Cryptography in software or hardware: It depends on the need

Cryptographic algorithms are high-performance, secure engines that require considerable space in a design. When countermeasures are added to thwart security attacks, the space and memory requirements grow even more demanding.

For these reasons, cryptographic algorithms have traditionally been embedded as proprietary designs (i.e., intellectual property, IP) in hardware on smart cards or 8-bit chips. With recent improvements in core design and frequency performance, designers are now asking whether the customized IP blocks are still needed for these secure algorithms.

In short, can a designer use a generic core in the hardware to save space and cost, and embed the cryptographic algorithms in software? The answer is simple…well, not so simple – it depends on the need.

The Science of Secrecy

Cryptography was originally designed and known as the science of the secrecy. It was the weapon of kings, generals, spies, and ambassadors. In the last century, cryptography has grown up to become a more sophisticated toolbox which provides information trust to its users.

Cryptographic devices have a long history, longer than the history of microprocessors. (As a reminder, cryptography and its dark side, the cryptanalysis, is the origin of computer technology, thanks to the Colossus project [1].

Military forces and diplomats developed cryptographic machines to protect their communications. Depending on the required strength (i.e., a tactical communication on the battlefield has a shorter lifetime than a diplomatic message), the machines met several constraints: speed, reliability, integrity, protection of secrets, ease of use, and acceptable costs.

When security needs spilled over into the civilian world, new technologies and constraints evolved. Asymmetric cryptography [2] particularly soared for these markets while cost became a bigger concern.

Meanwhile, trust, authenticity, credibility were always paramount considerations for the financial and banking markets. Remote financial transactions would only be possible if cryptographic mechanisms could replace the traditional face-to-face agreement and handshake.

So the earliest cryptographic devices were strictly dedicated to security. With a form factor similar to a floor safe, evolving hardware security modules (HSMs) securely hosted and handled most secret keys. Made of steel and heavy, HSMs were, and still are, quite similar to military ruggedized boxes.

These security modules consisted of a secure box and processed secure keys, mainly for authentication but also for keys generation, PIN codes generation, and key protection (storage). Security standards, such the NIST FIPS 140-2 certification program, the EMV® standard for smart-card use, and Common Criteria (ISO 15408) were developed and then accelerated the deployment of these devices.

Confidentiality, Integrity, and Authentication

The acronym CIA (which stands for confidentiality, integrity, and authentication) symbolizes the main services that cryptography can offer today. In the simplest terms, it gives an accurate answer to well-identified threats.

Confidentiality is required to avoid eavesdropping and unauthorized access to sensitive data that owners only want to share with authorized people. Thus, the embassy sends notes to its foreign ministry; the spy transmits results of actions and nobody else (“for your eyes only”) shall read what is written down.

In a world of consumers, confidentiality is required for transmission of pay TV programs to be accessed only by authorized subscribers. It is needed to protect personal data transmitted over public networks that are otherwise easily accessible. Mobile phones and WiFi® connections are typical examples.

Integrity protects unauthorized and or uncontrolled modifications. Modifying devices means changing behavior (the software has been modified) and the resulting loss of confidence (the data are no longer trustworthy). This type of malicious modification is typically done with malware run on an otherwise trustworthy device while the device owner is misled. Banking data is particularly sensitive to this threat, as data integrity is lost if a financial transaction is maliciously modified.

Authentication guarantees the origin of information. How valuable is information if the source is not validated? Clearly the answer depends on the source and sensitivity of that information. A signed contract commits the signer, so verification of identity is as important as the contract content itself.

Modern mobile devices and PCs accept only authenticated, authorized application updates and/or modifications. This ensures that no one takes control of the device and runs unauthorized software.

Authentication protects a device or a component against counterfeiting. A trusted element can not only prove its origin, but it can also authenticate the origin of the device to which it is attached. Thus a battery, a printer cartridge, or consumable shows their “credentials” to the hosting device which, in turn, authenticates, “trusts,” that consumable.