Cryptographic Processors-A Survey

Tamper-resistant cryptographic processors are becoming the standard way to enforce data-usage policies. Their history began with military cipher machines, and hardware security modules used to encrypt the PINs that bank customers use to authenticate themselves to ATMs. In both cases, the designers wanted to prevent abuse of data and key material should a device fall into the wrong hands. From these specialist beginnings, cryptoprocessors spread into devices such as prepayment electricity meters, and the vending machines that sell credit for them. In the 90s, tamper-resistant smartcards became integral to GSM mobile phone identi cation and to key management in pay-TV set-top boxes, while secure microcontrollers were used in remote key entry devices for cars. In the last ve years, dedicated crypto chips have been embedded in devices from games console accessories to printer ink cartridges, to control product and accessory aftermarkets. The `Trusted Computing’ initiative will soon embed cryptoprocessors in PCs so that they can identify each other remotely. This paper surveys the range of applications of tamper- resistant hardware, and the array of attack and defence mechanisms which have evolved in the tamper-resistance arms race.

The combination of cryptography and tamper-resistance first appeared in military applications such as securing communications links. The spread of Automated Teller Machine (ATM) networks brought the technology into the commercial mainstream. The devices used for protecting ATM networks were subsequently adapted for other appli- cations such as prepayment electricity meter. A typical high-end cryptoprocessor is a physically tamper-resistant embedded processor which communicates with a conventional PC or mainframe and performs a pre- defined set of cryptographic operations using keys that are protected within the device. Such a cryptoprocessor typically enforces a policy on the use of the keys it protects. For example, in an ATM net- work, the network cryptoprocessor may allow verification of incoming customer Personal Identification Numbers (PINs) but not generation of PINs for new accounts. The Appli- cation Programming Interface (API) which such a device presents is called the security API and will implement the device’s security policy. We discuss security APIs in sec- tions V and VI. During the 1990s, cryptoprocessors gained more uses: protecting Secure Socket Layer (SSL) keys used by web- servers, and defending proprietary software and algorithms from theft by employees; low-cost cryptoprocessors such as smartcards and secure microcontrollers also became com- monplace.
A whole host of embedded applications for cryptoproces- sors now exist: smartcards for holding decryption keys for pay-TV; lottery ticket vending machines; and mobile-phone top-up systems. Modern electronic payment schemes such as EMV use smartcards and readers at the front end, and larger cryptoprocessors at the back end, to control the ow of electronic money. Tamper-resistant hardware is even deployed in an e ort to secure electronic voting terminals from attack. The latest applications of tamper-resistant processors are in Digital Rights Management (DRM) and Trusted Com- puting (TC). Content owners are looking towards tamper- resistant processors with security APIs that can enforce ar- bitrary policies on the way that content is processed. The range of possible applications is incredible, and { to some observers { disturbing . The entertainment industry in particular seeks new revenue streams by using security APIs to release media according to new rules, such as music subscription services, and to enforce finer market segmen- tation. In section II we describe possible applications in more de- tail, and in section III we provide a taxonomy of cryptopro- cessors and attacks. Section IV considers attacks involving physical access to the device, while sections V and VI describe logical attacks on the security APIs of cryptopro- cessors. Finally, sections VII and VIII look at issues of policy and draw some conclusions.

ATMs were the `killer application’ that got cryptography into wide use outside of military and diplomatic circles, and remain today a high-volume use for tamper-resistant hard- ware. In the 70s, IBM developed a system for authenticat- ing customers to ATMs. Bank customers were issued with PINs, computed from their account numbers using a secret DES key, the PIN derivation key. References [3], [4] include descriptions of the launch of the 3614 ATM series [36] and its accompanying back-end processor, the 3848. This was the first commercial hardware security module, or HSM, as stand-alone cryptoprocessors have come to be known in the financial sector. HSMs controlled access to the PIN deriva- tion keys, and also kept PINs secret in transit through the network. HSMs are still used during all stages of PIN man- agement, including acquisition of PINs at the ATMs (the keypad is often integrated into a low-cost HSM based on the Dallas DS5002 microcontroller); verification at the card issuing bank, and also during generation processes, e.g. at PIN mailing sites.

Free download research paper