Upload
ngocong
View
227
Download
3
Embed Size (px)
Citation preview
IBM PCI-*Cryptographic Coprocessors
Presented by Tom Connors and Kyle Burden
“A flexible solution to your high-security cryptographic processing needs”
Agenda
• Introduction• Features• Design• Architecture• Performance Comparison• Applications
Introduction•What is a Side Channel Attack
o timing attackso power analysiso differential fault analysis
•What is a Secure Processoro a general-purpose computing environment that
withstands physical attacks and logical attackso able to distinguish between the real device and
application, and a clever impersonator
Family of Secure Processors
• 4578 - PCIo discontinued in 2005
• 4764 - PCI-Xo May 2011 - December 2011o System z
• 4765 - PCI-Eo introduced in 2011o System x
Features
• High-security processing and high-speedcryptographic operation• Tamper Responding Hardware with diagnostics• Flexible Hardware• Embedded Certificate• Hardware specialized for AES, SHA-X, RSA, ECC, and
MAC• IBM Common Cryptographic Architecture API• Processor lockstep (error-checking)
Common Cryptographic Architecture
• API with User Defined Extension • Encryption• Digital Signature• Key Distribution• Random-Number Generation
Tamper Responding Hardware
• FIPS 140-2 Level 4 Certification o power sequencing o temperature manipulation
• Triggered?o destruction of certificate & data o permanently inoperable
Design
• IBM 4764 PCI-X• IBM Crypto Engine• Tamper Detection• Security Supervisor• Secure Clock• Battery Backed RAM
Architecture of 4765
• 2 PowerPC 405 @400 MHz• Secure Service Processor (SSP) @100MHz• 128 MB of Shared DRAM• 64 MB of Flash Memory
•3.5 MB of BBRAMo 3 KB High-Speed Erase
Architectural Evolution
• Multiprocessor Environmento Error Detection
• Separation of concerns between MCPU’s & SSP• Flexible hardware • BBRAM with high-speed erase• Higher throughput• Improved diagnostics
Architectural Evolution continued
Architectural Evolution continued ...
Performance Comparisons
(4096 Block SIze) Haswell i5-4570(cycles per byte)
4765 (cycles per byte)
AES-128 9.15 9.86
AES-256 13.59 12.2
SHA-256 11.92 7.91
Keccak 10.85 ? - 38.14
Applications
• High-Speed Data Encryption• Digital Signing• Secure Storage• Custom Cryptographic Applications
Summary
• Introduction• Features• Design• Architecture• Performance Comparison• Applications
Questions
References[1] Arnold, T. W., and Van Doorn L.P. "The IBM PCIXCC: A New Cryptographic Coprocessor for the IBM eServer." IBM Journal
of Research and Development 48.3 (2004): 475-87. ProQuest. Web. 10 Dec. 2013.
[2] Arnold, T. W.; Buscaglia, C.; Chan, F.; Condorelli, V.; Dayka, J.; Santiago-Fernandez, W.; Hadzic, N.; Hocker, M. D.; Jordan, M.; Morris, T.E.; Werner, K., "IBM 4765 cryptographic coprocessor," IBM Journal of Research and Development , vol.56, no.1.2, pp.10:1,10:13, Jan.-Feb. 2012
[3] IBM Corporation, Web. 10 Dec 2013. <http://www-03.ibm.com/security/cryptocards/pciecc/pdf/PCIe_Spec_Sheet.pdf>.
[4] Demme, J.; Martin, R.; Waksman, A.; Sethumadhavan, S., "Side-channel vulnerability factor: A metric for measuring information leakage," Computer Architecture (ISCA), 2012 39th Annual International Symposium on , vol., no., pp.106,117, 9-13 June 2012