Mike Bond
University of Cambridge - Computer Laboratory

Email : Mike.Bond@cl.cam.ac.uk

Phone : +44 (0)1223 7-63571
Mobile: +44 (0)7890 171913
Fax : +44 (0)1223 3-34678

"So George, what are we going to do today? - Same thing
we do every day Mike ... Try to take over the World!"
--(Pinky & The Brain edt.)

Home   Research   Resources   Phantom

Resources - Security API and HSM Guides and Links

People Working in the Field

  • Jan Krhovjak's Homepage
  • Anton Stiglic's page on Cryptographic Accelerators, Processors and HSMs
  • Jolyon Clulow's Homepage
  • Sean Smith's Homepage
  • Leendert Van Doorn's Homepage
  • Peter Guttman's Homepage
  • Ross Anderson's Homepage
  • Graham Steel's Homepage
  • Jon Herzog's Homepage
  • Vinod Ganapathy's Homepage
  • Chris Mitchell's Homepage

  • Selected Papers

    Under construction... this sample is not representative or the "must read" papers in the field it's just a selection of papers that have recently come to my attention.

  • Truncation attacks on MACs -- Chris J. Mitchell
  • Utoky na a pres API: PIN Recovery Attacks -- Jan Krhovjak
  • PIN Recovery Attacks: Slides -- Jan Krhovjak

  • HSM Manufacturers

    The Big Five

  • IBM
  • Thales eSecurity (prev. Zaxus and Racal)
  • nCipher
  • HP Atalla
  • Eracom Technologies

  • Major Players

  • SafeNet (prev. Rainbow and Chrysalis-ITS)
  • Prism Payment Technologies
  • Baltimore (prev. Zergo)
  • Jones Futurex
  • Utimaco Safeware
  • API Designers

  • Microsoft CAPI
  • RSA PKCS#11
  • Cryptlib

  • Specialists

  • BBN
  • The Trusted Computing Group
  • Wave
  • Prime Factors
  • Trusted Security Solutions

  • Manufacturer Profiles

    IBM, 4758s, and the CCA

    The module I have studied most thoroughly is the IBM4758. This is a general purpose cryptoprocessor designed at Watson labs, NY. It's physical tamper resistance is probably still state of the art, and it can run arbitrary software inside. The 4758 ships with a free version of the IBMs banking security API - the "Common Cryptographic Architecture" (CCA). I have concentrated specifically on attacking the CCA, because it presents the highest-level API that remains within the tamper-resistant boundary.

    The "bible" for CCA hacking is- "4758 CCA Basic Services", although there are snippets of useful information (such as suggested access role configurations) in other manuals, such as the installation guide. You can download nerally all the IBM Manuals from their cryptoprocessor resource library. The latest version of the bible checks in at 448 pages - certainly big enough to need to be split into chapter and verse.

    A crucial architectural feature is the "control vector", which is a way of enforcing information typing by making modifications to the key used to protect that information. But if the binding between the data and the type information can be undone, there are all sorts of nasty things you can do. A good half of my paper "Attacks on Cryptoprocessor Transaction Sets" is devoted to explaining these attacks.

    The 4758 itself is a complicated beast too. It has an Intel 486 inside, and uses special 'hardware locks' on the bus communication lines to enforce layering of the firmware loaded in. The system is called 'Miniboot', and is really quite slick. Each lower layer verifys the integrity of the layer above, turns on the locks, then passes execution to the next layer up. Some day I will get around to looking at this thing, and see if it will break. You can read about it in Watson lab's paper "Building A High-performance, Programmable, Secure Coprocessor".

    IBM Links

    IBM 4758 Open Source Linux Drivers
    IBM Cryptocards Resource Library
    IBM Cryptocards Home
    IBM Security Research Home
    IBM 4758 Vault Registry
    IBM 4758 Payment Server

    Brute Force Attacks using Hardware

    I have been working with Richard Clayton on the design and implementation of a special hardware DES cracking engine which exploits the parallelism of the "meet-in-the-middle attack". The design has currently been implemented on an Altera evaluation board, worth approximately $995. We believe it to be the second ever hardware search engine in the open community (The EFF machine is the first) to have actually cracked a DES key. More news on this front will be coming shortly.

    Richard has made a useful survey of all the existing literature and attempts on brute force cracking. It can be found here. We also gave a seminar in June on the topic, and you can download the slides for this as a PDF file (150k).

    The Visa Security Module

    Getting information on the Visa Security Module is rather a more tricky thing to do. There are various clones and upgrades in existence, many of which may still be currently deployed in banks- so it's best not to say too much about the VSM. The reason it is bad to talk about it is because (unlike the 4758) the operational procedure is hardwired into the module. Suffice to say, it was in its hey-day in the mid 80s, and it's now rather dated. It seems that the latest incarnations of the VSM are made by Thales (who used to be Zaxus).

    nCipher Security Modules

    nCipher make cryptoprocessors, but unlike the two above, the focus of their modules is on protecting keys, not data. This is admittedly quite a blurry issue as to whether a key is data and vice versa, but there is some truth in it because the nCipher transaction set is fundamentally different to the others. It has lots of devilishly complicated key management features which use ACLs and certificate chains, but at the end of the day, as far as nCipher's boxes are concerned, either you can use a key or you can't. There are no features (at current) for manipulation of protected data, such as translation of keys, or performing arbitrary operations on data passed in encrypted form. This is great if you're a CA, but not so great if you're a bank. Their documentation is here.

    Attack Counter

    CryptoprocessorAPIFIPS LevelAttacks found to date
    IBM 4758CCA
    Level 4
    Visa Security ModuleIntegrated
    Not Validated

    nCipher nForcenCoreLevel 3  1/2

    IBM S/390 Crypto-CoprocessorCCALevel 4

    PRISM Security ModulePCM APIUnknown

    Racal/Zaxus/Thales RG7000ProprietaryNot Validated?

    Atalla NSPProprietaryNot Sure

    Baltimore Sureware KeyperPKCS#11Level 3/4 ??

    Chyrsalis Luna CAPKCS#11Level 3

    PLEASE NOTE : This tally chart is for light humour only. Presence of bars does not mean there are attacks on the listed cryptoprocessor. The chart should instead be read as reflective of my current hunches.


    Any information on this page is for information purposes only. Whatever that means.

    Page created : 22nd November '00
    Last update : 9th Nov '05