The need for secure data communications to protect commercial and personal data on PCs and networks has given rise to a spate of security IC developments. Security is becoming increasingly important and represents significant commercial value. In business communications, for example, data protection is necessary for such intangible goods as software, music, images, and intellectual property (IP), which are sent over networks to which hackers sometimes gain access. These hackers have also been able to play with people's credit card numbers or other confidential data as a result of security gaps.
Recognizing this problem, a number of semiconductor companies are busy producing devices designed specifically to ensure secure data communications on PCs and networks. These ICs include processors, controllers, and sensors, as well as encryption and decryption ICs.
For many concerned individuals, the issue of security is synonymous with privacy. But privacy is much more complex, involving four general aspects: authentication, data integrity, confidentiality (encryption), and accessibility.
Authentication is obviously an important issue. At the very least, it prevents any Internet user from making illegal transactions in a bank account by falsely using the legitimate account holder's name. For commercial applications, an unequivocal identification and authentication is a must.
Data integrity means that the data received equals exactly the data that's sent out. Whenever a data stream is changed, the receiver must recognize that change if appropriate means to protect data integrity are applied. This is an important feature. Consider the transmission of banking data. If the amount and/or the destination account number are changed fraudulently (as by changing the receiver's account number), then the data integrity of the original packet ceases to exist.
Encryption represents the classic confidentiality topic. Applying appropriate encryption methods ensures that the confidential data within the intercepted data streams aren't available to third parties. If, for example, an Internet user submits his credit card data to an online store, a hacker may be able to intercept the physically transmitted data. But with the appropriate encryption, the hacker won't be able to decipher the data, which makes the entire interception useless.
Encryption Needed At All Levels
Even without a network connection, however, data encryption is an important topic. For instance, the notebook computers of many designers, managers, and consultants commonly contain a lot of sensitive data that should only be accessible to authorized users. Losing one's notebook computer through misplacement or theft can have serious consequences, unless the data on the computer's disk is encrypted.
Finally, accessibility means that the data is accessible at all times, as seen in the recent denial-of-service attacks by hackers. When spam e-mail blocks a server of an online mail-order company, the accessibility of mail-order information isn't guaranteed, resulting in a loss of business.
When security features are added to data streams, the volume of data increases, causing a decrease in the available data-transmission bandwidth. This, in turn, necessitates the use of data-compression techniques. There are, however, security-induced penalties revolving around the implementation of compression technology in the point-to-point protocol (PPP) at layer 2 of the network protocol stack (Fig. 1). IP security (IPSec), the dominant protocol for virtual private networks (VPNs), is layer 3 of the stack. The secure socket layer (SSL) encryption is at layer 5, and PGP, SMIM, and e-mail encryption, for example, are at application layer 6.
Three issues induced by network security are the loss of effective compression, the inefficiencies relating to the security protocol overhead, and the increase in packet-processing burdens for routers, firewalls, and access servers targeted to perform network security.
Loss of effective compression can be explained as follows: an outbound data packet coming from application layer 6 goes down to the IP layer 3 where it's encrypted. But, when that encrypted packet passes down to the PPP IP layer 2, it cannot be compressed. Therefore, one of the challenges is losing the effectiveness of layer 2 compression when layer 3 encryption is added. This is a security-induced penalty.
Encryption works by randomizing data or hiding any traces of patterns. If patterns can be detected, a hacker might be able to detect the data. It's hoped that encryption will scramble the data and make it undecipherable. This means that encrypted data has no patterns. So if data compression is performed after the encryption, it will prove ineffective because compression relies on data to have patterns. As a result, data must be compressed first and then encrypted.
The loss of effective compression equates to bandwidth constraints, which can cause the enterprise manager to have considerable head-aches. PPP compression is the aspirin that relieves the pain. More specifically, LZS and MPPC resolve those problematic areas. These two algorithms are based on Hi/fn patents from Hi/fn Inc. and are Internet Engineering Task Force (IETF) Requests For Comments (RFCs). "The fact that encrypted data doesn't compress means that PPP compression is rendered ineffective when encryption emerges at higher layers," says Joe Gagliano, manager of Hi/fn, based in Los Gatos, Calif. When IPSec is applied to a data packet at IP layer 3, either a header, a trailer, or both are added to the packet to alert the receiving system that IP security is used and to call out the associated algorithms. Consequently, the packet grows in length.
One system approach employs discrete hardware accelerators with separate compression, encryption, and authentication chips. A better approach implements integrated accelerators with compression, encryption, and authentication functions embedded in a single chip. Examples of such chips include the Hi/fn 7711 and 7811 security processors.
Motorola Semiconductor Corp. has introduced some brand new ICs targeting the same markets as the Hi/fn products. These devices, dubbed the MPC180 and the MPC180e, are designed to work with the company's communications processors. Both interface gluelessly to the 8xxx/60x or 860 local bus, 50 and 66 MHz, respectively. This enables computationally intensive security functions, such as key generation and exchange, authentication, and bulk data encryption.
This family of security processors is optimized to process all of the algorithms associated with IPSec, IKE, WTLS/WAP, and SSL/TLS, including RSA, RSA signature, Diffe-Hellman, Elliptic Curve Cryptography, data encryption standard (DES), Triple-DES, SHA-1, MD-4, MD-5, and ARC-4. For example, the devices support public-key execution with a programmable field size of 80 to 2048 bits while a 1024-bit signature requires 32 ms.
The MPC180 and MPC180e are used in load/store, memory-mapped systems. But, the "e" version provides the additional capability of processing elliptic curve operation in either F2m or Fp with a programmable field size from 55 to 511 bits and a 155-bit signature time of 11 ms. An external processor may execute application code from its ROM and RAM, using RAM and optional nonvolatile memory for data storage.
For instance, the two devices might reside in the memory map of the processor. As a result, when the application requires cryptographic functions, it simply reads and writes to the appropriate memory location in the security processor. Each encryption algorithm is mapped to a unique address space. An on-chip random number generator assists in key generation. Furthermore, the two new ICs provide ECC functionalities.
The problem posed by a multichip approach is that data is forced to traverse across the system bus multiple times as it moves between the packet memory and the processor, and on to each individual hardware accelerator. For instance, data comes into packet memory, then it goes to the compressor, back to packet memory and then to the encryptor chip, back to packet memory, and to the authentication device and then back to packet memory. Because of this, data crisscrosses the system bus multiple times. This intensive processing of data adversely affects system performance.
On the other hand, with a single chip completely fitted with compression, encryption, and authentication functionality, data moves across the system bus two times—once to the packet memory, and another time back to the integrated compressor, encryption, and authentication chip.
To resolve the issues discussed, Hi/fn provides network OEMs with integrated single-chip solutions, such as the 7711, 7751, and 7811 chips. Compression, encryption, and authentication functionality are integrated into each of these single chips. Also, each handles algorithms like LZS and MPPC compression, DES, Triple-DES, RC4 encryption, and MD5 and SHA authentication. The 7711 and 7751 each handles up to eight T1/E1 links, while the 7811 chip handles three times as many as either the 7711 or 7751. OC-3 solutions are planned to be introduced soon.
"In the future, all encryptors will compress," claims Gagliano. "A key reason is that tightly integrated chips like the Hi/fn solutions provide network system designers considerable flexibility for handling the legacy PPP and IPSec protocols."
One of the most promising initiatives to bring hardware security to PCs is the Trusted Computing Platform Alliance (TCPA), which includes more than 130 members. TCPA was founded by Intel, Microsoft, Hewlett-Packard, Compaq, IBM, and others, and also includes many relevant members like RSA Security. The objective of the alliance is to produce a trusted platform for PC security, one in which both local users and remote entities, including software and web site users, and all third parties, can have faith (Fig. 2). Essentially, the alliance represents an authority that can vouch for a platform.
Integrity Metrics Reported
Special focus was placed on the nonrepudiation issue. The TCPA specification advocates that a separate mechanism, called the Subsystem, can be trusted to the same degree by as many entities as possible. The TCPA Subsystem is designed to provide reliable mechanisms for measuring and reporting integrity metrics. It consists of two building blocks, a trusted platform module (TPM), and a trusted platform specification (TPS).
The TPM is defined as the hardware instantiation of the TCPA specification and, therefore, is identical to its silicon implementation. It handles all operations requiring very high levels of security. Typically, the TPS is a software environment encapsulating the TPM. It performs integrity metrics in conjunction with the TPM.
The Subsystem is designed to prevent the platform from logical, or software-based, attacks. While the Subsystem can still be subverted by physical means, this mode of attack exposes only the secrets of the Subsystem on the local platform, and not on other connected platforms.
Through the Subsystem, the TCPA specification will create a hardware-based foundation for trust based on a set of integrity metrics. These are defined as measurements of key platform characteristics that can be used to establish platform identity, such as a BIOS, a boot loader, an operating-system (OS) loader, and the OS security policy. The BIOS, boot loader, OS, drivers, and hardware components all have a digital signature. Furthermore, cryptographic hashing is employed to extend trust from the BIOS to other areas of the platform.
The TCPA Specification has taken specific steps to enhance trust while preserving privacy. The system owner has control and permission over private information, and must opt-in to utilize the TCPA Subsystem. Integrity metrics can be reported by the TCPA platform, but don't restrict the choice and options of the owner, so that openness will be preserved. Further enhancing privacy, the specification allows the system owner to create multiple and/or anonymous identities to enhance personal security and remove avenues for identity cross-correlation.
Although the TCPA offers something like the ID number in a well-known PC processor, it offers much more privacy. Owners can define different kinds of identities for different kinds of uses and, of course, they can disable it in a very convenient manner.
"The value of the secrets is smaller than on a smartcard \[a microcontroller-based chipcard\]," explains Gadi Ehrlich, director for the system technology and architecture group at National Semiconductor's Israel design center in Tel Aviv. "TCP is used to develop trust for the platform. It's not targeted at hard-based e-commerce applications, but it's good for identification in e-commerce." A future application on the consumer side is the ability to enter home banking, where the TCPA can be used for authentification and ID generation.
Another application of the TCP is checking if the hardware was changed. Typically, this application is used to see if any viruses exist on the hardware platform, which is good for networks as it allows administrators to determine whether the hardware was changed.
National Semiconductor and Infineon Technologies AG are the first two semiconductor manufacturers with TPM silicon solutions. National's TCP IC will start shipping early next year. It will contain a 16-bit RISC processor core, memories, peripheral functions, a cryptography accelerator, and integrated firmware. The built-in cryptography hardware accelerator is based on the libraries that National licensed from Wave Systems Corp., a company that's very active in the pay-per-use business. All of the keys are generated by this security coprocessor.
Most likely, an on-chip RAM will have an 8-kbyte size, while the integrated firmware might be around 64 kbytes in size. The interface to the PC is a low-pin-count type, because according to Ehrlich, the SM bus that it's designed to work with isn't fast enough. Furthermore, National's TPM solution provides a general-purpose interface for digital "sign and verify" operations.
Ehrlich points out that a U.S. export license is required for every RSA encryption device. "However," he adds, "because TCPA doesn't provide general-purpose encryption, there's no need for such a license."
National will focus its TPM IC primarily on the enterprise market, and it expects platforms to use this solution by the end of 2001. Because the PC market is very price sensitive, National intends to put only what TCPA requires onto the chip. Nevertheless, National plans to place on it some measures of tamper-resistance. The pricing of the IC, which was designed in Israel, will be somewhere in the $5 range, depending on the functionality required and the volumes ordered.
"We believe a TCP solution that won't have hardware acceleration won't succeed in the market because it will be too slow," concludes Ehrlich. "TCP requires a lot of cryptographic operations. The basic issue of security is that the keys and the secrets are kept outside of the PC processor and PC memory."
The other hardware solution for TCP is Infineon's TPM device. The chip contains a nonvolatile memory to securely store keys. It has command of the DES and Triple-DES encryption standards, and it completes an RSA encryption with a 1024 key within less than 300 ms. A hash accelerator (SHA1, MD5) for checking the integrity as well as a random-number generator are integrated on-chip too. This is an important feature because it makes certain that a software/hardware configuration hasn't been changed.
PC Security Also Required
These solutions take care of the network aspect of security, but that still leaves the consumer side and the PC. Few passwords are used in the consumer PC sector for ID, yet we rely heavily on passports and ID cards for identification. To strengthen this weak point, more and more biometrical data, like fingerprints, eye iris recognition, and chipcards, are being used for proper ID (see "Biometrics Boost Security," p. 108).
By using suitable security algorithms in combination with an appropriate safe hardware architecture, the safety requirements in terms of authentication, data integrity, and confidentiality can be fulfilled. All of these security algorithms are based on the employment of digital keys that have to be protected. During encryption, symmetric or asymmetric procedures can be used.
All encryption algorithms run automatically and every user owning the right key can manipulate the data. So, the keys need to be protected in a very special way. Users may never be able to prevent an unauthorized person from accessing their computer and reading their data, but they can certainly prevent that person from accessing the keys.
Because digital keys normally aren't stolen but "only" copied, it usually takes some time before the theft of the key is noticed. Within this time frame, a lot of unwanted action can appear. Every company and every private person needs to think about the respective consequences. The encryption of the data is "only" a matter of computing performance and time, but keeping the keys truly secret is a science of its own.
Of course, already existing methods, like secure socket layer (SSL), are a very good beginning. The SSL method, however, can't be rated as really safe, because that encryption takes place by software within the PC processor.
One of a computer's best features is its open programmability, which also is the reason for the high success of PCs on the market. In fact, this means that everyone will be able to program the PC in the way that he or she likes with the relevant knowledge as a prerequisite. The disadvantage of this universal programmability is the possibility of running programs that the user quite often doesn't even know about. Just think about viruses and Trojan horses in this context.
It's possible, for example, to store the private key in an encrypted way. But during the computing operation within the PC processor, the key must be available in a nonencrypted way when it's stored in one of the processor's registers. Plus, all of these registers are easily accessible by any kind of software. In any case, this is where software encryption is vulnerable because a hacker could read the key out of the PC and use it without authorization. Once a hacker has the key, that person will be able to encrypt already intercepted information from outside of the system.
Certainly the "I Love You" virus has revealed how easy it is to manipulate PCs. How will users benefit from high-security locks at the door when they leave a window open on the first floor? In other words, what's the point of encryption if users process the key within the PC processor?
Hardware-Based Security Is Better
The problem is that with software encryption the key is transported to the data or to the PC's processor. But with hardware encryption, the data is transported to the key securely stored within a specific security location. Nobody has access to the key because it isn't available in any part of the PC that's accessible to the PC software at any time. Thus, separate encryption hardware is mandatory for truly secure encryption that cannot be circumvented by PC viruses or Trojan horses. "Furthermore, a security IC speeds up the calculation at least by a factor of 10," says Ulrich Haman, senior vice president and general manager of the business security and chipcard ICs group at Infineon.
Moreover, especially in high-volume applications like servers, performance issues are very important. Quite often, the required performance can only be delivered by using additional hardware.
If additional computing power to support the PC processor is required, a normal hardware coprocessor will suffice. If a trusted environment is necessary, however, a coprocessor alone won't be enough. That's why PC chip-set manufacturers, such as Intel and Via, don't integrate the security coprocessor into their Southbridge solutions.
Until now, security ICs were only known to exist within chipcards, also termed smartcards. One of the pioneers in this area and a market leader in the worldwide chipcard business, Infineon has used its chipcard IC expertise to bring specially tailored security ICs to the market, allowing computers to become safe.
While normal hardware (crypto) coprocessors are designed with a standard ASIC design process, Infineon implements its own secure hardware design approach for the security ICs. This approach uses secure controllers and includes special methods to prevent reading-out the memory contents, including a so-called secure nonvolatile process, to prevent successful static or differential power analysis, and to prevent re-engineering.
For instance, Infineon's 66 series chipcard controller is certified according to the ITSEC 4 standard. Chipcard ICs from Infineon are used in the "Geldkarte." This is an electronic purse for making offline payments in small amounts of money, like for a ticket, vending machine items, or meals at fast-food restaurants. All German banks now issue the Geldkarte and, statistically, it's available in every German household (see "Java Gaining In Chipcards For Internet Applications," June 26, p. 26). A Geldkarte, or "money card," is like bills of cash: it represents money.
The important issue is always that the key itself and the key generation process never leave the secure hardware. The key shouldn't be stored in a separate EEPROM. A major part of a chipcard manufacturer's IP is to provide the counterintelligence against attacks from the outside. Depending on the application, the designer can choose a specific hardware solution, which is directly integrated into the computer hardware.
For encrypting huge amounts of data, Infineon created the Bayon (SLD9670) IC, a chip with high computing power compared to a chipcard. The chip can encrypt all data to be written to a hard disk, or decrypt that data entirely during a read operation. The Bayon offers a 32-bit, 33-MHz PCI bus interface and provides symmetric real-time encryption of a DES/Triple-DES algorithm at 423/141 Mbit/s. The device is capable of storing 128 key lines (keys + signature + attributes) and contains a UART as well as two chipcard interfaces.
Computer users also can benefit from a system that integrates the Bayon IC with a chipcard, resulting in a DES module. Such a device performs very rapid symmetrical encryption of data delivered via the PCI interface. The chipcard communicates securely with the Bayon IC and informs it about the current symmetrical key.
Using this method, for example, a notebook computer with encrypted hard-disk data communicates in the same way with the user as does a notebook computer without data encryption, as long as the chipcard is plugged into the computer's slot. Removing the chipcard not only makes the notebook computer's hardware useless, but it also makes the data stored on the hard disk unreadable.
Encouraging companies to use its security ICs and to help them out, Infineon founded a global partnership, dubbed Silicon Trust. It focuses on applications from varying industries that either have exceptional security requirements, or else will become security-dependent. These include computing, secure e-commerce and m-commerce, telecommunications, and industrial and automotive applications.
The Bayon IC, though, is limited in PC security applications, and communication with chipcards is only possible at maximum data rates of about 150 kbits/s, via a serial interface. This makes its use with PCs less than ideal for encrypting large amounts of data.
Infineon has addressed this problem with a very promising solution for bringing security to the mass market, the USB Token. Although it's very similar to a controller within a chipcard, the Token doesn't have the slow 150-kbit/s "standard" serial interface. Instead, it has a fast 12-Mbit/s interface for USB ports. Because USB interfaces are available on all new computers, no additional chipcard readers are required when employing USB Tokens.
Therefore, generating a key or setting up an SSL session on unsafe PC platforms by using software encryption is no longer necessary. Safer hardware encryption is now possible. "A chipcard is a representation of a human being in a technical system," explains Ulrich Haman of Infineon, "and so is the USB Token, but with a faster interface."
On the other hand, a high-speed serial interface isn't always needed for secure authentication. For instance, RSA Security, a company that has already sold over 500 million encryption software packages, also created an active token. The device, based on a chip from a European chipcard manufacturer, contains a battery and generates a new password every 60 seconds. This password is then displayed on a 6- or 8-digit LCD and typed into the computer manually. The Swiss bank Credit Suisse already has 150,000 of these active tokens in use for authentication over the Internet.
Not only are smartcards becoming more common in PC security applications, they're also gaining more capabilities. With its latest smartcard IC solution, Atmel Corp. offers the largest reprogrammable nonvolatile memory on a smartcard chip—256 kbytes. This compares with conventional solutions of 64 kbytes. The T89SC256C is an 8/16-bit secure microcontroller based on an 80C251 enhanced architecture, and it is software compatible with any existing 80C51-based application. Plus, the 0.35µm CMOS IC has an embedded arithmetic cryptoprocessor and other security features.
Its small 25-mm2 size and low 10-mA power consumption at 5 V and 5 mA at 3 V make it ideal for embedded smartcard applications. Its UART and SPI communication interfaces enable the cryptocontroller to also support larger secure systems, such as smartcard readers and set-top boxes.
The T89SC256C includes several dedicated security features, like a true random-number generator, a secure memory management unit, an automatic memory error detection and correction mechanism, and physical sensors. Plus, a watchdog timer is included to control the correct execution of the embedded application software.
For high-speed cryptographic computation capacity, a separate arithmetic crypto coprocessor is provided on-chip. It supports up to 2048-bit RSA computations. A 1024-bit RSA computation with the Chinese Remainder Theorem (CRT) is achieved in 90 ms. Samples of the chip are available now. As with all chip-card designs from other semiconductor companies, Atmel's latest offering was created in Europe.
|Companies Mentioned In This Report|
+33 130 60 70 00
fax (408) 399-3501
+32 16 28 12 11
Infineon Technologies AG
+49 89 234-0
Motorola Semiconductor Inc.
National Semiconductor Corp.
Contact Veronica Preysing,
project coordinator at
+33 450 40 25 00
TCPA Program Office
c/o Intel Corp.
Wave Systems Corp.