Security Hardware

views updated

Security Hardware

The use of hardware to provide or enhance security dates from the early days of shared or multi-user computing systems. The Multics system (Multiplexed Information and Computing Service), developed in the 1960s and 1970s, was one of the first to use hardware mechanisms to isolate user processes from each other and from the operating system core and utility functions, and to permit sharing of information according to a well-defined security policy. In 1985 Multics was given a highly coveted B2 "Orange Book" security rating by the National Computer Security Center (NCSC) , the first such designation granted by the government to a computer security system. The Multics system was in operation in many organizations and institutions from the mid-1960s until the last Multics installation was decommissioned in 2000.

The history of Multics and subsequent systems has demonstrated that it is difficult to design and implement software to provide security, even with adequate hardware support in the central processing unit (CPU) . The LOCK by Secure Computing Corporation used a security coprocessor, a secondary CPU with its own address space, which controlled the memory and device accesses of user processes that run in the primary CPU. This isolated the security enforcement mechanism from potentially hostile user code. Most present day hardware processors support memory management systems and multiple CPU privilege modes that can be used to provide process isolation. However, few operating systems take full advantage of them.

Hardware authentication "tokens" are frequently used to reduce the risks associated with transmitting passwords over lines that might be subject to interception. These tokens establish security systems that are a combination of "Something you have (the token), plus something you know (a password or PIN)." The first such system, Polonius, was developed in the mid-1980s by Ray Wong, Tom Berson, and Rich Feiertag of Sytek, Inc.

In the Polonius system, each token contains a keypad, an encryption device with a key, and a display. The key is protected with a PIN (personal identification number) known only to the user. Authentication is done as follows: When the user is identified to the remote computer with a user ID or account name, this information is used by the computer to look up its copy of the key shared with the Polonius device. The computer then generates a random number, which is sent to the user as a challenge, and encrypts the number with its copy of the user's key. The user enters both a PIN and the challenge number into the Polonius device. The Polonius device uses its copy of the key, modified if an incorrect PIN is given, to encrypt the challenge and display the result. The user sends the result to the remote computer, which compares it with its own result. The user is granted access only if the results agree. Because the challenge is a large, randomly generated number, an observer who captures both the challenge and the response is unlikely to be able to use them again.

A number of similar devices exist. Some simply display a password that changes every minute or so, based on a key associated with the token and an internal clock that must be synchronized with the remote computer. In this case, the PIN is transmitted along with the token, placing the user at risk should the token be stolen after the PIN has been intercepted. On other tokens, the user enters the PIN into the token where it is combined with a time-dependent value before encryption, giving a password that is valid for a minute or so.

Authentication tokens represent a simple example of a cryptographic processor. Specialized cryptographic hardware can be combined with general purpose computers to enhance security in a number of ways. It is increasingly common to provide encryption as a part of communications devices, such as wireless cards or wired network links. Encryption hardware can also be incorporated into disk controllers or disk drives. Although encryption algorithms can be implemented in software, they are computationally intensive. In addition, the encryption keys used are likely to appear in the computer's memory and can often be recovered from the swap files maintained on disk by the operating system.

Certain cryptographic coprocessors such as Dallas Semiconductor's Crypto iButton can be used to generate and maintain cryptographic keys that are extremely difficult for unauthorized users to extract. These devices also contain general purpose processors that can be used with the cryptographic hardware. The iButton is about the size and shape of a watch battery and is extremely durable and tamper-resistant. The processor contains a Java virtual machine that complies with recent Java smart card standards. The iButton has been used to develop a variety of security-related applications such as secure postage meters for the issuance of postage from a home computer and the management of certificates for a public key infrastructure (PKI).

see also Privacy; Security; Security Software.

John McHugh

Bibliography

Organick, Elliot I. The Multics System: An Examination of its Structure. Cambridge, MA: MIT Press, 1972.

Saydjari, O. Sami, Joseph M. Beckman, and Jeffrey R. Leaman. "LOCK Trek: Navigating Uncharted Space." Proceedings of the 1989 IEEE Symposium on Security and Privacy, Oakland, CA, May, 1989, pp. 167-175.

Wong, Raymond M., Thomas A. Berson, and Richard J. Feiertag. "Polonius: An Identity Authentication System." Proceedings of the 1985 IEEE Symposium on Security and Privacy, Oakland, CA, April 1985, pp. 101-107.