University of Cambridge - Computer Laboratory
"So George, what are we going to do today? - Same thing
Resources - Security API and HSM Guides and Links
Under construction... this sample is not representative or the "must read" papers in the field it's just a selection of papers that have recently come to my attention.
The Big Five|
The module I have studied most thoroughly is the IBM4758. This is a general purpose cryptoprocessor designed at Watson labs, NY. It's physical tamper resistance is probably still state of the art, and it can run arbitrary software inside. The 4758 ships with a free version of the IBMs banking security API - the "Common Cryptographic Architecture" (CCA). I have concentrated specifically on attacking the CCA, because it presents the highest-level API that remains within the tamper-resistant boundary.
The "bible" for CCA hacking is- "4758 CCA Basic Services", although there are snippets of useful information (such as suggested access role configurations) in other manuals, such as the installation guide. You can download nerally all the IBM Manuals from their cryptoprocessor resource library. The latest version of the bible checks in at 448 pages - certainly big enough to need to be split into chapter and verse.
A crucial architectural feature is the "control vector", which is a way of enforcing information typing by making modifications to the key used to protect that information. But if the binding between the data and the type information can be undone, there are all sorts of nasty things you can do. A good half of my paper "Attacks on Cryptoprocessor Transaction Sets" is devoted to explaining these attacks.
The 4758 itself is a complicated beast too. It has an Intel 486 inside, and uses special 'hardware locks' on the bus communication lines to enforce layering of the firmware loaded in. The system is called 'Miniboot', and is really quite slick. Each lower layer verifys the integrity of the layer above, turns on the locks, then passes execution to the next layer up. Some day I will get around to looking at this thing, and see if it will break. You can read about it in Watson lab's paper "Building A High-performance, Programmable, Secure Coprocessor".
I have been working with Richard Clayton on the design and implementation of a special hardware DES cracking engine which exploits the parallelism of the "meet-in-the-middle attack". The design has currently been implemented on an Altera evaluation board, worth approximately $995. We believe it to be the second ever hardware search engine in the open community (The EFF machine is the first) to have actually cracked a DES key. More news on this front will be coming shortly.
Richard has made a useful survey of all the existing literature and attempts on brute force cracking. It can be found here. We also gave a seminar in June on the topic, and you can download the slides for this as a PDF file (150k).
Getting information on the Visa Security Module is rather a more tricky thing to do. There are various clones and upgrades in existence, many of which may still be currently deployed in banks- so it's best not to say too much about the VSM. The reason it is bad to talk about it is because (unlike the 4758) the operational procedure is hardwired into the module. Suffice to say, it was in its hey-day in the mid 80s, and it's now rather dated. It seems that the latest incarnations of the VSM are made by Thales (who used to be Zaxus).
nCipher make cryptoprocessors, but unlike the two above, the focus of their modules is on protecting keys, not data. This is admittedly quite a blurry issue as to whether a key is data and vice versa, but there is some truth in it because the nCipher transaction set is fundamentally different to the others. It has lots of devilishly complicated key management features which use ACLs and certificate chains, but at the end of the day, as far as nCipher's boxes are concerned, either you can use a key or you can't. There are no features (at current) for manipulation of protected data, such as translation of keys, or performing arbitrary operations on data passed in encrypted form. This is great if you're a CA, but not so great if you're a bank. Their documentation is here.
|Cryptoprocessor||API||FIPS Level||Attacks found to date|
|Visa Security Module||Integrated|
|nCipher nForce||nCore||Level 3|| 1/2|
|IBM S/390 Crypto-Coprocessor||CCA||Level 4|
|PRISM Security Module||PCM API||Unknown|
|Racal/Zaxus/Thales RG7000||Proprietary||Not Validated?|
|Atalla NSP||Proprietary||Not Sure|
|Baltimore Sureware Keyper||PKCS#11||Level 3/4 ??|
|Chyrsalis Luna CA||PKCS#11||Level 3|
PLEASE NOTE : This tally chart is for light humour only. Presence of bars does not mean there are attacks on the listed cryptoprocessor. The chart should instead be read as reflective of my current hunches.
Any information on this page is for information purposes only. Whatever that means.
Page created : 22nd November '00
Last update : 9th Nov '05