Teach Time Encyclopedia - Learn About Our World
Home Page
Teach Time
Featured Topics

United States
by state

CITYology

Academic Disciplines

Historical Timelines

Themed Timelines

Calendars

Reference Tables

Biographies

How-tos



Sunday, October 12, 2008

Secure cryptoprocessor

A secure cryptoprocessor is a dedicated computer for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance.

The purpose of a secure cryptoprocessor is to act as the keystone of a security sub-system, eliminating the need to protect the rest of the sub-system with physical security measures.

Smartcards are probably the most widely deployed form of secure cryptoprocessor, although more complex and versatile secure cryptoprocessors are widely deployed in systems such as ATMss. Some secure cryptoprocessors can even run general-purpose operating systems such as Linux inside their security boundary.

Security measures used in secure cryptoprocessors:

  • tamper-detecting and tamper-evident containment
  • automatic zeroization of secrets in the event of tampering
  • internal battery backup
  • chain of trust boot-loader which authenticates the operating system before loading it
  • chain of trust operating system which authenticates application software before loading it
  • hardware-based capability registers, implementing a one-way privilege separation model

Secure cryptoprocessors, whilst useful, are not invulnerable.

The most famous secure cryptoprocessor is the IBM 4758. A team at the University of Cambridge reported the sucessful extraction of secret information from an IBM 4758, using a combination of guile, trickery, mathematics, and special-purpose codebreaking hardware.

Whilst the vulnerability they exploited was a flaw in the software loaded on the 4758, and not the architecture of the 4758 itself, their attack serves as a reminder that a security system is only as secure as its weakest link: the strong link of the 4758 hardware was rendered useless by flaws in the design and specification of the software loaded on it.

The software flaws reported by the Cambridge team have now been fixed, making the system more secure: a good example of the advantages of full disclosure.

Smartcards are significantly more vulnerable, as they are more open to physical attack.

See also:

External links:


Internet Hotel Solutions

Site Sponsors
AC Units
Baltimore Harbor
Boot Camp Grads
Bra Size
Burkittsville
College Hotels
Digital Harbor
Free Cell Phones
Golden Hare Travel
Golf Vacations
Golf Courses
Gourmet
Hair Styles
Hippodrome
iWoman
Lesson Plans
Maryland Hotels
MD Genealogy
Minor League Stuff
Motel Site
Ocean City
OC Real Estate
Old Agers
Office Supplies
Orlando
Pet Friendly Hotel
Room Prices
Savannah, GA
Ski Vacations
South Baltimore
Student Teaching
Travel Sources
University Hotels
Visit Military Bases
Washington, DC

Brought to you by NoChildLeftBehind.com and the Beaches and Towns Network, LLC.