Editing Secure cryptoprocessor

{{short description|Device used for encryption}}
{{more citations needed|date=May 2016}}
[[File:WE 229G die.JPG|thumb|[[Western Electric]] 229G cryptoprocessor]]

A '''secure cryptoprocessor''' is a dedicated [[System-on-a-chip|computer-on-a-chip]] or [[microprocessor]] for carrying out [[cryptographic]] operations, embedded in a packaging with multiple [[physical security]] measures, which give it a degree of [[tamper resistance]].  Unlike cryptographic processors that output decrypted data onto a bus in a secure environment, a secure cryptoprocessor does not output decrypted data or decrypted program instructions in an environment where security cannot always be maintained.

The purpose of a secure cryptoprocessor is to act as the keystone of a security subsystem, eliminating the need to protect the rest of the subsystem with physical security measures.<ref>{{Cite book|title=Digital rights management : concepts, methodologies, tools, and applications|date=2013|publisher=Information Science Reference (an imprint of IGI Global)|others=Information Resources Management Association.|isbn=9781466621374|location=Hershey, Pa.|pages=609|oclc=811354252}}</ref>

==Examples==
A [[hardware security module]] (HSM) contains one or more secure cryptoprocessor [[integrated circuit|chips]].<ref>{{cite book |last1=Ramakrishnan |first1=Vignesh |last2=Venugopal |first2=Prasanth |last3=Mukherjee |first3=Tuhin |title=Proceedings of the International Conference on Information Engineering, Management and Security 2015: ICIEMS 2015 |date=2015 |publisher=Association of Scientists, Developers and Faculties (ASDF) |isbn=9788192974279 |page=9 |url=https://books.google.com/books?id=Gw9pCwAAQBAJ&pg=PA9}}</ref><ref name="f5">{{cite web |title=Secure Sensitive Data with the BIG-IP Hardware Security Module |url=https://www.f5.com/pdf/solution-profiles/hardware-security-module-sp.pdf |publisher=[[F5, Inc.|F5]] |date=2012 |access-date=30 September 2019}}</ref><ref name="Gregg">{{cite book |last1=Gregg |first1=Michael |title=CASP CompTIA Advanced Security Practitioner Study Guide: Exam CAS-002 |date=2014 |publisher=[[John Wiley & Sons]] |isbn=9781118930847 |page=246 |url=https://books.google.com/books?id=LKPCBwAAQBAJ&pg=PA246}}</ref> These devices are high grade secure cryptoprocessors used with enterprise servers. A hardware security module can have multiple levels of physical security with a single-chip cryptoprocessor as its most secure component. The cryptoprocessor does not reveal keys or executable instructions on a bus, except in encrypted form, and zeros keys by attempts at probing or scanning.  The crypto chip(s) may also be [[Potting (electronics)|potted]] in the hardware security module with other processors and memory chips that store and process encrypted data. Any attempt to remove the potting will cause the keys in the crypto chip to be zeroed. A hardware security module may also be part of a computer (for example an [[automated teller machine|ATM]]) that operates inside a locked safe to deter theft, substitution, and tampering.

Modern [[smartcard]]s are probably the most widely deployed form of secure cryptoprocessor, although more complex and versatile secure cryptoprocessors are widely deployed in systems such as [[Automated teller machine]]s, TV [[set-top box]]es, military applications, and high-security portable communication equipment.{{citation needed|date=May 2016}} Some secure cryptoprocessors can even run general-purpose operating systems such as [[Linux]] inside their security boundary. Cryptoprocessors input program instructions in encrypted form, decrypt the instructions to plain instructions which are then executed within the same cryptoprocessor chip where the decrypted instructions are inaccessibly stored.  By never revealing the decrypted program instructions, the cryptoprocessor prevents tampering of programs by technicians who may have legitimate access to the sub-system data bus. This is known as [[bus encryption]]. Data processed by a cryptoprocessor is also frequently encrypted.

The [[Trusted Platform Module]] (TPM) is an implementation of a secure cryptoprocessor that brings the notion of [[trusted computing]] to ordinary [[Personal computer|PC]]s by enabling a [[secure environment]].{{citation needed|date=May 2016}} Present TPM implementations focus on providing a tamper-proof boot environment, and persistent and volatile storage encryption.

Security chips for embedded systems are also available that provide the same level of physical protection for keys and other secret material as a smartcard processor or TPM but in a smaller, less complex and less expensive package.{{citation needed|date=May 2016}} They are often referred to as cryptographic [[authentication]] devices and are used to authenticate peripherals, accessories and/or consumables. Like TPMs, they are usually turnkey integrated circuits intended to be embedded in a system, usually soldered to a PC board.

==Features==
Security measures used in secure cryptoprocessors:
* Tamper-detecting and [[tamper-evident]] containment.
* Conductive shield layers in the chip that prevent reading of internal signals.
* Controlled execution to prevent timing delays from revealing any secret information.
* Automatic [[zeroisation|zeroization]] of secrets in the event of tampering.
* [[Chain of trust]] boot-loader which authenticates the operating system before loading it.
* Chain of trust operating system which authenticates application software before loading it.
* Hardware-based [[Capability-based security|capability]] registers, implementing a one-way [[privilege separation]] model.

==Degree of security==
Secure cryptoprocessors, while useful, are not invulnerable to attack, particularly for well-equipped and determined opponents (e.g. a government intelligence agency) who are willing to expend enough resources on the project.<ref>{{cite news | url=https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies | title=China Used a Tiny Chip in a Hack That Infiltrated U.S. Companies | newspaper=Bloomberg.com | date=4 October 2018 }}</ref><ref>{{cite web | url=https://support.apple.com/en-au/guide/security/sec59b0b31ff/web | title=Secure Enclave }}</ref>

One attack on a secure cryptoprocessor targeted the [[IBM 4758]].<ref>[http://www.admin.cam.ac.uk/news/press/dpp/2001110901 attack on the IBM 4758] {{webarchive|url=https://web.archive.org/web/20040916211130/http://www.admin.cam.ac.uk/news/press/dpp/2001110901 |date=2004-09-16 }}</ref> A team at the University of Cambridge reported the successful extraction of secret information from an IBM 4758, using a combination of mathematics, and special-purpose [[codebreaking]] hardware. However, this attack was not practical in real-world systems because it required the attacker to have full access to all API functions of the device. Normal and recommended practices use the integral access control system to split authority so that no one person could mount the attack.{{citation needed|date=May 2021}}

While the vulnerability they exploited was a flaw in the software loaded on the 4758, and not the architecture of the 4758 itself, their attack serves as a reminder that a security system is only as secure as its weakest link: the strong link of the 4758 hardware was rendered useless by flaws in the design and specification of the software loaded on it.

Smartcards are significantly more vulnerable, as they are more open to physical attack. Additionally, hardware backdoors can undermine security in smartcards and other cryptoprocessors unless investment is made in anti-backdoor design methods.<ref>{{Citation | last1 = Waksman | first1 = Adam | title = Tamper Evident Microprocessors | periodical = Proceedings of the IEEE Symposium on Security and Privacy | location = Oakland, California | url = https://www.cs.columbia.edu/~waksman/PDFs/Oakland_2010.pdf | year = 2010 | access-date = 2019-08-27 | archive-date = 2013-09-21 | archive-url = https://web.archive.org/web/20130921055451/https://www.cs.columbia.edu/~waksman/PDFs/Oakland_2010.pdf | url-status = dead }}</ref>

In the case of [[full disk encryption]] applications, especially when implemented without a [[booting|boot]] [[personal identification number|PIN]], a cryptoprocessor would not be secure against a [[cold boot attack]]<ref name="ColdBoot">{{cite web|url=http://citp.princeton.edu/memory/|title=Lest We Remember: Cold Boot Attacks on Encryption Keys|author=[[J. Alex Halderman]], [[Seth Schoen|Seth D. Schoen]], [[Nadia Heninger]], William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, [[Jacob Appelbaum]], and [[Edward Felten|Edward W. Felten]]|publisher=[[Princeton University]]|date=February 21, 2008|access-date=2008-02-22|archive-date=2011-07-22|archive-url=https://web.archive.org/web/20110722182409/http://citp.princeton.edu/memory/|url-status=dead}}</ref> if [[data remanence]] could be exploited to dump [[static random access memory|memory]] contents after the [[operating system]] has retrieved the cryptographic [[key (cryptography)|keys]] from its [[Trusted Platform Module|TPM]].

However, if all of the sensitive data is stored only in cryptoprocessor memory and not in external storage, and the cryptoprocessor is designed to be unable to reveal keys or decrypted or unencrypted data on chip [[Wire bonding|bonding pads]] or [[Flip chip|solder bumps]], then such protected data would be accessible only by probing the cryptoprocessor chip after removing any packaging and metal shielding layers from the cryptoprocessor chip. This would require both physical possession of the device as well as skills and equipment beyond that of most technical personnel.

Other attack methods involve carefully analyzing the timing of various operations that might vary depending on the secret value or mapping the current consumption versus time to identify differences in the way that '0' bits are handled internally vs. '1' bits. Or the attacker may apply temperature extremes, excessively high or low clock frequencies or supply voltage that exceeds the specifications in order to induce a fault. The internal design of the cryptoprocessor can be tailored to prevent these attacks.

Some secure cryptoprocessors contain [[Dual processors|dual processor]] cores and generate inaccessible encryption keys when needed so that even if the circuitry is reverse engineered, it will not reveal any keys that are necessary to securely decrypt software booted from encrypted flash memory or communicated between cores.<ref>[http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=216500274 Secure CPU complies with DOD anti-tamper mandate]</ref>

The first single-chip cryptoprocessor design was for [[copy protection]] of personal computer software (see US Patent 4,168,396, Sept 18, 1979) and was inspired by Bill Gates's [[Open Letter to Hobbyists]].

==History==
{{Further|Hardware security module#History}}

The [[hardware security module]] (HSM), a type of secure cryptoprocessor,<ref name="f5"/><ref name="Gregg"/> was invented by [[Egyptian-American]] engineer [[Mohamed M. Atalla]],<ref name="Stiennon">{{cite web |last1=Stiennon |first1=Richard |title=Key Management a Fast Growing Space |url=https://securitycurrent.com/key-management-a-fast-growing-space/ |website=SecurityCurrent |publisher=IT-Harvest |access-date=21 August 2019 |date=17 June 2014}}</ref> in 1972.<ref name="Langford">{{cite web |last1=Langford |first1=Susan |title=ATM Cash-out Attacks |url=https://h41382.www4.hpe.com/gfs-shared/20140318153228.pdf |website=[[Hewlett Packard Enterprise]] |publisher=[[Hewlett-Packard]] |year=2013 |access-date=21 August 2019}}</ref> He invented a high security module dubbed the "Atalla Box" which encrypted [[Personal identification number|PIN]] and [[Automated teller machine|ATM]] messages, and protected offline devices with an un-guessable PIN-generating key.<ref name="Lazo">{{cite book |last1=Bátiz-Lazo |first1=Bernardo |title=Cash and Dash: How ATMs and Computers Changed Banking |date=2018 |publisher=[[Oxford University Press]] |isbn=9780191085574 |pages=284 & 311 |url=https://books.google.com/books?id=rWhiDwAAQBAJ&pg=PA284}}</ref> In 1972, he filed a [[patent]] for the device.<ref name="nist">{{cite web |title=The Economic Impacts of NIST's Data Encryption Standard (DES) Program |url=https://www.nist.gov/sites/default/files/documents/2017/05/09/report01-2.pdf |website=[[National Institute of Standards and Technology]] |publisher=[[United States Department of Commerce]] |date=October 2001 |access-date=21 August 2019 |archive-date=30 August 2017 |archive-url=https://web.archive.org/web/20170830020822/https://www.nist.gov/sites/default/files/documents/2017/05/09/report01-2.pdf |url-status=dead }}</ref> He founded [[Atalla Corporation]] (now [[Utimaco Atalla]]) that year,<ref name="Langford"/> and commercialized the "Atalla Box" the following year,<ref name="Lazo"/> officially as the Identikey system.<ref name="Computerworld1978">{{cite journal |title=ID System Designed as NCR 270 Upgrade |journal=[[Computerworld]] |date=13 February 1978 |volume=12 |issue=7 |page=49 |url=https://books.google.com/books?id=fB-Te8d5hO8C&pg=PA49 |publisher=IDG Enterprise}}</ref> It was a [[card reader]] and [[Identity verification service|customer identification system]], consisting of a [[card reader]] console, two customer [[PIN pad]]s, intelligent controller and built-in electronic interface package.<ref name="Computerworld1978"/> It allowed the customer to type in a secret code, which is transformed by the device, using a [[microprocessor]], into another code for the teller.<ref name="Computerworld1976">{{cite journal |title=Four Products for On-Line Transactions Unveiled |journal=[[Computerworld]] |date=26 January 1976 |volume=10 |issue=4 |page=3 |url=https://books.google.com/books?id=3u9H-xL4sZAC&pg=PA3 |publisher=IDG Enterprise}}</ref> During a [[Financial transaction|transaction]], the customer's [[Bank card number|account number was read by the card reader]].<ref name="Computerworld1978"/> It was a success, and led to the wide use of high security modules.<ref name="Lazo"/>

Fearful that Atalla would dominate the market, banks and [[credit card]] companies began working on an international standard in the 1970s.<ref name="Lazo"/> The [[IBM 3624]], launched in the late 1970s, adopted a similar PIN verification process to the earlier Atalla system.<ref name="Konheim">{{cite journal |last1=Konheim |first1=Alan G. |title=Automated teller machines: their history and authentication protocols |journal=Journal of Cryptographic Engineering |date=1 April 2016 |volume=6 |issue=1 |pages=1–29 |doi=10.1007/s13389-015-0104-3 |s2cid=1706990 |url=https://slideheaven.com/automated-teller-machines-their-history-and-authentication-protocols.html |issn=2190-8516}}</ref> Atalla was an early competitor to [[IBM]] in the banking security market.<ref name="nist"/><ref>{{Cite web |title=Cryptocurrency Charts - Prices.org |url=https://prices.org/ |access-date=2023-02-10 |website=Cryptocurrency Live - Prices.org |language=en-US}}</ref>

At the National Association of Mutual Savings Banks (NAMSB) conference in January 1976, Atalla unveiled an upgrade to its Identikey system, called the Interchange Identikey. It added the capabilities of [[online transaction processing|processing]] [[online transactions]] and dealing with [[network security]]. Designed with the focus of taking [[bank transactions]] [[online]], the Identikey system was extended to shared-facility operations. It was consistent and compatible with various [[packet switching|switching]] [[Computer network|networks]], and was capable of resetting itself electronically to any one of 64,000 irreversible [[Nonlinearity|nonlinear]] [[algorithms]] as directed by [[Card Transaction Data|card data]] information. The Interchange Identikey device was released in March 1976.<ref name="Computerworld1976"/> Later in 1979, Atalla introduced the first [[network processor|network security processor]] (NSP).<ref>{{cite web |last1=Burkey |first1=Darren |title=Data Security Overview |url=http://www.gtug.de/HotSpot2018/download/Presentation/C108-Burkey.pdf |publisher=[[Micro Focus]] |date=May 2018 |access-date=21 August 2019}}</ref> Atalla's HSM products protect 250{{nbsp}}million [[Card Transaction Data|card transactions]] every day as of 2013,<ref name="Langford"/> and secure the majority of the world's ATM transactions as of 2014.<ref name="Stiennon"/>

==See also==
* [[Computer security]]
* [[Crypto-shredding]]
* [[FIPS 140-2]]
* [[Hardware acceleration]]
** [[TLS acceleration|SSL/TLS accelerator]]
* [[Hardware security module]]s
* [[Security engineering]]
* [[Smart card]]
* [[Trusted Computing]]
* [[Trusted Platform Module]]
* [[Secure Enclave]]
* [[Titan M]]

==References==
{{Reflist}}

==Further reading==
{{refbegin}}
* [[Ross J. Anderson|Ross Anderson]], Mike Bond, Jolyon Clulow and Sergei Skorobogatov, Cryptographic Processors &mdash; A Survey, April 2005  [http://www.cl.cam.ac.uk/~mkb23/research/Survey.pdf (PDF)] {{Webarchive|url=https://web.archive.org/web/20160303215414/http://www.cl.cam.ac.uk/~mkb23/research/Survey.pdf |date=2016-03-03 }}.  This is not a survey of cryptographic processors; it is a survey of relevant security issues.
* Robert M. Best, US Patent [https://patents.google.com/patent/US4278837 4,278,837], July 14, 1981
* R. Elbaz, et al., Hardware Engines for Bus Encryption — A Survey, 2005 [http://hal.archives-ouvertes.fr/docs/00/10/64/53/PDF/D469.PDF (PDF)].
* David Lie, Execute Only Memory, [http://www-vlsi.stanford.edu/%7Elie/xom.htm] {{Webarchive|url=https://web.archive.org/web/20070228212032/http://www-vlsi.stanford.edu/%7Elie/xom.htm |date=2007-02-28 }}.
* [http://www.cl.cam.ac.uk/~rnc1/descrack/ Extracting a 3DES key from an IBM 4758]
* J. D. Tygar and Bennet Yee, ''A System for Using Physically Secure Coprocessors'', [https://web.archive.org/web/20070205172718/http://www.cni.org/docs/ima.ip-workshop/Tygar.Yee.html Dyad]
{{refend}}

{{CPU technologies}}

[[Category:Cryptographic hardware]]
[[Category:Cryptanalytic devices]]
[[Category:Arab inventions]]
[[Category:Egyptian inventions]]