Replaces RC21045
Secure coprocessors enable secure distributed applications by
providing safe havens where an application program can execute (and
accumulate state), free of observation and interference by an
adversary with direct physical access to the device. However, for
these coprocessors to be effective, participants in such applications
must be able to verify that they are interacting with an authentic
program on an authentic, untampered device. Furthermore, secure
coprocessors that support {\em general-purpose} computation and will
be manufactured and distributed as {\em commercial products} must
provide these core sanctuary and authentication properties while also
meeting many additional challenges, including:
* the applications, operating system, and underlying security
management may all come from different, mutually suspicious
authorities;
* configuration and maintenance must occur in a hostile environment,
while minimizing disruption of operations;
* the device must be able to recover from the vulnerabilities that
inevitably emerge in complex software;
* hardware constraints dictate that support for advanced cryptography
depends on reloadable software; and
* physical security dictates that the device itself can never be
opened and examined.
This paper summarizes the hardware, software, and cryptographic
architecture we developed to address these problems. Furthermore,
with our colleagues, we have implemented this solution, now available
as a commercial product.
By: Sean Smith, Steve Weingart
Published in: RC21102 in 1998
LIMITED DISTRIBUTION NOTICE:
This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.
Questions about this service can be mailed to reports@us.ibm.com .