An Open-Source Cryptographic Coprocessor

Current crypto implementations rely on software running under general-purpose operating systems alongside a horde of untrusted applications, ActiveX controls, web browser plugins, mailers handling messages with embedded active content, and numerous other threats to security, with only the OS's (often almost nonexistant) security to keep the two apart. This paper presents a general-purpose open-source crypto coprocessor capable of securely performing crypto operations such as key management, certificate creation and handling, and email encryption, decryption, and signing, at a cost one to two orders of magnitude below that of commercial equivalents while providing generally equivalent performance and a higher level of functionality. The paper examines various issues involved in designing the coprocessor, and explores options for hardware acceleration of crypto operations for extended performance above and beyond that offered by the basic coprocessor's COTS hardware.

[1]  Li Fang Common Data Security Architecture , 1999 .

[2]  Eiji Okamoto,et al.  A tentative approach to constructing tamper-resistant software , 1998, NSPW '97.

[3]  T.J. Shimeall,et al.  Software Security in an Internet World: An Executive Summary , 1999, IEEE Softw..

[4]  Nicholas McGuire Embedded Linux , 2000, Annual Linux Showcase & Conference.

[5]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[6]  William M. Daley,et al.  Security Requirements for Cryptographic Modules , 1999 .

[7]  Peter Gutmann,et al.  Secure deletion of data from magnetic and solid-state memory , 1996 .

[8]  M Vousden,et al.  User friendly. , 1989, Nursing times.

[9]  Peter Gutmann,et al.  Software Generation of Practically Strong Random Numbers , 1998, USENIX Security Symposium.

[10]  Calton Pu,et al.  Death, taxes, and imperfect software: surviving the inevitable , 1998, NSPW '98.

[11]  John M. Rushby,et al.  Proof of separability: A verification technique for a class of a security kernels , 1982, Symposium on Programming.

[12]  Mark A. Ludwig The Giant Black Book Of Computer Viruses , 1995 .

[13]  John M. Rushby,et al.  Design and verification of secure systems , 1981, SOSP.

[14]  Mary Ellen Zurko,et al.  A Retrospective on the VAX VMM Security Kernel , 1991, IEEE Trans. Software Eng..

[15]  Adi Shamir,et al.  Playing "Hide and Seek" with Stored Keys , 1999, Financial Cryptography.

[16]  Ed Dawson,et al.  Cryptography: Policy and Algorithms , 1996, Lecture Notes in Computer Science.

[17]  Ralph Howard,et al.  Data encryption standard , 1987 .

[18]  George Eckel Inside Windows NT , 1993 .

[19]  Helen Custer,et al.  Inside Windows NT , 1992 .

[20]  Dieter Gollmann Cryptographic APIs , 1995, Cryptography: Policy and Algorithms.

[21]  Thomas Blum,et al.  Modular Exponentiation on Reconfigurable Hardware , 1999 .

[22]  John Lombardo Embedded Linux , 2001 .

[23]  Peter Gutmann,et al.  The Design of a Cryptographic Security Architecture , 1999, USENIX Security Symposium.

[24]  R. R. Schell,et al.  The importance of high assurance computers for command, control, communications, and intelligence systems , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[25]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[26]  Stephen Smalley,et al.  The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments , 2000 .

[27]  David S. Rosenblum Formal methods and testing: why the state-of-the art is not the state-of-the practice , 1996, SOEN.