Cryptographic Processors-A Survey

Tamper-resistant cryptographic processors are becoming the standard way to enforce data-usage policies. Their origins lie with military cipher machines and PIN processing in banking payment networks, expanding in the 1990s into embedded applications: token vending machines for prepayment electricity and mobile phone credit. Major applications such as GSM mobile phone identification and pay TV set-top boxes have pushed low-cost cryptoprocessors toward ubiquity. In the last five years, dedicated crypto chips have been embedded in devices such as game console accessories and printer ink cartridges, to control product and accessory after markets. The "Trusted Computing" initiative will soon embed cryptoprocessors in PCs so they can identify each other remotely. This paper surveys the range of applications of tamper-resistant hardware and the array of attack and defense mechanisms which have evolved in the tamper-resistance arms race.

[1]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[2]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[3]  Dennis Longley,et al.  Expert systems applied to the analysis of key management schemes , 1987, Comput. Secur..

[4]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[5]  Sergei Skorobogatov Low temperature data remanence in static RAM , 2002 .

[6]  Mike Bond,et al.  API-Level Attacks on Embedded Systems , 2001, Computer.

[7]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[8]  Somesh Jha,et al.  Automatic Discovery of API-Level Vulnerabilities , 2008 .

[9]  Whitfield Diffie,et al.  Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard , 1977, Computer.

[10]  Stefan A. Brands,et al.  Untraceable Off-line Cash in Wallet with Observers , 2002 .

[11]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[12]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[13]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[14]  Dennis Longley,et al.  An automatic search for security flaws in key management schemes , 1992, Comput. Secur..

[15]  Ross J. Anderson,et al.  On the Reliability of Electronic Payment Systems , 1996, IEEE Trans. Software Eng..

[16]  Dennis Longley,et al.  Effect of key generators on the automatic search for flaws in key management schemes , 1994, Comput. Secur..

[17]  Sean W. Smith,et al.  Application Support Architecture for a High-Performance, Programmable Secure Coprocessor , 1999 .

[18]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[19]  Paul C. van Oorschot,et al.  Parallel collision search with application to hash functions and discrete logarithms , 1994, CCS '94.

[20]  Sean W. Smith,et al.  Trusting Trusted Hardware: Towards a Formal Model for Programmable Secure Coprocessors , 1998, USENIX Workshop on Electronic Commerce.

[21]  Mike Bond Attacks on Cryptoprocessor Transaction Sets , 2001, CHES.

[22]  Sean W. Smith,et al.  Fairy Dust, Secrets, and the Real World , 2003, IEEE Secur. Priv..

[23]  Ross J. Anderson Why cryptosystems fail , 1994, CACM.

[24]  Sergei Skorobogatov,et al.  Semi-invasive attacks: a new approach to hardware security analysis , 2005 .

[25]  Markus G. Kuhn – mkuhn Probability Theory for Pickpockets — ec-PIN Guessing , 1997 .

[26]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[27]  Steve H. Weingart,et al.  Validating a High-Performance , Programmable Secure Coprocessor , 1999 .

[28]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[29]  George S. Taylor,et al.  Improving smart card security using self-timed circuits , 2002, Proceedings Eighth International Symposium on Asynchronous Circuits and Systems.

[30]  Mike Bond Understanding security APIs , 2004 .

[31]  Jolyon Clulow,et al.  On the Security of PKCS#11 , 2003, CHES.

[32]  Ross J. Anderson Cryptography and competition policy: issues with 'trusted computing' , 2003, PODC '03.

[33]  Sean W. Smith,et al.  Using a High-Performance, Programmable Secure Coprocessor , 1998, Financial Cryptography.

[34]  Mike Bond,et al.  Protocol Analysis, Composability and Computation , 2004 .

[35]  Sean W. Smith Outbound authentication for programmable secure coprocessors , 2004, International Journal of Information Security.

[36]  Piotr Zielinski,et al.  Decimalisation table attacks for PIN cracking , 2003 .

[37]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[38]  Sean W. Smith,et al.  Building the IBM 4758 Secure Coprocessor , 2001, Computer.

[39]  Ross J. Anderson The Correctness of Crypto Transaction Sets , 2000, Security Protocols Workshop.

[40]  Simon Rigby Key management in secure data networks , 1987 .

[41]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[42]  Steve H. Weingart Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defenses 2008 (Updated from the CHES 2000 version) , 2008 .

[43]  Mike Bond A Chosen Key Difference Attack on Control Vectors , 2000 .

[44]  Ross J. Anderson,et al.  On a new way to read data from memory , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[45]  George S. Taylor,et al.  Balanced self-checking asynchronous logic for smart card applications , 2003, Microprocess. Microsystems.

[46]  Miles E. Smid,et al.  Security Requirements for Cryptographic Modules | NIST , 1994 .

[47]  Stephen M. Matyas,et al.  A Key-Management Scheme Based on Control Vectors , 1991, IBM Syst. J..

[48]  Mike Bond,et al.  Experience Using a Low-Cost FPGA Design to Crack DES Keys , 2002, CHES.

[49]  Mike Bond,et al.  Extending Security Protocol Analysis: New Challenges , 2005, Electron. Notes Theor. Comput. Sci..

[50]  Mike Bond,et al.  Encrypted? Randomised? Compromised? (When Cryptographically Secured Data is Not Secure) , 2004, Cryptographic Algorithms and their Uses.

[51]  Stephen M. Matyas Key Handling with Control Vectors , 1991, IBM Syst. J..

[52]  Judith King Bolero — a practical application of trusted third party services , 1995 .