Secure crypto processor

Smart cards are perhaps the most common example of a secure cryptosystem, although more sophisticated and versatile secure crypto processors are widespread in systems such as ATMs , TV receivers , military systems, and highly secure portable communication equipment. Some secure crypto processors can even run general-purpose operating systems, such as Linux, inside their secure structure. A secure crypto processor receives program instructions in encrypted form, decrypts them and executes them inside the same chip, where the decrypted instructions are stored, and no one else has access to them. By never revealing decrypted software instructions, the crypto processor prevents unauthorized access to the programs of people who have legitimate access to the system data bus. This is known as bus encryption . Data processed using a crypto processor is also often encrypted.

Trusted Platform Module (TPM) is an implementation of a secure crypto processor that introduces the concept of trusted computing for ordinary PCs by introducing a secure environment . It is believed that this method will complicate the illegal copying of copyrighted software, but current implementations tend to focus on providing a break-resistant boot environment and reliable computing on external drives.

Secure chips for embedded systems can provide the same level of physical protection of keys and other secret data as smart cards or Trusted Platform Module , but much less, easier and cheaper. They are also often referred to as authentication devices and are used to authenticate peripherals, accessories, or supplies. Like the Trusted Platform Module , these integrated circuits are designed to be embedded in systems and they are often soldered to the board.

Hardware security modules contain one or more crypto processors. These devices are highly secure crypto processors used in servers. A hardware security module can have several levels of physical protection in a single crypto processor chip. A cryptoprocessor chip can be placed in a hardware security module along with other processors and memory, where encrypted data is stored and processed. Any attempt to extract it will cause the keys to be reset in the crypto chip. Hardware security modules can also be part of a computer (such as an ATM ) that conducts operations inside a locked safe to prevent theft, replacement, and tampering.

• Fake detection and tamper indication.
• Conductive protective layers in the chip, which interfere with the reading of internal signals.
• Controlled execution to prevent the disclosure of any classified information on time delays.
• Automatic zeroing of secrets in case of falsification.
• Trusted bootloader - authenticates the operating system before starting it.
• Trusted Operating System - Verifies the authenticity of applications before launching them.
• Hardware registers where a privilege-sharing model is implemented.

While secure crypto processors are useful, they are not immune to attack, in particular for well-equipped and determined opponents (such as a government intelligence agency) who are willing to spend huge resources.

One of the attacks was carried out on IBM 4758 ^[1] . A team from the University of Cambridge provided a report on the successful extraction of classified information from IBM 4758, using math and hacking equipment . In any case, such an attack on real systems is impossible, because attackers must have full access to the device’s API . A common (and recommended) practice is to use an access control system to divide rights and no one can conduct an attack.

While the vulnerability used was a software bug in 4758, and not a mistake in the 4758 architecture as a whole, their attack serves as a reminder that the security system is as secure as its weakest link: the entire well-thought-out 4758 system was useless due to an error in a program that controlled everything.

Smart cards are significantly more vulnerable, as they are more open to physical attacks. Moreover, hardware backdoors can undermine the security of smart cards or other crypto processors if you do not invest in anti-backdoor design ^[2] .

In the case of applications with full disk encryption , especially when they are implemented without a trusted bootloader, the crypto processor cannot be protected from a cold boot attack if the residual information can be read from memory after the operating system has restored the keys from TPM .

In any case, if all confidential data is stored only in the crypto processor’s memory, and not in external storage devices, the crypto processor is designed so that it is impossible to read decrypted or unencrypted data from the terminals or any other elements, such data can only be obtained by removing all the case data from the chip and protective metal layers. This requires both physical possession of the device and special technicians who possess the appropriate skills and equipment.

Other attack methods include a careful analysis of the time it takes to complete various operations. The time can greatly depend on secret values ​​or the dependence of current consumption on time to determine whether the device is operating with the bit '0' or '1'. Or the attacker can apply extreme temperatures, a very high or low frequency, or change the supply voltage to cause a malfunction. The internal structure of the crypto processor can be adaptive to prevent such attacks.

Some secure crypto processors contain two processor cores and generate inaccessible keys when necessary, so even when the circuit is reverse-engineered , it is impossible to obtain any keys that are necessary for safe decryption of a program downloaded from an encrypted flash memory or transferred between the cores ^[3] .

• Computer security
• Security engineering
• Smart card
• Hardware Security Modules
• Trusted computing
• Trusted Platform Module
• FIPS 140-2