Outbound authentication for programmable secure coprocessors

A programmable secure coprocessor platform can help solve many security problems in distributed computing, particularly if coprocessor applications can participate as full-fledged parties in distributed cryptographic protocols. Thus, a generic platform must not only provide programmability, maintenance, and configuration in the hostile field, it must also provide outbound authentication for the entities that result. This paper offers our experiences in solving this problem for a high-end secure coprocessor product. This work required synthesis of a number of techniques, so that parties with different and dynamic views of trust can draw sound and complete conclusions about remote coprocessor applications.

[1]  Bennet S. Yee A Sanctuary for Mobile Agents , 2001, Secure Internet Programming.

[2]  Lance J. Hoffman,et al.  BITS: a smartcard protected operating system , 1994, CACM.

[3]  Henry Lieberman,et al.  Aria: an agent for annotating and retrieving images , 2001, Computer.

[4]  Ueli Maurer,et al.  Reasoning about public-key certification: on bindings between entities and public keys , 2000, IEEE J. Sel. Areas Commun..

[5]  Ueli Maurer,et al.  Reasoning about public-key certification: on bindings between entities and public keys , 1999, IEEE Journal on Selected Areas in Communications.

[6]  Butler W. Lampson,et al.  A Trusted Open Platform , 2003, Computer.

[7]  Ross J. Anderson,et al.  Two remarks on public key cryptology , 2002 .

[8]  Sean W. Smith,et al.  SAM: a flexible and secure auction architecture using trusted hardware , 2001, Proceedings 15th International Parallel and Distributed Processing Symposium. IPDPS 2001.

[9]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[10]  Sean W. Smith,et al.  Securing Web servers against insider attack , 2001, Seventeenth Annual Computer Security Applications Conference.

[11]  Stephen W. Smith,et al.  Webalps: Using trusted co-servers to enhance privacy and security of web transactions , 2000 .

[12]  Sean W. Smith,et al.  Prototyping an Armored Data Vault: Rights Management on Big Brother's Computer , 2002, Privacy Enhancing Technologies.

[13]  Ueli Maurer,et al.  Modelling a Public-Key Infrastructure , 1996, ESORICS.

[14]  Sean W. Smith,et al.  Secure coprocessing applications and research issues , 1996 .

[15]  Barbara Gengler Reports: Trusted Computing Platform Alliance , 2001 .

[16]  Bennet S. Yee,et al.  Secure Coprocessors in Electronic Commerce Applications , 1995, USENIX Workshop on Electronic Commerce.

[17]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[18]  Bennet S. Yee,et al.  Dyad : a system for using physically secure coprocessors , 1991 .

[19]  Sean W. Smith,et al.  Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear , 2003 .

[20]  Sean W. Smith,et al.  Practical server privacy with secure coprocessors , 2001, IBM Syst. J..

[21]  Siani Pearson,et al.  Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[22]  D. Cremers,et al.  Diffusion-snakes: combining statistical shape knowledge and image information in a variational framework , 2001, Proceedings IEEE Workshop on Variational and Level Set Methods in Computer Vision.

[23]  Robert Tappan Morris,et al.  USENIX Association Proceedings of HotOS IX : The 9 th Workshop on Hot Topics in Operating Systems , 2003 .

[24]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[25]  Johann-Christoph Freytag,et al.  Almost Optimal Private Information Retrieval , 2002, Privacy Enhancing Technologies.

[26]  Mike Bond,et al.  API-Level Attacks on Embedded Systems , 2001, Computer.

[27]  Sean W. Smith,et al.  Application Support Architecture for a High-Performance, Programmable Secure Coprocessor , 1999 .

[28]  Bennet S. Yee,et al.  Using Secure Coprocessors , 1994 .

[29]  Sean W. Smith,et al.  Using a High-Performance, Programmable Secure Coprocessor , 1998, Financial Cryptography.

[30]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[31]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[32]  Sean W. Smith,et al.  Building the IBM 4758 Secure Coprocessor , 2001, Computer.

[33]  Perry Alexander,et al.  Rosetta: Semantic Support for Model-Centered Systems-Level Design , 2001, Computer.

[34]  Christoph G. Günther,et al.  An Identity-Based Key-Exchange Protocol , 1990, EUROCRYPT.

[35]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.