Motivation
Many current and proposed distributed applications face a fundamental security
contradiction:
- computation must occur in remote devices,
- but these devices are vulnerable to physical
attack by adversaries who would benefit from subverting this computation.
If an adversary can attack a device by altering
or copying its algorithms or stored data, he or she often can subvert an
entire application. The mere potential of such attack may suffice to make
a new application too risky to consider.
Idea
Secure coprocessors---computational devices that can be trusted to execute their software correctly, despite physical attack---address these threats. Distributing such trusted havens throughout a hostile environment enables secure distributed applications. Higher-end examples of secure coprocessing technology usually incorporate support for high-performance cryptography.
However, even though this technology is closely
associated with cryptographic accelerators, much of the exciting potential
of the secure coprocessing model arises from the notion of putting computation
as well as cryptographic secrets inside the secure box.
History
For over fifteen years, our team has explored building
high-end devices: robust, general-purpose computational environments inside
secure tamper-responsive physical packages. This work led to the Abyss,
microAbyss, and Citadel prototypes; provided the hardware platform for Bennet
Yee and Doug Tygar's Dyad project at CMU; contributed to the physical security
design for some of earlier IBM cryptographic accelerators; and contributed
to FIPS 140-1, the standard used by the U.S. and Canadian Governments for
secure devices.
Results
This research introduced the challenge: how do we make
this vision real? Widespread development and practical deployment of secure
coprocessing applications requires an infrastructure of secure devices,
not just a handful of laboratory prototypes, and requires that these devices
be trustworthy.
We've addressed both these needs!
- Existence.
Our team was instrumental in the design, development
and deployment of such a device, the IBM 4758---both as a research tool
and as a commercial product, which reached market August 1997. Subsequent
devices have recently been released in April and June of 2000 which
build on our initial work, offering further enhancements, functionality,
and increased performance.
- Security.
In November 1998, the IBM 4758 became the first device ever to earn a FIPS 140-1 Level 4 validation---the highest
possible rating. This meant:
- The device withstood any physical attack
the independent evaluation lab tried.
- The security of the internal software
was validated by mechanical verification of a formal mathematical
model.
As of this writing, the only other Level
4 device is a non-programmable crypto chip, also from IBM.
Device drivers are available for NT, OS/2, AIX,
Solaris and Linux; BSD is coming.
What's Next
We're looking to build applications that push the envelope
of secure coprocessors.
We're helping others to do this: already,
UCSD is using our platform for secure mobile agents; University of Michigan
is using our platform to secure sensitive data and operations in Kerberos
servers. Other university agreements are underway.
And we're working on new hardware:
- a PCMCIA-sized prototype of the same architecture
- follow-on hardware with much faster crypto
- experimental prototype hardware that incorporates Ethernet
Product Documentation
Our main product page
contains information about the IBM 4758 including, software manuals, technical
specs, ordering information and press releases.
Contacts
- Technical/Research issues:
- Sales:
TM: A Certification Mark of NIST, which does not imply product endorsement
by NIST, the U.S. or Canadian Governments.
|
