Cryptography in Computing
Ian Perry Terence O’Brien Pre-WWII
• Cryptography performed by hand • Keys distributed by hand • Cryptanalysis (breaking cryptography) played a significant role in World War I • Most ciphers were weak to cryptanalysis World War II
• The first use of mechanical and electromechanical tools for crypto • Colossus - World’s first programmable digital electronic computer • Enigma – The German crypto machine secretly broken by the allies The Internet
• Secure communication required on large scale • No easy way to distribute keys • Previous ciphers and algorithms breakable • Lead to advent of Data Encryption Standard (DES) • Lead to advent of Asymmetric Key Encryption (Public-key) • Later on Advanced Encryption Standard (AES) • AES-NI – Intel’s hardware accelerated implementation on Intel Core • Later on Secure Socket Layer (SSL) Modern Cryptography Basics
Symmetric Key Encryption: Share a common key AES, DES Asymmetric Key Encryption:
Different keys RSA, Diffie Hellman Hashing Functions: MD5, SHA1/256/512 Random Number Generators SSL/TLS
Secure Cryptoprocessor
Processor which performs cryptographic functions, stores, and generates keys and forms the core of many other cryptographic hardware products such as hardware security modules, SSL accelerators, and more. These processors have features which prevent physical tampering.
Western Electric 229G Crypto Processor
Freescale C29 Crypto Coprocessor SSL Acceleration
Sun Microsystems Crypto Accelerator 1000 PCI card. Accelerates the computation of public key and symmetric cryptographic keys. Supported SSL Algorithms: RSA, DSA, Diffie-Hellman, DES, 3DES, ARCFOUR Capabilities: 4300 new SSL sessions per second. Price in 2002: $2700 Processor: Broadcom BCM5821
Sun Microsystems Crypto Accelerator 6000 Supported Algorithms: AES, DES, DH, MD5, RSA, SHA-1, SHA512, SSL, Triple DES Capabilities: Establish up to 13,000 new RSA operations per second. Price in 2013: 250$ Hardware Security Module
Hardware Security Modules (HSM) are network devices which provide key storage, key generation, and distributed cryptographic processing. Thales nShield Connect Where can HSMs be found? Certificate Authorities ATMs Web Hosts Instruction Set Extensions
Intel’s Random Number Generator (RNG)
Intel AES-NI
Intel SHA References
(1) https://en.wikipedia.org/wiki/SSL_acceleration#/media/File:Sun-crypto-accelerator-1000.jpg
(2)https://docs.oracle.com/cd/E19412-01/819-0425-11/819-0425-11.pdf
(3) https://webobjects2.cdw.com/is/image/CDW/2599360?$product-main$
(4) http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1050.pdf
(5)http://avdiran.com/index.php/fa/2012-02-13-11-59-57/server
(6) http://www.cpu-world.com/forum/viewtopic.php?t=21226&start=150