Hardware-based encryption: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 09:11, 11 February 2018 edit John Lunney (talk \| contribs) Extended confirmed users 1,943 edits m →x86: Remove extraneous capital ← Previous edit		Latest revision as of 08:34, 16 August 2025 edit undo Lkcl (talk \| contribs) Extended confirmed users 3,004 edits add ISA page link Tags: Mobile edit Mobile web edit Advanced mobile edit
(17 intermediate revisions by 13 users not shown)
Line 1: {{Short description\|Use of computer hardware to assist software in the process of data encryption}} {{Infobox industrial process \|type=[[Cryptography]] Line 6 ⟶ 7: \|caption = The [[IBM 4758]] Cryptographic Module }} '''Hardware-based encryption''' is the use of [[computer hardware]] to assist software, or sometimes replace software, in the process of data [[encryption]]. Typically, this is implemented as part of the [[CPU\|processor]]'s [[Instruction set architecture\|instruction set]]. For example, the [[Advanced Encryption Standard\|AES]] encryption algorithm (a modern [[cipher]]) can be implemented using the [[AES instruction set]] on the ubiquitous [[x86 architecture]].<ref name="Intel AES Instructions" /> Such instructions also exist on the [[ARM architecture]].<ref name="cortex cryptography" /> However, more unusual systems exist where the cryptography module is separate from the central processor, instead being implemented as a [[coprocessor]], in particular a [[secure cryptoprocessor]] or [[cryptographic accelerator]], of which an example is the [[IBM 4758]], or its successor, the [[IBM 4764]].<ref name="IBM 4764" /> Hardware implementations can be faster and less prone to exploitation than traditional software implementations, and furthermore can be protected against tampering.<ref name="performance" /> However, hardware implementations use additional space on the processor die, and any security vulnerability (such as [[Spectre (security vulnerability)\|Spectre]]) cannot be solved with a software update.<ref name="MeltdownSpectre" /> == History == ~~Hardware~~Prior to the use of computer hardware, cryptography could be performed through various mechanical or [[electro-~~based~~mechanical]] ~~encryption~~means. ~~arguably~~An ~~began~~early inexample is the ~~1987~~[[Scytale]] ~~with~~used by the [[Spartan]]s.<ref name="Kelly">{{Cite journal\|last=Kelly\|first=Thomas\|title=The Myth of the Skytale\|journal=Cryptologia\|date=July 1998\|pages=244–260\|doi=10.1080/0161-119891886902\|volume=22\|issue=3}}</ref> The [[Enigma machine]] was an electro-mechanical system cipher machine notably used by the Germans in [[World War II]].{{citation needed\|date=June 2018}} After [[World War II]], purely electronic systems were developed. In 1987 the ABYSS (A Basic Yorktown Security System) project was initiated.<ref name="ABYSS" /><ref name="building 4758" /> The aim of this project was to protect against [[software piracy]]. However, the application of computers to cryptography in general dates back to the 1940s and [[Bletchley Park]], where the [[Colossus computer]] was used to break the encryption used by German High Command during [[World War II]]. The use of computers to ''encrypt'', however, came later. In particular, until the development of the [[integrated circuit]], of which the first was produced in 1960, computers were impractical for encryption, since, in comparison to the portable [[form factor (design)\|form factor]] of the [[Enigma machine]],<ref name="Crypto Enigma" /> [[SIGSALY\|computers of the era]] took the space of an entire building. It was only with the development of the [[microcomputer]] that computer encryption became feasible, outside of niche applications. The development of the [[World Wide Web]] lead to the need for consumers to have access to encryption, as [[online shopping]] became prevalent.<ref name="consumers" /> The key concerns for consumers were security and speed.<ref name="consumers" /> This led to the eventual inclusion of the key algorithms into processors as a way of both increasing speed and security.<ref name="performance" /> == Implementations == Line 22 ⟶ 25: * [[IBM 4758]] – The predecessor to the [[IBM 4764]].<ref name="NIST approval" /> This includes its own specialised processor, [[Random-access memory\|memory]] and a [[Random Number Generator]].<ref name="IBM 4758 datasheet" /> * [[IBM 4764]] and [[IBM 4765]], identical except for the connection used.<ref name="NIST approval" /> The former uses [[PCI-X]], while the latter uses [[PCI-e]].<ref name="IBM 4764" /> Both are [[peripheral devices]] that plug into the [[motherboard]]. === Proliferation === [[Advanced Micro Devices]] (AMD) processors are also x86 devices, and have supported the [[AES instruction set\|AES instructions]] since the 2011 [[Bulldozer (microarchitecture)\|Bulldozer]] processor iteration. <ref name="Arecibo Bulldozer" /> Due to the existence of encryption instructions on modern processors provided by both [[Intel]] and AMD, the instructions are present on most modern computers.<ref name="Haifa" /> They also exist on many tablets and smartphones due to their implementation in [[ARM architecture\|ARM processors]].<ref name="Haifa" /> Line 31 ⟶ 35: == Disadvantages == If, however, the hardware implementation is compromised, major issues arise. Malicious software can retrieve the data from the (supposedly) secure hardware – a large class of method used is the [[timing attack]].<ref name="BearSSL" /> This is far more problematic to solve than a software bug, even within the [[operating system]]. [[Microsoft]] regularly deals with security issues through [[Windows Update]]. Similarly, regular security updates are released for [[Mac OS X]] and [[Linux]], as well as mobile operating systems like [[iOS]], [[Android (operating system)\|Android]], and [[Windows Phone]]. However, hardware is a different issue. Sometimes, the issue will be fixable through updates to the processor's [[microcode]] (a low level type of software). However, other issues may only be resolvable through replacing the hardware, or a workaround in the operating system which mitigates the performance benefit of the hardware implementation, such as in the [[Spectre (security vulnerability)\|Spectre exploit]].<ref name="PCW-20180109" /> ==See also== * [[Disk encryption hardware]] * [[Hardware-based full disk encryption]] * [[Hardware security module]] ==References== {{Reflist\|30em\|refs= <ref name="Intel AES Instructions">{{cite book\|title=Intel® 64 and IA-32 Architectures Software ~~Developer’s~~Developer's Manual\|date=~~{{date\|~~December 2017}}\|url=https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf\|publisher=Intel\|pages=303–309, 410}}</ref> <ref name="cortex cryptography">{{cite book\|title=ARM® Cortex®-A57 MPCore Processor Cryptography Extension\|date=~~{{date\|~~17 December 2017~~-12-17}}~~\|publisher=ARM Holdings\|url=http://infocenter.arm.com/help/topic/com.arm.doc.ddi0514g/DDI0514G_cortex_a57_mpcore_cryptography_trm.pdf\|~~deadurl~~url-status=nolive\|~~archiveurl~~archive-url=https://web.archive.org/web/20161213102201/http://infocenter.arm.com/help/topic/com.arm.doc.ddi0514g/DDI0514G_cortex_a57_mpcore_cryptography_trm.pdf\|~~archivedate~~archive-date=2016-12-13~~\|df=~~}}</ref> <ref name="IBM 4764">{{cite web\|url=https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_61/rzajc/rzajcco4758.htm\|title=4764 Cryptographic Coprocessor\|publisher=IBM\|access-date=~~{{date~~20 January 2018\|~~2018~~url-~~01-20}}\|deadurl~~status=nolive\|~~archiveurl~~archive-url=https://web.archive.org/web/20180121000028/https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_61/rzajc/rzajcco4758.htm\|~~archivedate~~archive-date=2018-01-21~~\|df=~~}}</ref> <ref name="performance">{{cite web\|title=AES-NI Performance Analyzed\|url=http://www.tomshardware.com/reviews/clarkdale-aes-ni-encryption,2538.html\|publisher=Tom's Hardware\|year=2010\|author=P. Schmid and A. Roos \|~~accessdate~~access-date=~~{{date\|~~20 January 2018~~-01-20}}~~}}</ref> <ref name="~~MeltdownSpectre~~ABYSS">{{~~Cite~~cite web ~~\|author=Staff~~ \|url=https://~~spectreattack~~www.~~com~~computer.org/ csdl/proceedings/sp/1987/0771/00/07710038.pdf\|title=~~Meltdown~~ABYSS: ~~and~~A ~~Spectre \|date=2018 \|work=[[Graz~~Trusted ~~University~~Architecture offor ~~Technology]]~~Software Protection\|access-date=~~{{date\|2018-01-~~20}} January 2018\|~~dead~~url-~~url~~status=no live\|archive-url=https://web.archive.org/web/~~20180103221345~~20180121071623/https://~~spectreattack~~www.~~com~~computer.org/csdl/proceedings/sp/ 1987/0771/00/07710038.pdf\|archive-date=~~{{date\|~~2018-01-~~03}}~~21}}</ref> <ref name="~~ABYSS~~building 4758">{{cite web\|url=~~https~~http://www.~~computer~~research.~~org~~ibm.com/~~csdl~~people/~~proceedings~~s/spsailer/~~1987~~publications/~~0771~~2001/~~00/07710038~~ibm4758.pdf\|title=~~ABYSS:~~Building Athe ~~Trusted~~IBM ~~Architecture~~4758 ~~for~~Secure ~~Software Protection~~Coprocessor\|access-date=~~{{date\|~~20 January 2018~~-01-20}}~~\|~~deadurl~~publisher=no[[IBM]]\|~~archiveurl~~url-status=live\|archive-url=https://web.archive.org/web/~~20180121071623~~20170808032012/~~https~~http://www.~~computer~~research.~~org~~ibm.com/~~csdl~~people/~~proceedings~~s/spsailer/~~1987~~publications/~~0771~~2001/~~00/07710038~~ibm4758.pdf\|~~archivedate~~archive-date=~~2018~~2017-0108-~~21\|df=~~08}}</ref> <ref name="~~building~~Crypto ~~4758~~Enigma">{{cite web\|url=http://www.~~research.ibm~~cryptomuseum.com/~~people/s~~kits/~~sailer~~enigma/~~publications~~support/~~2001~~files/~~ibm4758~~case.pdf\|~~title~~publisher=~~Building~~Crypto ~~the IBM 4758 Secure~~Museum\|title=Enigma-E ~~Coprocessor~~case\|access-date=~~{{date~~20 January 2018\|~~2018~~url-~~01-20}}\|publisher~~status=~~[[IBM]]~~live\|~~deadurl=no\|archiveurl~~archive-url=https://web.archive.org/web/~~20170808032012~~20161105032157/http://www.~~research.ibm~~cryptomuseum.com/~~people/s~~kits/~~sailer~~enigma/~~publications~~support/~~2001~~files/~~ibm4758~~case.pdf\|~~archivedate~~archive-date=~~2017~~2016-0811-~~08\|df=~~05}}</ref> <ref name="~~Crypto Enigma~~consumers">{{cite web \| url=http://~~www~~ecommercenews.~~cryptomuseum.com~~eu/~~kits/enigma~~consumers-online-shopping-expectations/~~support/files/case.pdf~~ \|~~publisher~~ title=~~Crypto~~Consumers and their online shopping expectations – Ecommerce News ~~Museum~~\|~~title~~ date=~~Enigma-E~~20 February 2015 ~~case~~\| access-date=~~{{date~~29 August 2016 \|~~2018~~ url-~~01-20}}\|deadurl~~status=nolive \|~~archiveurl~~ archive-url=https://web.archive.org/web/~~20161105032157~~20160930235730/http://~~www~~ecommercenews.~~cryptomuseum.com~~eu/~~kits/enigma/support~~consumers-online-shopping-expectations/~~files/case.pdf~~ \|~~archivedate~~ archive-date=2016-1109-~~05\|df=~~30 }}</ref> <ref name="Oxford">{{cite web\|url=https://www.cs.ox.ac.uk/teaching/materials17-18/ca/lecture03.pdf\|title=x86-64 Instruction Set\|publisher=[[University of Oxford]]\|pages=1\|date=~~{{date\|~~18 April 2017~~-04-18}}~~\|access-date=~~{{date\|~~24 January 2018~~-01-24}}~~}}</ref>▼ <ref name="consumers">{{cite web \| url=http://ecommercenews.eu/consumers-online-shopping-expectations/ \| title=Consumers and their online shopping expectations – Ecommerce News \| date={{date\|2015-2-20}} \| accessdate={{date\|2016-08-29}} \| deadurl=no \| archiveurl=https://web.archive.org/web/20160930235730/http://ecommercenews.eu/consumers-online-shopping-expectations/ \| archivedate=2016-09-30 \| df= }}</ref> <ref name="NIST National Security">{{cite web \|url=http://csrc.nist.gov/groups/ST/toolkit/documents/aes/CNSS15FS.pdf \|title=National Policy on the Use of the Advanced Encryption Standard (AES) to Protect National Security Systems and National Security Information \|author=Lynn Hathaway \|date=June 2003 \|access-date=15 February 2011 \|url-status=live \|archive-url=https://web.archive.org/web/20101106122007/http://csrc.nist.gov/groups/ST/toolkit/documents/aes/CNSS15FS.pdf \|archive-date=2010-11-06 }}</ref> ▲<ref name="Oxford">{{cite web\|url=https://www.cs.ox.ac.uk/teaching/materials17-18/ca/lecture03.pdf\|title=x86-64 Instruction Set\|publisher=[[University of Oxford]]\|pages=1\|date={{date\|2017-04-18}}\|access-date={{date\|2018-01-24}}}}</ref> <ref name="~~NIST~~IBM ~~National~~4758 ~~Security~~datasheet">{{cite web \|url=~~http~~ftp://~~csrc~~www6.software.~~nist~~ibm.~~gov~~com/~~groups~~software/STcryptocards/~~toolkit/documents/aes/CNSS15FS~~G221-9091-04.pdf \|title=~~National~~IBM ~~Policy~~4758 onModels ~~the Use of the Advanced Encryption Standard (AES) to Protect National Security Systems~~2 and ~~National~~23 ~~Security~~PCI ~~Information \|author=Lynn Hathaway~~Cryptographic Coprocessor\|date=~~{{date\|June 2003}} \|format=PDF~~May 2004\|access-date=~~{{date\|2011-02-15}}~~24 ~~\|deadurl=no~~January 2018\|~~archiveurl~~archive-url=https://web.archive.org/web/~~20101106122007~~20170705054058/~~http~~ftp://~~csrc~~www6.~~nist~~software.~~gov~~ibm.com/~~groups~~software/STcryptocards/~~toolkit/documents/aes/CNSS15FS~~G221-9091-04.pdf \|~~archivedate~~archive-date=~~2010~~2017-1107-06 05\|dfurl-status= dead\|publisher=[[IBM]]}}</ref> <ref name="openwrt">{{cite web\|url=http://wiki.openwrt.org/doc/hardware/cryptographic.hardware.accelerators\|title=Cryptographic Hardware Accelerators\|publisher=OpenWRT.org\|date=17 May 2016\|access-date=25 January 2018\|url-status=live\|archive-url=https://web.archive.org/web/20180121000023/http://wiki.openwrt.org/doc/hardware/cryptographic.hardware.accelerators\|archive-date=2018-01-21}}</ref> <ref name="IBM 4758 datasheet">{{cite web\|url=ftp://www6.software.ibm.com/software/cryptocards/G221-9091-04.pdf\|title=IBM 4758 Models 2 and 23 PCI Cryptographic Coprocessor\|date={{date\|May 2004}}\|access-date={{date\|2018-01-24}}\|publisher=[[IBM]]}}</ref> <ref name="~~openwrt~~NIST approval">{{cite web\|url=~~http~~https://~~wiki~~csrc.~~openwrt~~nist.~~org~~gov/~~doc~~csrc/~~hardware~~media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1505.~~hardware.accelerators~~pdf\|date=10 December 2012\|access-date=20 January 2018\|title=IBM 4765 Cryptographic ~~Hardware~~Coprocessor ~~Accelerators~~Security Module\|publisher=~~OpenWRT.org~~[[National Institute of Standards and Technology]]\|~~date={{date\|2016~~url-~~05-17}}\|access-date~~status=~~{{date~~live\|~~2018~~archive-~~01-25}}\|deadurl=no\|archiveurl~~url=https://web.archive.org/web/~~20180121000023~~20180125015153/~~http~~https://~~wiki~~csrc.~~openwrt~~nist.~~org~~gov/~~doc~~csrc/~~hardware~~media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1505.~~hardware.accelerators~~pdf\|~~archivedate~~archive-date=2018-01-~~21\|df=~~25}}</ref> <ref name="~~NIST~~Arecibo ~~approval~~Bulldozer">{{cite web\|url=https://~~csrc~~www.~~nist~~naic.~~gov~~edu/~~csrc~~~phil/~~media~~software/~~projects~~amd/~~cryptographic~~New-~~module~~Bulldozer-~~validation~~and-~~program/documents/security~~Piledriver-~~policies/140sp1505~~Instructions-1.pdf\|date=~~{{date\|~~October 2012~~-12-10}}~~\|access-date=~~{{date\|~~25 January 2018~~-01-20}}~~\|title=~~IBM~~New ~~4765~~"Bulldozer" ~~Cryptographic~~and ~~Coprocessor~~"Piledriver" ~~Security Module~~Instructions\|publisher=[[~~National~~Arecibo ~~Institute~~Observatory]]\|author=Brent ofHollingsworth ~~Standards~~([[Advanced ~~and~~Micro ~~Technology~~Devices\|AMD]])\|~~deadurl~~url-status=nolive\|~~archiveurl~~archive-url=https://web.archive.org/web/~~20180125015153~~20180209120423/https://~~csrc~~www.~~nist~~naic.~~gov~~edu/~~csrc~~~phil/~~media~~software/~~projects~~amd/~~cryptographic~~New-~~module~~Bulldozer-~~validation~~and-~~program/documents/security~~Piledriver-~~policies/140sp1505~~Instructions-1.pdf\|~~archivedate~~archive-date=2018-0102-~~25\|df=~~09}}</ref> <ref name="~~Arecibo Bulldozer~~Haifa">{{cite web\|url=https://~~www~~eprint.~~naic~~iacr.~~edu~~org/~~~phil~~2016/~~software/amd/New-Bulldozer-and-Piledriver-Instructions-1~~122.pdf\|~~date~~title=~~{{date~~Simpira v2: A Family of Efficient Permutations Using the AES Round Function\|~~October~~date=9 ~~2012}}~~November 2016\|access-date=~~{{date\|2018-01-~~25}} January 2018\|~~title~~author=~~New~~Shay ~~“Bulldozer”~~Gueron ~~and~~([[University ~~“Piledriver”~~of Haifa]] & ~~Instructions\|publisher=~~[[~~Arecibo Observatory~~Intel]]~~\|author=Brent~~) ~~Hollingsworth~~and Nicky Mouha ([[~~Advanced~~KU ~~Micro~~Leuven]] ~~Devices\|AMD~~& [[NIST]])\|~~deadurl~~url-status=nolive\|~~archiveurl~~archive-url=https://web.archive.org/web/~~20180209120423~~20170716025858/https://~~www~~eprint.~~naic~~iacr.~~edu/~phil/software~~org/~~amd~~2016/~~New-Bulldozer-and-Piledriver-Instructions-1~~122.pdf\|~~archivedate~~archive-date=~~2018~~2017-0207-~~09\|df=~~16}}</ref> <ref name="~~Haifa~~Intel SGX">{{cite web \|url=https://~~eprint~~software.~~iacr~~intel.~~org~~com/~~2016~~en-us/~~122.pdf~~blogs/2013/09/26/protecting-application-secrets-with-intel-sgx \|title=~~Simpira~~Intel ~~v2:~~SGX Afor ~~Family~~Dummies of(Intel ~~Efficient~~SGX ~~Permutations~~Design ~~Using~~Objectives) ~~the~~\|work=intel.com ~~AES Round Function~~\|date=~~{{date\|2016-11~~2013-09~~}}\|access~~-~~date={{date~~26 \|~~2018~~url-~~01-25}}\|author~~status=~~Shay Gueron ([[University of Haifa]] & [[Intel]]) and~~live ~~Nicky Mouha ([[KU Leuven]] & [[NIST]])~~\|~~deadurl=no\|archiveurl~~archive-url=https://web.archive.org/web/~~20170716025858~~20140429161139/https://~~eprint~~software.~~iacr~~intel.~~org~~com/~~2016~~en-us/~~122.pdf\|archivedate=2017~~blogs/2013/09/26/protecting-07application-16secrets-with-intel-sgx \|dfarchive-date=2014-04-29 }}</ref> <ref name="~~Intel SGX~~BearSSL">{{~~cite~~Cite web \|url=https://~~software~~www.~~intel~~bearssl.~~com~~org/~~en-us/blogs/2013/09/26/protecting-application-secrets-with-intel-sgx~~ constanttime.html\|title=~~Intel~~BearSSL ~~SGX~~– ~~for Dummies (Intel SGX Design Objectives)~~Constant-Time Crypto\|~~work~~website=~~intel~~www.~~com~~ bearssl.org\|access-date=~~2013~~2017-0901-26 10\|~~deadurl~~url-status=no live\|~~archiveurl~~archive-url=https://web.archive.org/web/~~20140429161139~~20170111003347/https://~~software~~www.~~intel~~bearssl.~~com~~org/enconstanttime.html\|archive-~~us/blogs/2013/09/26/protecting-application-secrets-with-intel-sgx \|archivedate~~date=~~2014~~2017-0401-~~29 \|df=~~ 11}}</ref> <ref name="PCW-20180109">{{cite web \|author-last=Hachman \|author-first=Mark \|title=Microsoft tests show Spectre patches drag down performance on older PCs \|url=https://www.pcworld.com/article/3245742/components-processors/microsoft-tests-show-spectre-patches-drag-down-performance-on-older-pcs.html \|date=January 9, 2018 \|work=[[PC World]] \|access-date=2018-01-09 \|~~deadurl~~url-status=nolive \|~~archiveurl~~archive-url=https://web.archive.org/web/20180209120423/https://www.pcworld.com/article/3245742/components-processors/microsoft-tests-show-spectre-patches-drag-down-performance-on-older-pcs.html \|~~archivedate~~archive-date=February 9, 2018 ~~\|df=~~ }}</ref>▼ <ref name="BearSSL">{{Cite web\|url=https://www.bearssl.org/constanttime.html\|title=BearSSL – Constant-Time Crypto\|website=www.bearssl.org\|access-date=2017-01-10\|deadurl=no\|archiveurl=https://web.archive.org/web/20170111003347/https://www.bearssl.org/constanttime.html\|archivedate=2017-01-11\|df=}}</ref> ▲<ref name="PCW-20180109">{{cite web \|author-last=Hachman \|author-first=Mark \|title=Microsoft tests show Spectre patches drag down performance on older PCs \|url=https://www.pcworld.com/article/3245742/components-processors/microsoft-tests-show-spectre-patches-drag-down-performance-on-older-pcs.html \|date=January 9, 2018 \|work=[[PC World]] \|access-date=2018-01-09 \|deadurl=no \|archiveurl=https://web.archive.org/web/20180209120423/https://www.pcworld.com/article/3245742/components-processors/microsoft-tests-show-spectre-patches-drag-down-performance-on-older-pcs.html \|archivedate=February 9, 2018 \|df= }}</ref> }} {{Cryptography navbox \| machines}}