older designs were not good enough, or were not manufacturable • Tamper Membrane - New Technology Membrane • Manufacturing issues • New Circuitry for New Membrane • To Meet EFT/EFP Requirements • Voltage • All Power Supplies • Operating Ranges (Reset) • Damage Ranges (Tamper) • Battery • Low (Warning) • Failure (Tamper) • Temperature • Operating Range (Reset) • Damage Range (Tamper) • Radiation • Had to do all the above on a battery budget • Special considerations for zeroization • No Environmental Imprinting • Validated FIPS 140-1 Level 4 Steve H. Weingart IBM T. J. Watson Research Center, Hawthorne, NY Page 10 (561) 392-6100. Secure Systems and Smart Cards c1shw@us.ibm.com

  11. 4758 PCI Cryptographic Adapter/Secure Processor Physical Security Cutaway Drawing Metal Shield Tamper Detecting Membrane Crypto Card Inner Cover Potting Shielded Base Card Flexible Data/Power Cable Steve H. Weingart IBM T. J. Watson Research Center, Hawthorne, NY Page 11 (561) 392-6100. Secure Systems and Smart Cards c1shw@us.ibm.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is not wholly affected by a bug in one aspect of it. ) General-purpose computational environments. Secure temper responsive physical package.

366 views • 14 slides
Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted Cryptographic Protocols Estonian Winter School in Computer Science 2016 Motivation 2 Two Areas Cryptographic Protocols Secure Hardware strong security

759 views • 52 slides
White-Box Cryptography Matthieu Rivain CARDIS 2017 How to protect a cryptographic key? How to

White-Box Cryptography Matthieu Rivain CARDIS 2017 How to protect a cryptographic key? How to

White-Box Cryptography Matthieu Rivain CARDIS 2017 How to protect a cryptographic key? How to protect a cryptographic key? Well, put it in a smartcard of course! ... or any piece of secure hardware But... Secure hardware is expensive

1.6k views • 98 slides
CHES Tutorial Cryptographic hardware: how to make it cool, fast and secure Junfeng Fan KULeuven,

CHES Tutorial Cryptographic hardware: how to make it cool, fast and secure Junfeng Fan KULeuven,

9/9/2012 CHES Tutorial Cryptographic hardware: how to make it cool, fast and secure Junfeng Fan KULeuven, ESAT/SCD-COSIC CHES 2012 Crypto hardware 9/9/2012 CHES Tutorial: Crypto hardware design 3 1 9/9/2012 Smart card SoC (NXP P60C080)

826 views • 54 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in the Quantum Era (SPS G5448) February 5th, 2020 Christian Colombo Mark Vella Cryptographic Protocols Design Proofs to validate design against

467 views • 20 slides
Good Practices for Designing Cryptographic Primitives in Hardware Miroslav Kne evi NXP

Good Practices for Designing Cryptographic Primitives in Hardware Miroslav Kne evi NXP

Good Practices for Designing Cryptographic Primitives in Hardware Miroslav Kne evi NXP Semiconductors miroslav.knezevic@nxp.com January 25, 2016 School on Design for a Secure IoT, Tenerife, 2016 THINGS Smart Plugs 3. January 28, 2016

1.09k views • 86 slides
Open-Source FPGA Implementation of Post-Quantum Cryptographic Hardware Primitives Rashmi Agrawal

Open-Source FPGA Implementation of Post-Quantum Cryptographic Hardware Primitives Rashmi Agrawal

Open-Source FPGA Implementation of Post-Quantum Cryptographic Hardware Primitives Rashmi Agrawal , Bu Lake, Alan Ehret, and Michel Kinsy Adaptive & Secure Computing Systems Lab Department of Electrical & Computer Engineering Boston

964 views • 48 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides
How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research

How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research

How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research Silicon Valley Protecting Sensitive Computations from Leakage/Side-Channel Attacks Sensitive computations: Cryptographic Algorithms Secret Key

232 views • 20 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
Floating Point Coprocessor Instructions Systems Design & Programming CMPE 310 Coprocessor

Floating Point Coprocessor Instructions Systems Design & Programming CMPE 310 Coprocessor

Floating Point Coprocessor Instructions Systems Design & Programming CMPE 310 Coprocessor Basics The 80x87 is able to multiply, divide, add, subtract, find the sqrt and calculate transcenden- tal functions and logarithms. Data types

361 views • 12 slides
Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric

Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric

CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation Problem and

779 views • 47 slides
Suggestions for Hardware Evaluation of Cryptographic Algorithms Frank K. G urkaynak

Suggestions for Hardware Evaluation of Cryptographic Algorithms Frank K. G urkaynak

Suggestions for Hardware Evaluation of Cryptographic Algorithms Frank K. G urkaynak Microelectronics Design Center, ETH Z urich 6 July 2012 My Goal To improve the quality of hardware evaluations for crypto algorithms. Microelectronics

798 views • 51 slides
Does gate count matter? Hardware efficiency of logic-minimization techniques for cryptographic

Does gate count matter? Hardware efficiency of logic-minimization techniques for cryptographic

Does gate count matter? Hardware efficiency of logic-minimization techniques for cryptographic primitives Shashank Raghuraman and Leyla Nazhandali Abstract Logical metrics such as gate count have been extensively used in estimating the hardware

401 views • 12 slides
SSPDDP https://www.sspddp.nl SSPDDP https://www.sspddp.nl SSPDDP Secure Cryptographic

SSPDDP https://www.sspddp.nl SSPDDP https://www.sspddp.nl SSPDDP Secure Cryptographic

SSPDDP https://www.sspddp.nl SSPDDP https://www.sspddp.nl SSPDDP Secure Cryptographic mechanisms for Immutability, Privacy, & Trust management Scalable Enable resource restricted clients High-performance accelerators for

360 views • 11 slides
System-Level Sushil Menon 1 & Dr. Suryaprasad J Center for Electronic System Level Design

System-Level Sushil Menon 1 & Dr. Suryaprasad J Center for Electronic System Level Design

A Pattern based Methodology for the Design and Implementation of Multiplexed Master-Slave devices at the System-Level Sushil Menon 1 & Dr. Suryaprasad J Center for Electronic System Level Design & Verification PES School of Engineering

639 views • 24 slides
EECS 373 Design of Microprocessor-Based Systems Memory-Mapped I/O Example Bus with Memory-Mapped

EECS 373 Design of Microprocessor-Based Systems Memory-Mapped I/O Example Bus with Memory-Mapped

Today EECS 373 Design of Microprocessor-Based Systems Memory-Mapped I/O Example Bus with Memory-Mapped I/O Branden Ghena University of Michigan Bus Architectures AMBA APB Lecture 4: Memory-Mapped I/O, Bus Architectures September 11,

400 views • 9 slides
Visualisierung 1 2015W, VU, 2.0h, 3.0EC 186.827 Eduard Grller Johanna Schmidt Oana Moraru

Visualisierung 1 2015W, VU, 2.0h, 3.0EC 186.827 Eduard Grller Johanna Schmidt Oana Moraru

Visualisierung 1 2015W, VU, 2.0h, 3.0EC 186.827 Eduard Grller Johanna Schmidt Oana Moraru Institute of Computer Graphics and Algorithms (ICGA), VUT Austria Visualization Definition The purpose of computing is insight, not numbers [R.

610 views • 50 slides
Introduction to OpenMP Cache Coherency Symmetric MultiProcessing Each processor in an SMP has

Introduction to OpenMP Cache Coherency Symmetric MultiProcessing Each processor in an SMP has

Introduction to OpenMP Cache Coherency Symmetric MultiProcessing Each processor in an SMP has equal access to all parts of memory same latency and bandwidth P P P P P P Bus/Interconnect Memory Examples IBM servers, Sun

565 views • 25 slides
A Comparison of Two Gigabit SAN/LAN Technologies: SCI versus Myrinet Ch. Kurmann, T. Stricker

A Comparison of Two Gigabit SAN/LAN Technologies: SCI versus Myrinet Ch. Kurmann, T. Stricker

EMMSEC 98: European Multimedia, Microprocessor Systems and Electronic Commerce Conference and Exposition A Comparison of Two Gigabit SAN/LAN Technologies: SCI versus Myrinet Ch. Kurmann, T. Stricker Laboratory for Computer Systems ETHZ -

558 views • 28 slides
Reactive Synthesis Swen Jacobs <swen.jacobs@iaik.tugraz.at> VTSA 2013 Nancy, France

Reactive Synthesis Swen Jacobs <swen.jacobs@iaik.tugraz.at> VTSA 2013 Nancy, France

Reactive Synthesis Swen Jacobs <swen.jacobs@iaik.tugraz.at> VTSA 2013 Nancy, France 24.09.2013 u www.iaik.tugraz.at 2 Property Synthesis (You Will Never Code Again) VTSA 2013 Swen Jacobs Construct Correct Systems Automatically 3

1.08k views • 62 slides
The I 2 C BUS Interface Corrado Santoro ARSLAB - Autonomous and Robotic Systems Laboratory

The I 2 C BUS Interface Corrado Santoro ARSLAB - Autonomous and Robotic Systems Laboratory

The I 2 C BUS Interface Corrado Santoro ARSLAB - Autonomous and Robotic Systems Laboratory Dipartimento di Matematica e Informatica - Universit` a di Catania, Italy santoro@dmi.unict.it L.S.M. 1 Course Corrado Santoro The I2C BUS Interface

974 views • 20 slides
Horror on Horr Horr Horror on or on the b or on the b the bus the bus Hacking COMBUS in a

Horror on Horr Horr Horror on or on the b or on the b the bus the bus Hacking COMBUS in a

Horror on Horr Horr Horror on or on the b or on the b the bus the bus Hacking COMBUS in a Hacking combus in a Paradox security system Paradox security system Hackfest Decade Quebec, Canada Author Lead researcher at Possible

517 views • 36 slides

More recommend