Hardware-based encryption: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 17:50, 21 January 2018 edit GünniX (talk \| contribs) Extended confirmed users 336,643 edits m v1.43 - WP:WCW project (Multiple categories on one line - Spelling and typography) Tag: WPCleaner ← Previous edit		Latest revision as of 08:34, 16 August 2025 edit undo Lkcl (talk \| contribs) Extended confirmed users 3,004 edits add ISA page link Tags: Mobile edit Mobile web edit Advanced mobile edit
(48 intermediate revisions by 17 users not shown)
Line 1: {{Short description\|Use of computer hardware to assist software in the process of data encryption}} {{Infobox industrial process \|type=[[Cryptography]] \|sector=[[Computing]] \|technologies=[[Cryptographic ~~Hash~~hash ~~Function~~function]], [[Encryption]] \|image = IBM4758 outside1.JPG \|caption = The [[IBM 4758]] Cryptographic Module }} Hardware-based encryption is the use of [[Computer Hardware]] to assist software, or sometimes replace software, in the process of data [[encryption]]. Typically, this is implemented as part of the [[CPU\|processor]]'s instruction set. For example, the [[Advanced Encryption Standard\|AES]] encryption algorithm (a modern [[cipher]]) can be implemented using the [[AES instruction set]] on the ubiquitous [[x86]] architecture.<ref name="Intel AES Instructions">{{cite book\|title=Intel® 64 and IA-32 Architectures Software Developer’s Manual\|date={{date\|December 2017}}\|url=https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf\|publisher=Intel\|pages=303-309,410}}</ref> Such instructions also exist on the [[ARM architecture]].<ref name="cortex cryptography">{{cite book\|title=ARM® Cortex®-A57 MPCore Processor Cryptography Extension\|date={{date\|2017-12-17}}\|publisher=ARM Holdings\|url=http://infocenter.arm.com/help/topic/com.arm.doc.ddi0514g/DDI0514G_cortex_a57_mpcore_cryptography_trm.pdf}}</ref> However, more unusual systems exist where the cryptography module is separate from the central processor, instead being implemented as a [[coprocessor]], in particular a [[secure cryptoprocessor]], of which an example is the [[IBM 4764]]<ref name="IBM 4764">{{cite web\|url=https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_61/rzajc/rzajcco4758.htm\|title=4764 Cryptographic Coprocessor\|publisher=IBM\|access-date={{date\|2018-01-20}}}}</ref>. Hardware implementations can be faster and less prone to exploitation than traditional software implementations, and furthermore can be protected against tampering.<ref name="performance">{{cite web\|title=AES-NI Performance Analyzed\|url=http://www.tomshardware.com/reviews/clarkdale-aes-ni-encryption,2538.html\|publisher=Tom's Hardware\|year=2010\|author=P. Schmid and A. Roos \|accessdate={{date\|2018-01-20}}}}</ref> However, hardware implementations use additional space on the processor die, and any security vulnerability (such as [[Spectre (security vulnerability)\|Spectre]]) cannot be solved with a software update.<ref name="MeltdownSpectre">{{Cite web \|author=Staff \|url=https://spectreattack.com/ \|title=Meltdown and Spectre \|date=2018 \|work=[[Graz University of Technology]] \|access-date={{date\|2018-01-20}} \|dead-url=no \|archive-url=https://web.archive.org/web/20180103221345/https://spectreattack.com/ \|archive-date={{date\|2018-01-03}}}}</ref> '''Hardware-based encryption''' is the use of [[computer hardware]] to assist software, or sometimes replace software, in the process of data [[encryption]]. Typically, this is implemented as part of the [[CPU\|processor]]'s [[Instruction set architecture\|instruction set]]. For example, the [[Advanced Encryption Standard\|AES]] encryption algorithm (a modern [[cipher]]) can be implemented using the [[AES instruction set]] on the ubiquitous [[x86 architecture]].<ref name="Intel AES Instructions" /> Such instructions also exist on the [[ARM architecture]].<ref name="cortex cryptography" /> However, more unusual systems exist where the cryptography module is separate from the central processor, instead being implemented as a [[coprocessor]], in particular a [[secure cryptoprocessor]] or [[cryptographic accelerator]], of which an example is the [[IBM 4758]], or its successor, the [[IBM 4764]].<ref name="IBM 4764" /> Hardware implementations can be faster and less prone to exploitation than traditional software implementations, and furthermore can be protected against tampering.<ref name="performance" /> == History == ~~Hardware-based~~Prior ~~encryption~~to ~~arguably~~the ~~began~~use inof ~~the~~computer ~~1987~~hardware, ~~with~~cryptography ~~the~~could ~~ABYSS~~be (Aperformed ~~Basic~~through ~~Yorktown~~various ~~Security~~mechanical ~~System)~~or ~~project~~[[electro-mechanical]] means. An early example is the [[Scytale]] used by the [[Spartan]]s.<ref name="Kelly">{{~~cite~~Cite ~~web~~journal\|~~url~~last=~~https://www.computer.org/csdl/proceedings/sp/1987/0771/00/07710038.pdf~~Kelly\|first=Thomas\|title=~~ABYSS:~~The AMyth ~~Trusted~~of ~~Architecture~~the ~~for Software Protection~~Skytale\|~~access-date~~journal={{Cryptologia\|date=July 1998\|~~2018~~pages=244–260\|doi=10.1080/0161-~~01-20}}~~119891886902\|volume=22\|issue=3}}</ref>~~<ref~~ ~~name="building~~The ~~4758">{{cite~~[[Enigma ~~web\|url=http://www.research.ibm.com/people/s/sailer/publications/2001/ibm4758.pdf\|title=Building~~machine]] was an electro-mechanical system cipher machine notably used by the ~~IBM~~Germans ~~4758~~in ~~Secure~~[[World ~~Coprocessor~~War II]].{{citation needed\|~~access-~~date=~~{{date\|~~June 2018~~-01-20~~}}~~\|publisher=~~ After [[~~IBM~~World War II]]}}, purely electronic systems were developed. In 1987 the ABYSS (A Basic Yorktown Security System) project was initiated.<ref name="ABYSS" /><ref name="building 4758" /> The aim of this project was to protect against [[~~Software~~software ~~Piracy~~piracy]]. However, the application of computers to cryptography in general dates back to the 1940s and [[Bletchley Park]], where the [[Colossus computer]] was used to break the encryption used by German High Command during [[World War 2II]]. The use of computers to ''encrypt'', however, came later. In particular, until the development of the [[~~Intergrated~~integrated ~~Circuit~~circuit]], of which the first was produced in 1960, computers were impractical for encryption, since, in comparison to the portable [[form factor (design)\|form factor]] of the [[Enigma machine]],<ref~~>{{cite~~ ~~web\|url=http://www.cryptomuseum.com/kits/enigma/support/files/case.pdf\|publisher~~name="Crypto ~~Museum\|title=~~Enigma-E" ~~case\|access-date={{date\|2018-01-20}}}}<~~/~~ref~~> ~~Computers~~[[SIGSALY\|computers of the era]] took the space of an entire building. It was only with the development of the [[~~Microcomputer~~microcomputer]] that computer encryption became feasible, outside of niche applications. The development of the [[World Wide Web]] lead to the need for consumers to have access to encryption, as [[~~Online~~online ~~Shopping~~shopping]] became prevalent.<ref name="consumers"~~>{{cite~~ ~~web \| url=http:~~/~~/ecommercenews.eu/consumers-online-shopping-expectations/ \| title=Consumers and their online shopping expectations – Ecommerce News \| date={{date\|2015-2-20}}\| accessdate={{date\|2016-08-29}}}}</ref~~> The key concerns for consumers were security and speed.<ref name="consumers" /> This led to the eventual inclusion of the key algorithms into processors as a way of both increasing speed and security.<ref name="performance" /> == Implementations == === In the ~~[[Instruction~~instruction ~~Set]]~~set === ==== [[x86]] ==== {{Main\|AES instruction set\|Intel SHA extensions}} The [[X86]] [[Computer architecture\|architecture]], as a [[Complex instruction set computer\|CISC (Complex Instruction Set Computer)]] Architecture, typically implements complex [[algorithms]] in hardware.<ref name="Oxford" /> Cryptographic algorithms are no exception. The x86 architecture implements significant components of the [[Advanced Encryption Standard\|AES (Advanced Encryption Standard)]] algorithm,<ref name="Intel AES Instructions" /> which can be used by the [[NSA]] for [[Top Secret]] information.<ref~~>{{cite~~ ~~web\|url~~name=~~http://csrc.nist.gov/groups/ST/toolkit/documents/aes/CNSS15FS.pdf \|title=National Policy on the Use of the Advanced Encryption Standard (AES) to Protect~~"NIST National Security" ~~Systems and National Security Information \|author=Lynn Hathaway \|date={{date\|June 2003}}\|format=PDF \|access-date={{date\|2011-02-15}}}}<~~/~~ref~~> The architecture also includes support for the [[Secure Hash Algorithms\|SHA]] Hashing Algorithms through the [[Intel SHA extensions]].<ref name="Intel AES Instructions" /> Whereas AES is a cipher, which is useful for encrypting documents, [[~~Hashing~~Hash function\|hashing]] is used for verification, such as of passwords (see [[PBKDF2]]). ==== ARM ==== [[ARM ~~processors~~processor]]s can optionally support Security Extensions. Although ARM is a [[RISC\|RISC (Reduced Instruction Set Computer)]] architecture, there are several optional extensions specified by [[ARM Holdings]].<ref name="cortex cryptography" /><ref name="openwrt"~~>[http://wiki.openwrt.org/doc/hardware/cryptographic.hardware.accelerators~~ ~~Cryptographic Hardware Accelerators] on OpenWRT.org<~~/~~ref~~> === As a coprocessor === * [[IBM 4758]] -– The predecessor to the [[IBM 4764]].<ref name="NIST approval" /> This includes its own specialised processor, [[Random-access memory\|memory]] and a [[Random Number Generator]].<ref name="IBM 4758 datasheet" /> * [[IBM 4764]] ~~- This is identical to the~~and [[IBM 4765]], identical except for the connection used.<ref name="NIST approval" /> The former uses [[PCI-X]], while the latter uses [[PCI-e]].<ref name="IBM 4764" /> Both are [[peripheral devices]] that plug into the [[motherboard]]. === Proliferation === [[Advanced Micro Devices]] (AMD) processors are also x86 devices, and have supported the [[AES instruction set\|AES instructions]] since the 2011 [[Bulldozer (microarchitecture)\|Bulldozer]] processor iteration.<ref name="Arecibo Bulldozer" /> Due to the existence of encryption instructions on modern processors provided by both [[Intel]] and AMD, the instructions are present on most modern computers.<ref name="Haifa" /> They also exist on many tablets and smartphones due to their implementation in [[ARM architecture\|ARM processors]].<ref name="Haifa" /> == Advantages == Implementing cryptography in hardware means that part of the processor is dedicated to the task. This can lead to a large increase in speed.<ref name="performance" /> In particular, modern processor architectures that support [[Pipelining (computing)\|pipelining]] can often perform other instructions concurrently with the execution of the encryption instruction. Furthermore, hardware can have methods of protecting data from software. Consequently, even if the [[~~Operating~~operating ~~System~~system]] is compromised, the data may still be secure (see [[Software Guard Extensions]]).<ref~~>{{cite~~ ~~web\|url=https://software.intel.com/en-us/blogs/2013/09/26/protecting-application-secrets-with-intel-sgx \|title~~name="Intel SGX" ~~for Dummies (Intel SGX Design Objectives) \|work=intel.com \|date=2013-09-26}}<~~/~~ref~~> == Disadvantages == If, however, the hardware implementation is compromised, major issues arise. Malicious software can retrieve the data from the (supposedly) secure hardware -– a large class of method used is the [[timing attack]].<ref name=":0BearSSL"~~>{{Cite~~ ~~web\|url=https:~~/~~/www.bearssl.org/constanttime.html\|title=BearSSL – Constant-Time Crypto\|website=www.bearssl.org\|access-date=2017-01-10}}</ref~~> This is far more problematic to solve than a software bug, even within the ~~Operating~~[[operating ~~System~~system]]. [[Microsoft]] regularly deals with security issues through [[Windows Update]]. Similarly, regular security updates are released for [[Mac OS X]] and [[Linux]], as well as mobile ~~Operating~~operating ~~Systems~~systems like [[iOS]], [[Android (operating system)\|Android]], and [[Windows Phone]]. However, hardware is a different issue. Sometimes, the issue will be fixable through updates to the processor's [[microcode]] (a low level type of software). However, other issues may only be resolvable through replacing the hardware, or a workaround in the operating system which mitigates the performance benefit of the hardware implementation, such as in the [[Spectre (security vulnerability)\|Spectre exploit]] ~~exploit~~.<ref name="PCW-20180109" />~~{{cite web \|author-last~~ =~~Hachman \|author-first~~=~~Mark~~See ~~\|title~~also=~~Microsoft tests show Spectre patches drag down performance on older PCs \|url~~=https://www.pcworld.com/article/3245742/components-processors/microsoft-tests-show-spectre-patches-drag-down-performance-on-older-pcs.html \|date=January 9, 2018 \|work=[[PC World]] \|access-date=2018-01-09}}</ref> * [[Disk encryption hardware]] * [[Hardware-based full disk encryption]] * [[Hardware security module]] ==References== {{Reflist\|30em}}\|refs= <ref name="Intel AES Instructions">{{cite book\|title=Intel® 64 and IA-32 Architectures Software Developer's Manual\|date=December 2017\|url=https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf\|publisher=Intel\|pages=303–309, 410}}</ref> <ref name="cortex cryptography">{{cite book\|title=ARM® Cortex®-A57 MPCore Processor Cryptography Extension\|date=17 December 2017\|publisher=ARM Holdings\|url=http://infocenter.arm.com/help/topic/com.arm.doc.ddi0514g/DDI0514G_cortex_a57_mpcore_cryptography_trm.pdf\|url-status=live\|archive-url=https://web.archive.org/web/20161213102201/http://infocenter.arm.com/help/topic/com.arm.doc.ddi0514g/DDI0514G_cortex_a57_mpcore_cryptography_trm.pdf\|archive-date=2016-12-13}}</ref> <ref name="IBM 4764">{{cite web\|url=https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_61/rzajc/rzajcco4758.htm\|title=4764 Cryptographic Coprocessor\|publisher=IBM\|access-date=20 January 2018\|url-status=live\|archive-url=https://web.archive.org/web/20180121000028/https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_61/rzajc/rzajcco4758.htm\|archive-date=2018-01-21}}</ref> <ref name="performance">{{cite web\|title=AES-NI Performance Analyzed\|url=http://www.tomshardware.com/reviews/clarkdale-aes-ni-encryption,2538.html\|publisher=Tom's Hardware\|year=2010\|author=P. Schmid and A. Roos \|access-date=20 January 2018}}</ref> <ref name="ABYSS">{{cite web\|url=https://www.computer.org/csdl/proceedings/sp/1987/0771/00/07710038.pdf\|title=ABYSS: A Trusted Architecture for Software Protection\|access-date=20 January 2018\|url-status=live\|archive-url=https://web.archive.org/web/20180121071623/https://www.computer.org/csdl/proceedings/sp/1987/0771/00/07710038.pdf\|archive-date=2018-01-21}}</ref> <ref name="building 4758">{{cite web\|url=http://www.research.ibm.com/people/s/sailer/publications/2001/ibm4758.pdf\|title=Building the IBM 4758 Secure Coprocessor\|access-date=20 January 2018\|publisher=[[IBM]]\|url-status=live\|archive-url=https://web.archive.org/web/20170808032012/http://www.research.ibm.com/people/s/sailer/publications/2001/ibm4758.pdf\|archive-date=2017-08-08}}</ref> <ref name="Crypto Enigma">{{cite web\|url=http://www.cryptomuseum.com/kits/enigma/support/files/case.pdf\|publisher=Crypto Museum\|title=Enigma-E case\|access-date=20 January 2018\|url-status=live\|archive-url=https://web.archive.org/web/20161105032157/http://www.cryptomuseum.com/kits/enigma/support/files/case.pdf\|archive-date=2016-11-05}}</ref> <ref name="consumers">{{cite web \| url=http://ecommercenews.eu/consumers-online-shopping-expectations/ \| title=Consumers and their online shopping expectations – Ecommerce News \| date=20 February 2015 \| access-date=29 August 2016 \| url-status=live \| archive-url=https://web.archive.org/web/20160930235730/http://ecommercenews.eu/consumers-online-shopping-expectations/ \| archive-date=2016-09-30 }}</ref> <ref name="Oxford">{{cite web\|url=https://www.cs.ox.ac.uk/teaching/materials17-18/ca/lecture03.pdf\|title=x86-64 Instruction Set\|publisher=[[University of Oxford]]\|pages=1\|date=18 April 2017\|access-date=24 January 2018}}</ref> <ref name="NIST National Security">{{cite web \|url=http://csrc.nist.gov/groups/ST/toolkit/documents/aes/CNSS15FS.pdf \|title=National Policy on the Use of the Advanced Encryption Standard (AES) to Protect National Security Systems and National Security Information \|author=Lynn Hathaway \|date=June 2003 \|access-date=15 February 2011 \|url-status=live \|archive-url=https://web.archive.org/web/20101106122007/http://csrc.nist.gov/groups/ST/toolkit/documents/aes/CNSS15FS.pdf \|archive-date=2010-11-06 }}</ref> <ref name="IBM 4758 datasheet">{{cite web\|url=ftp://www6.software.ibm.com/software/cryptocards/G221-9091-04.pdf\|title=IBM 4758 Models 2 and 23 PCI Cryptographic Coprocessor\|date=May 2004\|access-date=24 January 2018\|archive-url=https://web.archive.org/web/20170705054058/ftp://www6.software.ibm.com/software/cryptocards/G221-9091-04.pdf\|archive-date=2017-07-05\|url-status=dead\|publisher=[[IBM]]}}</ref> <ref name="openwrt">{{cite web\|url=http://wiki.openwrt.org/doc/hardware/cryptographic.hardware.accelerators\|title=Cryptographic Hardware Accelerators\|publisher=OpenWRT.org\|date=17 May 2016\|access-date=25 January 2018\|url-status=live\|archive-url=https://web.archive.org/web/20180121000023/http://wiki.openwrt.org/doc/hardware/cryptographic.hardware.accelerators\|archive-date=2018-01-21}}</ref> <ref name="NIST approval">{{cite web\|url=https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1505.pdf\|date=10 December 2012\|access-date=20 January 2018\|title=IBM 4765 Cryptographic Coprocessor Security Module\|publisher=[[National Institute of Standards and Technology]]\|url-status=live\|archive-url=https://web.archive.org/web/20180125015153/https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1505.pdf\|archive-date=2018-01-25}}</ref> <ref name="Arecibo Bulldozer">{{cite web\|url=https://www.naic.edu/~phil/software/amd/New-Bulldozer-and-Piledriver-Instructions-1.pdf\|date=October 2012\|access-date=25 January 2018\|title=New "Bulldozer" and "Piledriver" Instructions\|publisher=[[Arecibo Observatory]]\|author=Brent Hollingsworth ([[Advanced Micro Devices\|AMD]])\|url-status=live\|archive-url=https://web.archive.org/web/20180209120423/https://www.naic.edu/~phil/software/amd/New-Bulldozer-and-Piledriver-Instructions-1.pdf\|archive-date=2018-02-09}}</ref> <ref name="Haifa">{{cite web\|url=https://eprint.iacr.org/2016/122.pdf\|title=Simpira v2: A Family of Efficient Permutations Using the AES Round Function\|date=9 November 2016\|access-date=25 January 2018\|author=Shay Gueron ([[University of Haifa]] & [[Intel]]) and Nicky Mouha ([[KU Leuven]] & [[NIST]])\|url-status=live\|archive-url=https://web.archive.org/web/20170716025858/https://eprint.iacr.org/2016/122.pdf\|archive-date=2017-07-16}}</ref> <ref name="Intel SGX">{{cite web \|url=https://software.intel.com/en-us/blogs/2013/09/26/protecting-application-secrets-with-intel-sgx \|title=Intel SGX for Dummies (Intel SGX Design Objectives) \|work=intel.com \|date=2013-09-26 \|url-status=live \|archive-url=https://web.archive.org/web/20140429161139/https://software.intel.com/en-us/blogs/2013/09/26/protecting-application-secrets-with-intel-sgx \|archive-date=2014-04-29 }}</ref> <ref name="BearSSL">{{Cite web\|url=https://www.bearssl.org/constanttime.html\|title=BearSSL – Constant-Time Crypto\|website=www.bearssl.org\|access-date=2017-01-10\|url-status=live\|archive-url=https://web.archive.org/web/20170111003347/https://www.bearssl.org/constanttime.html\|archive-date=2017-01-11}}</ref> <ref name="PCW-20180109">{{cite web \|author-last=Hachman \|author-first=Mark \|title=Microsoft tests show Spectre patches drag down performance on older PCs \|url=https://www.pcworld.com/article/3245742/components-processors/microsoft-tests-show-spectre-patches-drag-down-performance-on-older-pcs.html \|date=January 9, 2018 \|work=[[PC World]] \|access-date=2018-01-09 \|url-status=live \|archive-url=https://web.archive.org/web/20180209120423/https://www.pcworld.com/article/3245742/components-processors/microsoft-tests-show-spectre-patches-drag-down-performance-on-older-pcs.html \|archive-date=February 9, 2018 }}</ref> }} {{Cryptography navbox \| machines}}