Patent Application
20140140512
A crypto process may access a crypto engine, to carry out a cryptographic operation. Before the cryptographic operation can be carried out, the crypto process provides parameters to the crypto engine, such as a mode and/or algorithm, as well as a key value. The crypto process may retrieve the key value from a separate location, such as a key table. The key value may be associated with different types of cryptographic operations and/or different processes. For example, the key value may be associated only with some types of crypto processes and/or cryptographic operations. The key association may be set within the crypto process requesting the cryptographic operation itself or be enforced by another process.
However, security may be compromised if the key association is not securely maintained. For example, an unauthorized party may modify the key association in order to carry out an unauthorized cryptographic operation and/or allow access to the key value by an unauthorized process. Manufacturers, vendors, and/or users are challenged to provide more secure methods for preserving key associations.
The following detailed description references the drawings, wherein:
Specific details are given in the following description to provide a thorough understanding of embodiments. However, it will be understood by one of ordinary skill in the art that embodiments may be practiced without these specific details. For example, systems may be shown in block diagrams in order not to obscure embodiments in unnecessary detail. In other instances, well-known processes, structures and techniques may be shown without unnecessary detail in order to avoid obscuring embodiments.
A crypto process may seek to carry out a cryptographic operation, such as encryption or decryption of information. Thus, the crypto process may send cryptographic parameters, such as a type of algorithm, mode and/or key value, to a crypto engine. For security reasons, use of the key value may be restricted to only certain types of cryptographic operations or crypto processes. These restrictions or attributes may be set in software, such as at the crypto process requesting the cryptographic operation itself or at another process.
However, security may be compromised if the process is accessed by an unauthorized user. For example, the key value may be leaked and/or the attributes associated therewith may be manipulated or ignored. As a result, the unauthorized user may be able to carry out improper cryptographic operations and thus, for example, decrypt confidential information.
Embodiments may reduce a likelihood of key values being exposed and/or attributes associated therewith from being violated. For example, an attribute module may receive a process identifier (PID) identifying a process requesting a cryptographic operation. Next, the attribute module may determine at least one allowed cryptographic operation associated with the PID. Then, a comparison module may compare the requested cryptographic operation to the at least one allowed cryptographic operation. If the requested cryptographic operation is allowable, the comparison may signal a crypto module to carry out the requested cryptographic operation. Otherwise, the requested cryptographic operation will not be performed. Thus, an unauthorized cryptographic operation may be prevented and security may be increased.
In one embodiment, the process may not have direct access to the key value. Instead, the process may forward a key identifier (KID), to the attribute module. The attribute module may then retrieve the key value based on the KID, and forward the key value directly to the crypto module. Further, the attribute module may further filter the at least one allowed cryptographic operation based on the KID. Thus, security may be improved by not exposing the key value and/or the attributes associated therewith to the process. Further, as the process does not forward the key value to the crypto module, a likelihood of the crypto module receiving an invalid key value from the process is also reduced. Further, by blocking visibility to the process of the attributes associated with the key value, security may be improved by reducing a likelihood that a user knows all possible cryptographic operations and/or processes associated with a key value.
In another embodiment, the attribute module and/or comparison module may be implemented in hardware only. Therefore, security may be improved as modifying or violating the hardware implemented attributes may be substantially more difficult. Further, performance may be improved as performing operations directly via hardware logic may require substantially fewer execution cycles than performing the operations via software.
Referring now to the drawings,
The attribute and comparison modules 110 and 120 may include, for example, a hardware device including electronic circuitry for implementing the functionality described below, such as a register or Boolean logic. In addition or as an alternative, the attribute and comparison modules 110 and 120 may be implemented as a series of instructions encoded on a machine-readable storage medium and executable by a processor.
The attribute module 110 is to receive a process identifier (PID) from a crypto process 130. The PID identifies the crypto process 130 requesting a cryptographic operation. The attribute module 110 is to determine at least one allowed cryptographic operation associated with the PID. The comparison module 120 is to compare the requested cryptographic operation to the at least one allowed cryptographic operation output by the attribute module 110, to determine if the requested cryptographic operation is allowable. The term cryptographic operation may refer to any to type of procedure related to encryption and/or decryption of information, such as data or code. The term process may refer to any part of a computer program or instance thereof. Embodiments of the attribute and comparison modules 110 and 120 will be explained in greater detail with respect to
In the embodiment of
The attribute module 210, the comparison module 220 and the crypto module 230 may include, for example, hardware devices including electronic circuitry for implementing the functionality described below. In addition or as an alternative, each module may be implemented as a series of instructions encoded on a machine-readable storage medium and executable by a processor. The secure key memory 240 may be part of a machine-readable storage medium, such as any type of electronic, magnetic, optical, or other physical storage device capable of storing information, like data or instructions. Example of the machine-readable storage medium include Random Access Memory (RAM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a storage drive, a Compact Disc Read Only Memory (CD-ROM), and the like.
In
The comparison module 220 receives process attributes from the crypto process 250 related to the requested cryptographic operation and receives allowed attributes related to the at least one allowed cryptographic operation. As shown in
The algorithm field may include a symmetric or asymmetric key algorithm. Examples of symmetric algorithms include Twofish, Serpent, AES (Rijndael), Blowfish, CASTS, RC4, 3DES, IDEA and the like. Examples of asymmetric algorithms include Diffie-Hellman key exchange protocol, Digital Signature Standard (DSS), EIGamal, Paillier cryptosystem, RSA encryption algorithm and Cramer-Shoup cryptosystem, and the like. The algorithm field may indicate a type of encryption or decryption procedure to be performed.
The mode field may include a block or stream cipher mode. Examples of block cipher mode include Electronic codebook (ECB), Cipher-block chaining (CBC), Propagating cipher-block chaining (PCBC), Cipher feedback (CFB), Output feedback (OFB), Counter (CTR) mode and the like. Examples of stream cipher mode include synchronous and self-synchronizing stream ciphers, such as RC4, A5/1, A5/2, Chameleon, FISH, Helix, ISAAC, MUGI, Panama, Phelix, Pike, SEAL, SOBER, SOBER-128, WAKE and the like. The mode field may relate to a type of procedure for enabling the repeated and secure use of the algorithm using the same key value. While the process and allowed attributes are described as including the algorithm, mode and application fields, embodiments may also include different types of cryptographic information.
In one embodiment, the attribute module 210 may include a plurality of attributes lists. Each of the attributes lists may include the algorithm, mode, and application fields. Further, each of the allowed attributes lists may be associated with at least one of a plurality of the PIDs. Also, each of the allowed attributes lists may be associated with at least one of a plurality of the KIDs. While the attributes lists are described as including the algorithm, mode, and application fields, embodiments are not limited thereto. For example, the attributes lists may include various types and/or number of attributes. For instance, at least one of the attributes lists may include only one field or even no fields.
The attribute module 210 outputs one of the attributes lists as the allowed attributes to the comparison module 220 based on the received PID and the received the KID. In an embodiment, the algorithm, mode, and application fields may be multi-bit fields. Each of the bits of the algorithm field of the process and allowed attributes may correspond to one of a plurality of different types of cryptographic algorithms, such as those described above. Similarly, each of the bits of the mode field of the process and allowed attributes may correspond to one of a plurality of different types of cryptographic modes, such as those described above. Further, each of the bits of the application field of the process and allowed attributes may correspond to one of a plurality of different types of application uses. Examples of different application uses may include a type of source or destination of the information, such as an external memory destination or a key value source. However, embodiments are not limited thereto. For example, different application uses may include a type of the information, a type of the user, a type of application requesting the cryptographic operation, a time of the request, and the like.
Depending on the attributes associated with the PID and KID, more than one bit may be set for any one of the multi-bit fields of the algorithm, mode, and application fields of the allowed attributes output by the attribute module 210. For example, more than one bit may be set for the algorithm field if the crypto is process is allowed to use more than type of algorithm for the key value associated with the KID. Nonetheless, the crypto process may only request one type of cryptographic operation at a time. Thus, only one of the bits may be set for each of the algorithm, mode, and application fields of the process attributes output by the crypto process.
In another embodiment, the attribute module 210 may output or allow access to the plurality of attributes lists and the plurality of KIDs associated therewith to the crypto process 250. As a result, the crypto process 250 may select from one of the plurality of KIDs to output to the attribute module 210 based on the allowed one or more operations or attributes associated with each of the KIDs. Thus, the crypto process 250 may more efficiently select the KID based on knowledge of the cryptographic operations allowable to the crypto process 250 for a given KID.
In
The comparison module 220 also includes a plurality of OR gates 224-226. Each of the OR gates 224-226 logically ORs an output of one of the bitwise AND gates 221-223. For example, the first OR gate 224 logically ORs the m-bit output of the first AND gate 221. The second OR gate 225 logically ORs the n-bit output of the second AND gate 222. The third OR gate 226 logically ORs the o-bit output of the third AND gate 223. If an output of the first OR gate 224 is a logic one or high, then this indicates that the requested application by the crypto process 250 is an allowed application use. Otherwise, if the output of the first OR gate 224 is a logic zero or low, then this indicates that the requested application by the crypto process 250 is not an allowed application use. An output of the second and third OR gates 225 and 226 may indicate similar results with respect to the requested algorithm and mode by the crypto process 250.
The comparison module 220 further includes a first AND gate 227 to logically AND an output of the plurality of OR gates 224-226. If an output of the first AND gate 227 is a logic one or high, then this indicates that the algorithm, mode and application requested by the crypto process 250 is an acceptable combination, and thus an allowable cryptographic operation. Conversely, if the output of the first AND gate 227 is a logic zero or low, then this indicates that the algorithm, mode and application requested by the crypto process 250 is not an acceptable combination, and thus not an allowable cryptographic operation.
The output of the first AND gate 227 is output to the crypto process 250 as a success signal to indicate whether the requested cryptographic operation is to be performed. For example, if the success signal is at a logic one or high, then the crypto process 250 is notified that the requested cryptographic operation is an allowable cryptographic operation and will be performed. Otherwise, if the success signal is at a logic zero or low, then the crypto process 250 is notified that the requested cryptographic operation is not an allowable cryptographic operation and will not be performed.
The output of the first AND gate 227 is also input to a second AND gate 228 of the comparison module 220. The second AND gate 228 logically ANDs the output of the first AND gate 227 with a first start signal output by the crypto process 250 to output a second start signal. The first start signal indicates a time at which the crypto process 250 seeks to start the requested cryptographic operation. Hence, the second AND gate 228 will output the second start signal at a logic one or high, when the requested cryptographic operation is allowable and to ready to begin.
The output of the second AND gate 228 is output to crypto module 230. The crypto module 230 also receives the process attributes, such as the algorithm, mode and application fields, from the crypto process 250. Further, the crypto module 230 receives length, source and destination fields from the crypto process 250. The length field indicates a length of the information to be operated upon. The source field indicates a location, such as a pointer, of the information to be operated upon. The destination field indicates a location, such as a pointer, at which the information is to be written to after being operated upon.
The secure key memory 240 may store a plurality of key values. Further, the secure key memory may output one of the plurality of key values to the crypto module 230 in response to receiving one of the plurality of KIDs from the attribute module 210. Each of the key values may be associated with at least one of the KIDs. In
A supervisory process 260 may set at least one of the plurality of the attributes lists at the attribute module 210. For example, the supervisory process 260 may add, modify or delete attributes lists. The supervisory process 260 may also add key values to the secure key memory 240. In order to improve security, the supervisory process 260 may be separate from the crypto process 250 and the crypto process 250 may not generally set any of the plurality of the attributes lists. However, in an embodiment, the crypto process 250 may add an attributes list to the attribute module 210 that is associated with a key value added to the secure key memory 240 by the crypto process 250.
Upon receiving the length, source and destination fields, the key value, the process parameters and the second start signal, the crypto module 230 performs the requested cryptographic operation, if the second start signal is at the logic high, thus indicating that the requested cryptographic operation is allowable and ready to begin.
The computing device 300 may be, for example, a chip set, a notebook computer, a slate computing device, a portable reading device, a wireless email device, a mobile phone, or any other device capable of executing the instructions 322, 324, 326 and 328. In certain examples, the computing device 300 may include or be connected to additional components such as memories, sensors, displays, etc.
The processor 410 may be, at least one central processing unit (CPU), at least one semiconductor-based microprocessor, at least one graphics processing unit (GPU), other hardware devices suitable for retrieval and execution of instructions stored in the machine-readable storage medium 320, or combinations thereof. The processor 410 may fetch, decode, and execute instructions 322, 324, 326 and 328 to implement encrypting or decrypting of information. As an alternative or in addition to retrieving and executing instructions, the processor 310 may include at least one integrated circuit (IC), other control logic, other electronic circuits, or combinations thereof that include a number of electronic components for performing the functionality of instructions 322, 324, 326 and 328.
The machine-readable storage medium 320 may be any electronic, magnetic, optical, or other physical storage device that contains or stores executable instructions. Thus, the machine-readable storage medium 420 may be, for example, Random Access Memory (RAM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a storage drive, a Compact Disc Read Only Memory (CD-ROM), and the like. As such, the machine-readable storage medium 320 can be non-transitory. As described in detail below, machine-readable storage medium 320 may be encoded with a series of executable instructions encrypting or decrypting information.
Moreover, the instructions 322, 324, 326 and 328 when executed by a processor (e.g., via one processing element or multiple processing elements of the processor) can cause the processor to perform processes, such as, the process of
The machine-readable storage medium 320 may also include instructions (not shown) to allow a crypto module (not shown) to perform the requested cryptographic operation if the at least one allowed operation includes the requested cryptographic operation, and to alert the process that the requested cryptographic operation is not performed if the at least one allowed operation does not include the requested cryptographic operation. An operation of the device 300 may be described in more detail with respect to
At block 405, the device 100 receives a process identifier (PID) identifying a crypto process 130 requesting a cryptographic operation and a key identifier (KID) associated with the crypto process 130. Then, at block 410, the device 100 selects one of a plurality of attributes lists based on the received PID and KID. Each the attributes lists are associated with at least one of a plurality of PIDs and at least one of a plurality of KIDs. Next, at block 415, the device 100 receives process attributes indicating the requested cryptographic operation of the crypto process 130.
As noted above, the process attributes and each of the attributes lists include an algorithm, a mode, and an application field. The application field indicates a type or use of the information upon which the requested cryptographic operation is to be performed. As also noted above, the algorithm, mode, and application fields may include a plurality of bits. Only one of the bits may set for each of the algorithm, mode, and application fields of the process attributes, while at least one of bits may be set for each of the algorithm, mode, and application fields of the allowed attributes. The bits of the algorithm, mode and application fields are set to indicate a corresponding type of allowable algorithms, modes and applications.
Lastly, at block 420, the device 100 compares the received process attributes to allowed attributes included in the selected attributes list to determine if the requested cryptographic operation is allowable. The allowed attributes indicate at least one allowed cryptographic operation of the crypto process 130.
According to the foregoing, embodiments provide a method and/or device for reducing a likelihood of tampering with cryptographic attributes associated with key values or KIDs. For example, a comparison module may compare a cryptographic operation requested by a crypto process with cryptographic operations that are allowed for a given key value, to determine whether the requested cryptographic operation is allowable. Further, key values and attributes associated therewith may be accessed and/or stored separately from the crypto process to provide greater security.
| Number | Date | Country | Kind |
|---|---|---|---|
| 61509078 | Jun 2011 | US | national |
This application claims the benefit of priority on U.S. Provisional Application No. 61/509,078, filed Jul. 18, 2011, the entire contents of which are incorporated herein in their entirety by reference.
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/US2012/020528 | 1/6/2012 | WO | 00 | 1/10/2014 |
