Re: Crypto hardware
At 11:09 AM -0700 7/12/2001, Jurgen Botz wrote: ... Set up a PC with CA software and a smart card reader and put your CA cert/key on a smart card and you have your tamperproof CA master... the only weak link in the certificate generation process is the CA's secret key, so that's really the only thing you need to protect. From a security standpoint everything else should be as transparent as possible, so ideally you want a box running open source software rather than a proprietary appliance and isolate the critical part of the process to something that can be made very tamperproof and has well known specs/intefaces... i.e. a smart card. The CA's secret key is not the only weak link. There is also the the software that submits certs to be signed to the tamper proof smart card. If I can gain control of that software, it is a simple matter to have your smart card sign any cert I want. And if I get root on your off-the-shelf PC, such an attack would not be hard to mount. At the very least, one needs some audit trail maintained inside the tamper proof module and a tamper proof means to display that audit trail. Arnold Reinhold - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Crypto hardware
Kent Crispin wrote: A couple of years ago at the RSA conference one of the vendors was exhibiting a tamperproof that would keep a secret key and perform encryptions/signatures using the key. Since the key never left the box, in theory security reduced to physical security around the box. The intended use of the box was as a master for a CA. I thought the vendor was GTE, but I didn't find anything definitive on their site. Others have responded with specific products which may be what Kent originally saw, but it occurs to me that this description also applies to crypto smart cards, USB dongles, iButtons, and other such devices. The idea with these devices is exactly that the secret key of a private/public key pair is stored in a tamper proof device and never leaves this device (and the device can generate the key pair so that the secret key need not ever have existed outside the device). The device performs RSA (or other public key) encryption using its stored secret key... since in pratical crypto applications the thing that's actually RSA encrypted is small (a session key, auth challenge, or fingerprint) the device need not be particularly fast and can use a low-bandwith interface to the application. Set up a PC with CA software and a smart card reader and put your CA cert/key on a smart card and you have your tamperproof CA master... the only weak link in the certificate generation process is the CA's secret key, so that's really the only thing you need to protect. From a security standpoint everything else should be as transparent as possible, so ideally you want a box running open source software rather than a proprietary appliance and isolate the critical part of the process to something that can be made very tamperproof and has well known specs/intefaces... i.e. a smart card. I've been playing with smart cards and iButtons, and I think they are very cool. I'm puzzled why they aren't seeing wider use already, but I suspect/hope they will get a lot more popular soon. Opinions? --jurgen - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Crypto hardware
At 2:28 PM -0700 on 7/10/01, Kent Crispin wrote: Does this description trigger any recollection? Are there similar devices on the market from other sources? Yup. Talk to NCipher. http://www.ncipher.com -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Crypto hardware
You are describing a Hardware Security Module (HSM) and there are several on the market from various vendors. For further data on our product line please feel free to look at our website. Our nShield product is FIPS 140-1 Level 3 validated: http://www.ncipher.com/products/nshield/index.html HTH, --John John P. Sullivan Senior Consulting Engineer nCipher, Inc. 781-994-4084 (office) [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kent Crispin Sent: Tuesday, July 10, 2001 5:28 PM To: [EMAIL PROTECTED] Subject: Crypto hardware A couple of years ago at the RSA conference one of the vendors was exhibiting a tamperproof that would keep a secret key and perform encryptions/signatures using the key. Since the key never left the box, in theory security reduced to physical security around the box. The intended use of the box was as a master for a CA. I thought the vendor was GTE, but I didn't find anything definitive on their site. Does this description trigger any recollection? Are there similar devices on the market from other sources? -- Kent Crispin Be good, and you will be [EMAIL PROTECTED] lonesome. -- Mark Twain - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Crypto hardware
On Tue, Jul 10, 2001 at 02:28:08PM -0700, Kent Crispin wrote: A couple of years ago at the RSA conference one of the vendors was exhibiting a tamperproof that would keep a secret key and perform encryptions/signatures using the key. Since the key never left the box, in theory security reduced to physical security around the box. The intended use of the box was as a master for a CA. I thought the vendor was GTE, but I didn't find anything definitive on their site. Does this description trigger any recollection? Are there similar devices on the market from other sources? Was it the BBN Safekeeper? I haven't seen one, but I have had it described to me as a PC welded into a box, intended for use as a CA. Eric - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Crypto hardware
At 02:28 PM 7/10/01 -0700, Kent Crispin wrote: A couple of years ago at the RSA conference one of the vendors was exhibiting a tamperproof that would keep a secret key and perform encryptions/signatures using the key. Since the key never left the box, in theory security reduced to physical security around the box. The intended use of the box was as a master for a CA. I thought the vendor was GTE, but I didn't find anything definitive on their site. Does this description trigger any recollection? Are there similar devices on the market from other sources? Look up ibutton.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Crypto hardware
Are you talking about the BBN/GTE SafeKeyPer (I may have mis-spelled that)? I don't know if they are still on the market -- they were priced Really High. -derek Kent Crispin [EMAIL PROTECTED] writes: A couple of years ago at the RSA conference one of the vendors was exhibiting a tamperproof that would keep a secret key and perform encryptions/signatures using the key. Since the key never left the box, in theory security reduced to physical security around the box. The intended use of the box was as a master for a CA. I thought the vendor was GTE, but I didn't find anything definitive on their site. Does this description trigger any recollection? Are there similar devices on the market from other sources? -- Kent Crispin Be good, and you will be [EMAIL PROTECTED] lonesome. -- Mark Twain - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Crypto hardware
This sounds like the BBN Safekeyper. (BBN was acquired by GTE, but still operates using the BBN name.) A similar device is described at: http://www.bbn.com/infosec/signassure.html - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Crypto hardware
The unit is called the SafeKeyper from BBN. It is based on a unit designed for type-1 cryptography and met the various government standards required. That unit was, I believe, the first cryptographic peripheral device accepted by the government and led to the acceptance of other peripheral cryptographic devices like Fortezza, SmartCards, etc. We in the biz never use the term tamperproof ;-) Besides being impossible, it is often viewed as a challenge. Highly tamper resistant and tamper evident is the claim. For example, we speculate that if you took a SafeKeyper and froze it in liquid nitrogen, then you might be able to disassemble it and neutralize the tamper circuitry. This would allow you to extract the keying material and perhaps re-assemble the unit. We believe that the tampering would be evident due to tamper resistant seals on the opening of the unit although cleverness would probably defeat those too. Of course, if freezing damaged the circuitry then that would be tamper evidence too ... It would be a fun experiment. We can take this offline if you wish. I'm not certain it is of general interest. BTW: you can still buy these and an improved model is in the works. John Lowry - John Lowry Division Engineer BBN/Verizon 617-873-2435 [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kent Crispin Sent: Tuesday, July 10, 2001 5:28 PM To: [EMAIL PROTECTED] Subject: Crypto hardware A couple of years ago at the RSA conference one of the vendors was exhibiting a tamperproof that would keep a secret key and perform encryptions/signatures using the key. Since the key never left the box, in theory security reduced to physical security around the box. The intended use of the box was as a master for a CA. I thought the vendor was GTE, but I didn't find anything definitive on their site. Does this description trigger any recollection? Are there similar devices on the market from other sources? -- Kent Crispin Be good, and you will be [EMAIL PROTECTED] lonesome. -- Mark Twain - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]