The IBM 4758 Cryptographic Module
|Main technologies or sub-processes||Cryptographic hash function, Encryption|
Hardware-based encryption is the use of computer hardware to assist software, or sometimes replace software, in the process of data encryption. Typically, this is implemented as part of the processor's instruction set. For example, the AES encryption algorithm (a modern cipher) can be implemented using the AES instruction set on the ubiquitous x86 architecture. Such instructions also exist on the ARM architecture. However, more unusual systems exist where the cryptography module is separate from the central processor, instead being implemented as a coprocessor, in particular a secure cryptoprocessor, of which an example is the IBM 4758, or its successor, the IBM 4764. Hardware implementations can be faster and less prone to exploitation than traditional software implementations, and furthermore can be protected against tampering. However, hardware implementations use additional space on the processor die, and any security vulnerability (such as Spectre) cannot be solved with a software update.
Hardware-based encryption arguably began in the 1987 with the ABYSS (A Basic Yorktown Security System) project. The aim of this project was to protect against software piracy. However, the application of computers to cryptography in general dates back to the 1940s and Bletchley Park, where the Colossus computer was used to break the encryption used by German High Command during World War II. The use of computers to encrypt, however, came later. In particular, until the development of the integrated circuit, of which the first was produced in 1960, computers were impractical for encryption, since, in comparison to the portable form factor of the Enigma machine, computers of the era took the space of an entire building. It was only with the development of the microcomputer that computer encryption became feasible, outside of niche applications. The development of the World Wide Web lead to the need for consumers to have access to encryption, as online shopping became prevalent. The key concerns for consumers were security and speed. This led to the eventual inclusion of the key algorithms into processors as a way of both increasing speed and security.
In the instruction set
The X86 architecture, as a CISC (Complex Instruction Set Computer) Architecture, typically implements complex algorithms in hardware. Cryptographic algorithms are no exception. The x86 architecture implements significant components of the AES (Advanced Encryption Standard) algorithm, which can be used by the NSA for Top Secret information. The architecture also includes support for the SHA Hashing Algorithms through the Intel SHA extensions. Whereas AES is a cipher, which is useful for encrypting documents, hashing is used for verification, such as of passwords (see PBKDF2).
ARM processors can optionally support Security Extensions. Although ARM is a RISC (Reduced Instruction Set Computer) architecture, there are several optional extensions specified by ARM Holdings.
As a coprocessor
- IBM 4758 – The predecessor to the IBM 4764. This includes its own specialised processor, memory and a Random Number Generator.
- IBM 4764 and IBM 4765, identical except for the connection used. The former uses PCI-X, while the latter uses PCI-e. Both are peripheral devices that plug into the motherboard.
Advanced Micro Devices (AMD) processors are also x86 devices, and have supported the AES instructions since the 2011 Bulldozer processor iteration.  Due to the existence of encryption instructions on modern processors provided by both Intel and AMD, the instructions are present on most modern computers. They also exist on many tablets and smartphones due to their implementation in ARM processors.
Implementing cryptography in hardware means that part of the processor is dedicated to the task. This can lead to a large increase in speed. In particular, modern processor architectures that support pipelining can often perform other instructions concurrently with the execution of the encryption instruction. Furthermore, hardware can have methods of protecting data from software. Consequently, even if the operating system is compromised, the data may still be secure (see Software Guard Extensions).
If, however, the hardware implementation is compromised, major issues arise. Malicious software can retrieve the data from the (supposedly) secure hardware – a large class of method used is the timing attack. This is far more problematic to solve than a software bug, even within the operating system. Microsoft regularly deals with security issues through Windows Update. Similarly, regular security updates are released for Mac OS X and Linux, as well as mobile operating systems like iOS, Android, and Windows Phone. However, hardware is a different issue. Sometimes, the issue will be fixable through updates to the processor's microcode (a low level type of software). However, other issues may only be resolvable through replacing the hardware, or a workaround in the operating system which mitigates the performance benefit of the hardware implementation, such as in the Spectre exploit.
- Intel® 64 and IA-32 Architectures Software Developer’s Manual (PDF). Intel. December 2017. pp. 303–309,410.
- ARM® Cortex®-A57 MPCore Processor Cryptography Extension (PDF). ARM Holdings. 17 December 2017. Archived (PDF) from the original on 2016-12-13.
- "4764 Cryptographic Coprocessor". IBM. Archived from the original on 2018-01-21. Retrieved 20 January 2018.
- P. Schmid and A. Roos (2010). "AES-NI Performance Analyzed". Tom's Hardware. Retrieved 20 January 2018.
- Staff (2018). "Meltdown and Spectre". Graz University of Technology. Archived from the original on 3 January 2018. Retrieved 20 January 2018.
- "ABYSS: A Trusted Architecture for Software Protection" (PDF). Archived (PDF) from the original on 2018-01-21. Retrieved 20 January 2018.
- "Building the IBM 4758 Secure Coprocessor" (PDF). IBM. Archived (PDF) from the original on 2017-08-08. Retrieved 20 January 2018.
- "Enigma-E case" (PDF). Crypto Museum. Archived (PDF) from the original on 2016-11-05. Retrieved 20 January 2018.
- "Consumers and their online shopping expectations – Ecommerce News". 20 February 2015. Archived from the original on 2016-09-30. Retrieved 29 August 2016.
- "x86-64 Instruction Set" (PDF). University of Oxford. 18 April 2017. p. 1. Retrieved 24 January 2018.
- Lynn Hathaway (June 2003). "National Policy on the Use of the Advanced Encryption Standard (AES) to Protect National Security Systems and National Security Information" (PDF). Archived (PDF) from the original on 2010-11-06. Retrieved 15 February 2011.
- "Cryptographic Hardware Accelerators". OpenWRT.org. 17 May 2016. Archived from the original on 2018-01-21. Retrieved 25 January 2018.
- "IBM 4765 Cryptographic Coprocessor Security Module" (PDF). National Institute of Standards and Technology. 10 December 2012. Archived (PDF) from the original on 2018-01-25. Retrieved 20 January 2018.
- "IBM 4758 Models 2 and 23 PCI Cryptographic Coprocessor" (PDF). IBM. May 2004. Retrieved 24 January 2018.
- Brent Hollingsworth (AMD) (October 2012). "New "Bulldozer" and "Piledriver" Instructions" (PDF). Arecibo Observatory. Archived (PDF) from the original on 2018-02-09. Retrieved 25 January 2018.
- Shay Gueron (University of Haifa & Intel) and Nicky Mouha (KU Leuven & NIST) (9 November 2016). "Simpira v2: A Family of Efficient Permutations Using the AES Round Function" (PDF). Archived (PDF) from the original on 2017-07-16. Retrieved 25 January 2018.
- "Intel SGX for Dummies (Intel SGX Design Objectives)". intel.com. 2013-09-26. Archived from the original on 2014-04-29.
- "BearSSL – Constant-Time Crypto". www.bearssl.org. Archived from the original on 2017-01-11. Retrieved 2017-01-10.
- Hachman, Mark (January 9, 2018). "Microsoft tests show Spectre patches drag down performance on older PCs". PC World. Archived from the original on February 9, 2018. Retrieved 2018-01-09.