Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
FLEXIBLE SECURITY
1. ABSTRACT
This paper discusses the importance of flexible security the capability of a security product or system to be upgraded quickly and cheaply in response to a previously unforeseen threat, or perhaps as the result of a more routine update requirement. Flexibility is especially important for cryptographic products, and most particularly where the application is hardware-based, since generally speaking, these are the systems in which the user has placed the most trust and financial investment. It should be possible to upgrade a crypto unit in a matter of minutes, and this should not require that the unit be physically replaced indeed, in a distributed system, physical access to the unit may be infeasible. The following sections describe the importance of flexibility in security systems, and a proposal for achieving it in hardware-based cryptographic products.
2. KEY WORDS
Flexible; Security; Cryptography; Upgrade; Hardware; Interoperability; Legacy support; Multi-channel; FPGA; Partial Reconfiguration; Modularity.
August 2003
FLEXIBLE SECURITY
FLEXIBLE SECURITY
industry typically releases monthly or quarterly updates for its products, and it is widely accepted that where these updates are not applied, the protection provided is much reduced. Similarly, in the light of new hacking developments, a facility for regular updates to assure continued availability of service etc., should exist in cryptographic products.
or upgradable security products can act as a barrier to the uptake of improved communications capability.
unmanned, inaccessible locations. This raises the need for a remote upgrade capability.
As well as comprising the hardware on which the security application ultimately operates, the hardware crypto platform provides some low-level cryptographic functions such as physical tamper-resistance and random number generation. The Base Kernel consists of a bootstrap, an Operating System, a code-loading module and a communications protocol stack to support unit management. The code-loader in the Base Kernel allows security applications to be soft loaded onto the Programmable
Figure 1 : Vicious Circle of Procurement ment and certification of security systems compared with the high speed at which communications technology moves mean that it is a serious concern. It is unrealistic to expect that an advanced security system requirements specification is going to be perfect instead, subsequent upgrade must be possible.
August 2003
FLEXIBLE SECURITY
FLEXIBLE SECURITY
4.3. TECHNOLOGY
Figure 2 illustrates an architecture that is probably not uncommon in software security products, yet rare in hardware cryptos. Traditionally, the hardware layer of a hardware crypto might contain an ASIC implementation of an encryption algorithm (DES, say), another ASIC acting as an RSA accelerator, and a microprocessor. The scope for upgrade in this system is limited to those aspects that can be performed by the microprocessor. While changing the encryption algorithm to AES, for example, could be done in a microprocessor, it would be unlikely to provide the performance needed by most applications. A Programmable Security Module would be designed to include generically useful devices whose resources could be utilised by any of the security application or algorithms as needed. The general benefits of using FPGAs in embedded systems i.e. the re-programmability of software combined with the performance of hardware are now well understood. Indeed, FPGA technology is critical to the success of this design. An ASIC developed to support multiple algorithms (or equivalently, multiple ASICs) offers a degree of flexibility, as well as good performance, but only with respect to those requirements that can be predetermined. Many studies have demonstrated that FPGAs are able to operate at the Gigabit speeds needed for todays communications requirements, albeit by utilising aggregation techniques. As they become more widely used, there is every reason to believe that FPGA development will continue to match the pace of communications technology improvements. In addition, there are several specific recent advances in FPGAs that make them especially suitable devices for flexible applications:
Figure 3 : Supporting Different Security Applications on the Programmable Security Module Module. The Base Kernel API provides the interface specification for the security application writers. Note that the soft-loading process could be performed remotely from the crypto over public networks, assuming an appropriate wide-area communications protocol stack IP for example is used in the Base Kernel. This means that inaccessible units can be upgraded without the need to send an operator to the unit to perform the task. Security applications must be written so that they are independent of the cryptographic support services and primitives that they utilise to allow sufficient flexibility. Again this means that the interface between the application and the cryptographic algorithms the algorithm driver must be well-defined.
ment. In particular, it means that the risk associated with developing a hardware platform and system architecture, in advance of knowing all the application requirements, is substantially reduced. Also, the bus access between the integral processor and the FPGA layer is much faster than could be achieved by an external microprocessor, thereby allowing a more flexible combination of FPGA and microprocessor operations. Increasing Device Size The size of FPGAs has increased in recent years, in terms of both logic blocks and memory available. In just a few years, device size has grown from a point where implementing a single encryption algorithm was difficult, to one where supporting multiple applications or algorithms is straightforward. High Speed Interfaces While FPGAs themselves have been able to support encryption at Gigabit speeds for some time now, it is only within the last year that sufficiently high-speed interfaces have been available within the device to support that performance. Inclusion of Rocket IO technology in the new Virtex Pro series is an example of this. Removing the requirement for an external interface reduces the number of IO pins needed on the device and improves the electromagnetic emanation characteristics of the crypto, since less current is needed to drive internal IO than external IO. The use of FPGAs to provide soft-routing for component connectivity maximises the flexibility of the hardware itself. As an example, a hardware design that connects an FPGA microprocessor core to external RAM for code execution can be replaced by one where external RAM is instead used as a key store for the FPGA encryptor, just by reconfiguring the FPGA image. Traditional hard-routing at board level cannot be changed without building new hardware and this necessitates the physical replacement of old units.
4.4. STANDARDS
Cryptographic product development is generally based on standards, and without flexibility-promoting standards, it is obviously harder to develop a product that is flexible. While most standards bodies recognise the general need for future-proofing in their specifications, there are still some emerging security standards that, for example, provide no capability for changing the cryptographic protocols used. While standards such as IKE provide flexibility through the inclusion of algorithm negotiation, there are some financial security standards that have just been revised from only supporting single DES to only supporting Triple DES.
August 2003
August 2003
FLEXIBLE SECURITY
5. CONCLUSION
The need for flexible security systems is becoming increasingly important, due to the expense of upgrading traditional systems and the insecurity that can arise from failing to react quickly to new threats. To support this requirement, a layered, modular approach for crypto design is required. A Programmable Security Module could provide sufficient generic resources to support different security applications and algorithms, either simultaneously or as successive upgrades.
www.thalesgroup.com/security