Global Sources
EE Times-India
EE Times-India > EDA/IP

Implementing embedded cryptography

Posted: 06 Sep 2011     Print Version  Bookmark and Share

Keywords:embedded cryptography  security modules  VISA  Mastercard 

Cryptographic algorithms are high-performance, secure engines that take considerable space in a design. When countermeasures are added to thwart security attacks, the space and memory requirements grow even more demanding.

For these reasons, cryptographic algorithms have traditionally been embedded as proprietary designs (i.e., intellectual property, IP) in hardware on smart cards or 8bit chips. With recent improvements in core design and frequency performance, designers are now asking whether the customised IP blocks are still needed for these secure algorithms.

In short, can a designer use a generic core in the hardware to save space and cost, and embed the cryptographic algorithms in software? The answer is simple...well, not so simple—it depends on the need.

Science of secrecy
Cryptography was originally designed and known as the science of the secrecy. It was the weapon of kings, generals, spies, and ambassadors. In the last century, cryptography has grown up to become a more sophisticated tool-box which provides information trust to its users.

Cryptographic devices have a long history, longer than the history of microprocessors. (As a reminder, cryptography and its dark side, the cryptanalysis, is the origin of computer technology, thanks to the Colossus project [1].

Military forces and diplomats developed cryptographic machines to protect their communications. Depending on the required strength (i.e., a tactical communication on the battlefield has a shorter lifetime than a diplomatic message), the machines met several constraints: speed, reliability, integrity, protection of secrets, ease of use, and acceptable costs.

When security needs spilled over into the civilian world, new technologies and constraints evolved. Asymmetric cryptography [2] particularly soared for these markets while cost became a bigger concern.

Meanwhile, trust, authenticity, credibility were always paramount considerations for the financial and banking markets. Remote financial transactions would only be possible if cryptographic mechanisms could replace the traditional face-to-face agreement and handshake.

So the earliest cryptographic devices were strictly dedicated to security. With a form factor similar to a floor safe, evolving hardware security modules (HSMs) securely hosted and handled most secret keys. Made of steel and heavy, HSMs were, and still are, quite similar to military ruggedized boxes.

These security modules consisted of a secure box and processed secure keys, mainly for authentication but also for keys generation, PIN codes generation, and key protection (storage). Security standards, such the NIST FIPS 140-2 certification program, the EMV standard for smart-card use, and Common Criteria (ISO 15408) were developed and then accelerated the deployment of these devices.

Confidentiality, integrity and authentication
The acronym CIA (which stands for confidentiality, integrity, and authentication) symbolizes the main services that cryptography can offer today. In the simplest terms, it gives an accurate answer to well-identified threats.

Confidentiality is required to avoid eavesdropping and unauthorised access to sensitive data that owners only want to share with authorised people. Thus, the embassy sends notes to its foreign ministry; the spy transmits results of actions and nobody else ("for your eyes only") shall read what is written down.

In a world of consumers, confidentiality is required for transmission of pay TV programs to be accessed only by authorised subscribers. It is needed to protect personal data transmitted over public networks that are otherwise easily accessible. Mobile phones and WiFi connections are typical examples.

Integrity protects unauthorised and or uncontrolled modifications. Modifying devices means changing behaviour (the software has been modified) and the resulting loss of confidence (the data are no longer trustworthy). This type of malicious modification is typically done with malware run on an otherwise trustworthy device while the device owner is misled. Banking data is particularly sensitive to this threat, as data integrity is lost if a financial transaction is maliciously modified.

Authentication guarantees the origin of information. How valuable is information if the source is not validated? Clearly the answer depends on the source and sensitivity of that information. A signed contract commits the signer, so verification of identity is as important as the contract content itself.

Modern mobile devices and PCs accept only authenticated, authorised application updates and/or modifications. This ensures that no one takes control of the device and runs unauthorised software.

Authentication protects a device or a component against counterfeiting. A trusted element can not only prove its origin, but it can also authenticate the origin of the device to which it is attached. Thus a battery, a printer cartridge, or consumable shows their "credentials" to the hosting device which, in turn, authenticates, "trusts," that consumable.

Cryptographic algorithms costs
The crypto community has developed many algorithms to ensure these secure services. Asymmetric cryptography is based on number theory and symmetric cryptography is based on more pragmatic "recipes." Because of their wide adoption and publication, these algorithms are available today as standards which are commonly and easily measured and scaled to the application.

1 • 2 • 3 • 4 Next Page Last Page

Comment on "Implementing embedded cryptography"
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top