CryptoPage : Support matériel pour cryptoprocessus

Computers are widely used and interconnected but are not as secure as we could expect. For example, a secure execution cannot even be achieved or proved against a software (the system administrator) or hardware attacker (a logical analyzer on the computer buses). In this article a strong cryptography-based architecture with an operating system support is presented to reach such security levels without reducing the performance. A cache line cipher and a memory verifier based on MERKLE tree hash function is added to the internal cache in order to resist to various attacks and even replay attacks. Then the impact on the operating system and some applications are described.

[1]  Marek Karpinski,et al.  Optimal trade-off for merkle tree traversal , 2005, ICETE.

[2]  Sergei Skorobogatov Low temperature data remanence in static RAM , 2002 .

[3]  Jean-Didier Legat,et al.  Architecture of security management unit for safe hosting of multiple agents , 1999, Electronic Imaging.

[4]  Moni Naor,et al.  Protecting Cryptographic Keys: The Trace-and-Revoke Approach , 2003, Computer.

[5]  Mark Horowitz,et al.  Specifying and verifying hardware for tamper-resistant software , 2003, 2003 Symposium on Security and Privacy, 2003..

[6]  Mark Horowitz,et al.  Implementing an untrusted operating system on trusted hardware , 2003, SOSP '03.

[7]  G. Edward Suh,et al.  The AEGIS Processor Architecture for Tamper-Evident and Tamper-Resistant Processing , 2003 .

[8]  G. Edward Suh,et al.  Caches and hash trees for efficient memory integrity verification , 2003, The Ninth International Symposium on High-Performance Computer Architecture, 2003. HPCA-9 2003. Proceedings..

[9]  C. Brendan S. Traw Technical Challenges of Protecting Digital Entertainment Content , 2003, Computer.

[10]  Uresh K. Vahalia UNIX Internals: The New Frontiers , 1995 .

[11]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[12]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[13]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[14]  原田 秀逸 私の computer 環境 , 1998 .

[15]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[16]  David Mazières,et al.  Fast and secure distributed read-only file system , 2000, TOCS.

[17]  Andrew Huang,et al.  Keeping Secrets in Hardware: The Microsoft Xbox™ Case Study , 2002, CHES.

[18]  Ahmet M. Eskicioglu Protecting Intellectual Property in Digital Multimedia Networks , 2003, Computer.

[19]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[20]  Markus G. Kuhn,et al.  Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP , 1998, IEEE Trans. Computers.

[21]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[22]  Moni Naor,et al.  Digital signets: self-enforcing protection of digital information (preliminary version) , 1996, STOC '96.