Editing Secure cryptoprocessor (section)

==Degree of security==
Secure cryptoprocessors, while useful, are not invulnerable to attack, particularly for well-equipped and determined opponents (e.g. a government intelligence agency) who are willing to expend enough resources on the project.<ref>{{cite news | url=https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies | title=China Used a Tiny Chip in a Hack That Infiltrated U.S. Companies | newspaper=Bloomberg.com | date=4 October 2018 }}</ref><ref>{{cite web | url=https://support.apple.com/en-au/guide/security/sec59b0b31ff/web | title=Secure Enclave }}</ref>

One attack on a secure cryptoprocessor targeted the [[IBM 4758]].<ref>[http://www.admin.cam.ac.uk/news/press/dpp/2001110901 attack on the IBM 4758] {{webarchive|url=https://web.archive.org/web/20040916211130/http://www.admin.cam.ac.uk/news/press/dpp/2001110901 |date=2004-09-16 }}</ref> A team at the University of Cambridge reported the successful extraction of secret information from an IBM 4758, using a combination of mathematics, and special-purpose [[codebreaking]] hardware. However, this attack was not practical in real-world systems because it required the attacker to have full access to all API functions of the device. Normal and recommended practices use the integral access control system to split authority so that no one person could mount the attack.{{citation needed|date=May 2021}}

While the vulnerability they exploited was a flaw in the software loaded on the 4758, and not the architecture of the 4758 itself, their attack serves as a reminder that a security system is only as secure as its weakest link: the strong link of the 4758 hardware was rendered useless by flaws in the design and specification of the software loaded on it.

Smartcards are significantly more vulnerable, as they are more open to physical attack. Additionally, hardware backdoors can undermine security in smartcards and other cryptoprocessors unless investment is made in anti-backdoor design methods.<ref>{{Citation | last1 = Waksman | first1 = Adam | title = Tamper Evident Microprocessors | periodical = Proceedings of the IEEE Symposium on Security and Privacy | location = Oakland, California | url = https://www.cs.columbia.edu/~waksman/PDFs/Oakland_2010.pdf | year = 2010 | access-date = 2019-08-27 | archive-date = 2013-09-21 | archive-url = https://web.archive.org/web/20130921055451/https://www.cs.columbia.edu/~waksman/PDFs/Oakland_2010.pdf | url-status = dead }}</ref>

In the case of [[full disk encryption]] applications, especially when implemented without a [[booting|boot]] [[personal identification number|PIN]], a cryptoprocessor would not be secure against a [[cold boot attack]]<ref name="ColdBoot">{{cite web|url=http://citp.princeton.edu/memory/|title=Lest We Remember: Cold Boot Attacks on Encryption Keys|author=[[J. Alex Halderman]], [[Seth Schoen|Seth D. Schoen]], [[Nadia Heninger]], William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, [[Jacob Appelbaum]], and [[Edward Felten|Edward W. Felten]]|publisher=[[Princeton University]]|date=February 21, 2008|access-date=2008-02-22|archive-date=2011-07-22|archive-url=https://web.archive.org/web/20110722182409/http://citp.princeton.edu/memory/|url-status=dead}}</ref> if [[data remanence]] could be exploited to dump [[static random access memory|memory]] contents after the [[operating system]] has retrieved the cryptographic [[key (cryptography)|keys]] from its [[Trusted Platform Module|TPM]].

However, if all of the sensitive data is stored only in cryptoprocessor memory and not in external storage, and the cryptoprocessor is designed to be unable to reveal keys or decrypted or unencrypted data on chip [[Wire bonding|bonding pads]] or [[Flip chip|solder bumps]], then such protected data would be accessible only by probing the cryptoprocessor chip after removing any packaging and metal shielding layers from the cryptoprocessor chip. This would require both physical possession of the device as well as skills and equipment beyond that of most technical personnel.

Other attack methods involve carefully analyzing the timing of various operations that might vary depending on the secret value or mapping the current consumption versus time to identify differences in the way that '0' bits are handled internally vs. '1' bits. Or the attacker may apply temperature extremes, excessively high or low clock frequencies or supply voltage that exceeds the specifications in order to induce a fault. The internal design of the cryptoprocessor can be tailored to prevent these attacks.

Some secure cryptoprocessors contain [[Dual processors|dual processor]] cores and generate inaccessible encryption keys when needed so that even if the circuitry is reverse engineered, it will not reveal any keys that are necessary to securely decrypt software booted from encrypted flash memory or communicated between cores.<ref>[http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=216500274 Secure CPU complies with DOD anti-tamper mandate]</ref>

The first single-chip cryptoprocessor design was for [[copy protection]] of personal computer software (see US Patent 4,168,396, Sept 18, 1979) and was inspired by Bill Gates's [[Open Letter to Hobbyists]].