Chapter 5

SECURE COPROCESSORS

THE NEED FOR SECURE COPROCESSORS

As explained in the overview of secure coprocessors in Chapter 4, the primary motivation for using a secure coprocessor is to create a protected environment, separate from the operating system's CPU, in which applications requiring high security can operate. Not only does this approach allow the use of hardware-based encryption, encapsulated keys, and the protection of data and program information from external observation or interference, but it also relieves some of the demand for computing cycles that would otherwise be placed on the host system's CPU. Moreover, such a secure coprocessor must be able to authenticate the applications that it is using and authenticate itself to the outside world. It must operate with the additional constraint that the only time that the coprocessor is in a completely known state and environment is at the time of manufacture. It must employ a trust-inheritance process that builds upon the initial conditions and adds authentication information about the user, the applications that it is using, and the platform on which it is operating.

A secure coprocessor is a separate physical device, so applications that operate external to it must be able to authenticate any data or results obtained from the coprocessor, thereby assuring that the results have not been tampered with as they travel from the coprocessor back out to the external environment. Moreover, the administrator must be able to ...