Secure Cryptographic Coprocessor       

links

 photo Robert L. (Bob) Wisnieff photo

Secure Cryptographic Coprocessor - overview


Motivation

Many current and proposed distributed applications face a fundamental security contradiction:
  • computation must occur in remote devices,
  • but these devices are vulnerable to physical attack by adversaries who would benefit from subverting this computation.

If an adversary can attack a device by altering or copying its algorithms or stored data, he or she often can subvert an entire application. The mere potential of such attack may suffice to make a new application too risky to consider.

Idea

Secure coprocessors---computational devices that can be trusted to execute their software correctly, despite physical attack---address these threats. Distributing such trusted havens throughout a hostile environment enables secure distributed applications. Higher-end examples of secure coprocessing technology usually incorporate support for high-performance cryptography.

However, even though this technology is closely associated with cryptographic accelerators, much of the exciting potential of the secure coprocessing model arises from the notion of putting computation as well as cryptographic secrets inside the secure box.

History

For over fifteen years, our team has explored building high-end devices: robust, general-purpose computational environments inside secure tamper-responsive physical packages. This work led to the Abyss, microAbyss, and Citadel prototypes; provided the hardware platform for Bennet Yee and Doug Tygar's Dyad project at CMU; contributed to the physical security design for some of earlier IBM cryptographic accelerators; and contributed to FIPS 140-1, the standard used by the U.S. and Canadian Governments for secure devices.

Results

This research introduced the challenge: how do we make this vision real? Widespread development and practical deployment of secure coprocessing applications requires an infrastructure of secure devices, not just a handful of laboratory prototypes, and requires that these devices be trustworthy.

We've addressed both these needs!

  • Existence.
    Our team was instrumental in the design, development and deployment of such a device, the IBM 4758---both as a research tool and as a commercial product, which reached market August 1997. Subsequent devices have recently been released in April and June of 2000 which build on our initial work, offering further enhancements, functionality, and increased performance.
  • Security.
    In November 1998, the IBM 4758 became the first device ever to earn a FIPS 140-1 Level 4 validation---the highest possible rating. This meant:
    • The device withstood any physical attack the independent evaluation lab tried.
    • The security of the internal software was validated by mechanical verification of a formal mathematical model.
    As of this writing, the only other Level 4 device is a non-programmable crypto chip, also from IBM.

Device drivers are available for NT, OS/2, AIX, Solaris and Linux; BSD is coming.

What's Next

We're looking to build applications that push the envelope of secure coprocessors.

We're helping others to do this: already, UCSD is using our platform for secure mobile agents; University of Michigan is using our platform to secure sensitive data and operations in Kerberos servers. Other university agreements are underway.

And we're working on new hardware:

  • a PCMCIA-sized prototype of the same architecture
  • follow-on hardware with much faster crypto
  • experimental prototype hardware that incorporates Ethernet

Product Documentation

Our main product page contains information about the IBM 4758 including, software manuals, technical specs, ordering information and press releases.

Bibliography

See separate publication page in menu on the left.

TM: A Certification Mark of NIST, which does not imply product endorsement by NIST, the U.S. or Canadian Governments.