Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Slides:

Advertisements

Similar presentations

Digital Certificate Installation & User Guide For Class-2 Certificates.

Advertisements

Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.

Tamper resistant devices Levente Buttyán Laboratory of Cryptography and System Security (CrySyS) Budapest University of Technology and Economics

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

SafeNet Luna XML Hardware Security Module

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography and Network Security

Jeff Bilger - CSE P 590TU - Winter 2006 The Role of Cryptography in Combating Software Piracy.

9/11/2012Pomcor 1 Techniques for Implementing Derived Credentials Francisco Corella Karen Lewison Pomcor (

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

Digital Signatures and Hash Functions. Digital Signatures.

Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

FIT3105 Smart card based authentication and identity management Lecture 4.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Iron Key and Portable Drive Security Zakary Littlefield.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

FIT5037 Advanced Network Security --- Modern Computing and Security --- Lecture 1.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Certificate and Key Storage Tokens and Software

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Week #7 Objectives: Secure Windows 7 Desktop

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

ECE509 Cyber Security : Concept, Theory, and Practice Cryptography Spring 2014.

Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.

1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.

SEC835 Practical aspects of security implementation Part 1.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.

PGP ENCRYPTION Prepared by Noel Kigaraba. Introduction This presentation explains the basic information about PGP encryption software. It discusses the.

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Web Security : Secure Socket Layer Secure Electronic Transaction.

Smart Card Technology & Features

Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,

COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.

Some Perspectives on Smart Card Cryptography

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

Class 4 Asymmetric Cryptography and Trusting Internal Components CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

Network Security Celia Li Computer Science and Engineering York University.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

What is BitLocker and How Does It Work? Steve Lamb IT Pro Evangelist, Microsoft Ltd

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

1 Example security systems n Kerberos n Secure shell.

Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.

Hardware Cryptographic Coprocessor

Student: Ying Hong Course: Database Security Instructor: Dr. Yang

Presentation transcript:

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software

The Problem Need for secure computing in an environment where computing is distributed, insecure, and even hostile More and more, we use computers that belong to others, but we need to know our data is safe.

The Goal Create a trusted computing device that can be added to an untrusted computing system to make it secure. Isolate your secure processing from the rest of your system.

Example 1 - Database Create a central database system that allows only authorized users to access to only their data on the system. Exclude even the system administrator from viewing any data in the database.

Example 2 – Trusted Boot You have an untrusted computing system, but you want to ensure that it boots the correct machine code. Want to make sure that the boot code has not been altered or tampered with

Example 3 – Protected Data At Rest (My Favorite!) You have sensitive data that you can access in a controlled, protected environment but must be protected when not being accessed Protection of data needed between use of it i.e. during transportation

A Secure Coprocessor A general-purpose computing environment Withstands physical attacks and logical attacks Must run the programs that it is supposed to, and must distinguish between the real device and application and a clever impersonator Must remain secure even if adversaries carry out destructive analysis of one or more devices Started in the early 1990’s

Evaluation Parameters Physical Protection (tamper resistant) Reliability (physical or electrical damage) Computational Ability (Speed bps) Communications Portability Cost

Applications Generalized Access Generalized Revelation Autonomous Auditing Trusted Execution

Classes of Solutions IC Chip Cards (Smart Cards, Your GSM Phone has one) PCMCIA Tokens (Fortezza) Other Card Tokens (Secure ID) Smart Disks (Obsolete) Bus Cards (IBM 4758) Your Body (the future is now)

FORTEZZA™ CRYPTOCARD

Fortezza Features Data Privacy User ID Authentication Data Integrity Non-Repudiation Time stamping

RSA SecurID Software tokens support qualified smart cards or USB authenticators Stores symmetric key and is PIN protected Stores digital credentials Only secures the login process

The IBM 4758 Tamper-responding hardware design certified under FIPS PUB Suitable for high-security processing and cryptographic operations Hardware to perform DES, random number generation, and modular math functions for RSA and similar public- key cryptographic algorithms Secure code loading that enables updating of the functionality while installed in application systems IBM Common Cryptographic Architecture (CCA) and PKCS #11 as well as custom software options Provides a secure platform on which developers can build secure applications

The 4758 Architecture

SafeNet SafeXcel™ 241-PCI Card Provides industry-leading cryptography throughput for operations such as: –DES and Triple-DES encryption –MD5 and SHA-1 Hashing –Random number generation –Public key computations: - Diffie-Hellman key negotiation - RSA encryption and signatures - DSA signatures

SafeXcel™ 241-PCI Architecture