IBM Ports Linux to 4758

[R. A. Hettinga]

I expect the NCipher folks won't be too far behind, if this is actually
news at all...

Cheers,
RAH





http://researchweb.watson.ibm.com/resources/news/20010828_mycroft.shtml 
 



IBM Research News

  IBM Research Demonstrates Linux Running on Secure Cryptographic Coprocessor

IBM Research has demonstrated Linux running on the IBM 4758 secure
cryptographic coprocessor, a hardware security module. This is the first
general purpose operating system (OS) running on a secure coprocessor. The
IBM 4758 cryptographic coprocessor is an advanced, tamper-sensing and
responding, programmable PCI card. Its specialized cryptographic
electronics, along with a microprocessor, memory and random number
generator are housed within a tamper-responding environment to provide a
highly secure subsystem in which data processing and cryptography can be
performed.

By running Linux, it enables much easier migration and porting of
applications into the secure environment than with the current CP/Q
operating system. As a key product for secure e-business, its main
applications are financial-related solutions, such as electronic coupon
dispensers, Internet postage meters, intellectual property protection (web
subscription services), signatures for digital documents and certificate
authorities.

The Linux-based IBM 4758 also offers significantly better performance,
including eight times improved communication latency and four times faster
throughput, over the current custom OS based product offering. In addition,
Linux provides better support for new features, which are not supported by
the custom OS such as running multiple potentially hostile applications on
the same 4758 coprocessor card and allowing cross card communications that
enables load balancing among multiple cards.

IBM Research developed the 4758 coprocessor hardware, along with its
internal operating system, secure configuration and bootstrap software, and
custom software development tools that can run on multiple platforms,
including all IBM servers and non-IBM servers, about five years ago. By
creating the Linux version, IBM hopes to provide Linux developers the
opportunity to create high security applications, and to encourage such
development and interest in industry. We are working on making this
software package available as a free download for existing 4758 coprocessor
users. Parts of the Linux port were jointly developed with Cryptographic
Appliances, Sacramento, California.

The 4758 secure coprocessor was the first device ever to earn the highest
possible certification for commercial security granted by the U.S.
Department of Commerce's National Institute of Standards (NIST) and the
Communications Security Establishment (CSE) of the Government of Canada.

For further information, visit the IBM Research Mycroft Website at
http://www.research.ibm.com/mycroft

  
 
  

  About IBM  |  Privacy  |  Legal  |  Contact
-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

IBM 4758 + Linux

[David Lesher]

http://researchweb.watson.ibm.com/resources/news/20010828_mycroft.shtml



-- 
A host is a host from coast to [EMAIL PROTECTED]
 no one will talk to a host that's close[v].(301) 56-LINUX
Unless the host (that isn't close).pob 1433
is busy, hung or dead20915-1433



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Outreach Volunteers Needed - Content Control is a Dead End

[Dan Geer]

 Content control is a dead end.

Folks,

You only get an even number of {privacy, copyright} -- either the
owner of information controls how it is used or he does not.  Either
you embrace copyright-and-privacy, or you embrace neither.  

It really is time to be careful what you ask for.

--dan





-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Stealth Computing Abuses TCP Checksums

[Bill Stewart]

http://fyi.cnn.com/2001/TECH/internet/08/29/stealth.computing/index.html
http://slashdot.org/article.pl?sid=01/08/29/199205mode=thread

A group of researchers at Notre Dame figured out how to use the
TCP Checksum calculations to get other computers to do number-crunching for 
them.

Below, we present an implementation of a parasitic computer
using the checksum function.  In order for this to occur,
one needs to design a special message that coerces a target server
into performing the desired computation.

The article has the amount of great mathematical depth you'd expect from 
CNN :-)
But it does say that the paper will be published in Nature this week.

It's a really cool hack, though not especially efficient for real work.

Of course, the Slashdot discussion follows typical structure -
there's an interesting technical suggestion (ICMP checksums may be usable
and are probably more efficient than TCP), some trolls and flamers,
the obligatory Imagine a Beowulf Cluster of those! comment,
and some speculation about the potential legalities and other uses for it.




-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]