An FPGA-based key-store for improving the dependability of security services

A key-store is a facility for storing sensitive information, most typically the keys of a cryptographic application which provides a security service. In this paper, we present a hardware implemented key-store, which allows secure storage and high performance retrieval of RSA keys. Since RSA is the most widely adopted standard for cryptographic keys, our key-store can be effectively used to improve the dependability of a wide class of security services. Tfie device is implemented on top of a commercial off the shelf (COTS) programmable hardware board, namely a Celoxica RCWOO mounting a Xilinx Virtex-E 2000 FPGA part. We describe the architecture of the hardware device, illustrate the organization of the associated device driver, and evaluate the security and performance gain which can be achieved by integrating our device in real-world applications.

[1]  Yvo Desmedt,et al.  Threshold cryptography , 1994, Eur. Trans. Telecommun..

[2]  Navjot Singh,et al.  Libsafe: transparent system-wide protection against buffer overflow attacks , 2002, Proceedings International Conference on Dependable Systems and Networks.

[3]  Fred B. Schneider,et al.  COCA: a secure distributed online certification authority , 2002 .

[4]  Antonino Mazzeo,et al.  FPGA-based implementation of a serial RSA processor , 2003, 2003 Design, Automation and Test in Europe Conference and Exhibition.

[5]  J-C. Laprie,et al.  DEPENDABLE COMPUTING AND FAULT TOLERANCE : CONCEPTS AND TERMINOLOGY , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[6]  Greg Kroah-Hartman,et al.  Linux Device Drivers , 1998 .

[7]  Christof Paar,et al.  Security on FPGAs: State-of-the-art implementations and attacks , 2004, TECS.

[8]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[9]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[10]  Alessandro Cilardo,et al.  Carry-save Montgomery modular exponentiation on reconfigurable hardware , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[11]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[12]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[13]  Configuration Issues : Power-up , Volatility , Security , Battery Back , 1998 .

[14]  Dan Boneh,et al.  Building intrusion tolerant applications , 1999, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[15]  Christof Paar,et al.  Cryptography on FPGAs: State of the Art Implementations and Attacks , 2003 .

[16]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[17]  Daniel Pierre Bovet,et al.  Understanding the Linux Kernel , 2000 .

[18]  Adi Shamir,et al.  Playing "Hide and Seek" with Stored Keys , 1999, Financial Cryptography.