E-commerce, e-government and e-business are all growing in tandem with an increase in cyber crime. Many high tech security technologies have been implemented to address the increasing threat of cyber crime, but there is a tradeoff emerging in the use of security technologies for protecting data and authenticating identities and transactions. IT owners of processes involving these identities and transactions desire to use specific authentication and encryption algorithms tailored to their risk profiles. Associated with these algorithms, they want to use specific, feature set implementations of Trusted Platform Modules (TPMs) to support the required assurance level of their end to end systems and operational models. TPMs are microchips designed to provide certain basic security-related functions to the software that utilizes the TPM. As a hardware-based security system, a TPM is much safer than a software-based security feature, but this increased safety comes at a high price and usually more administrative work. FIG. 1 shows a simplified block diagram of a basic TPM 100. The hardware components of the TPM 100 include: a hardware engine 120, a hash engine 140, a random number generator 160, and internal hardware-protected storage 180. Currently, TPMs require specific cryptographic algorithms, such as RSA SHA-1 and HMAC (hash function based message authentication code). RSA was developed by R. L. Rivest, A. Shamir, and L. M. Adleman. SHA-1 is a secure hash algorithm standard.
Referring to FIG. 2 there is shown a TPM software stack. At the lowest level is the TPM hardware device 210, which is a chip usually located on a motherboard. The TPM is accessed via a TPM device driver library 220. Applications use the TPM through standard interfaces, or by directly implementing communication with the TSS 230. The TSS 230 is the TCPA (Trusted Computing Platform Alliance) Software Stack which provides the supporting functionality to the TPM. The next higher level is the cryptographic service provider 240, such as Microsoft's® CAPI. At the highest level are the applications 250 that use the TPM 210.
The typical approach of implementing various algorithms and TPMs as delivered in unique or integrated hardware devices will keep security costs rising. What is needed is a flexible, yet secure, approach that uses a secure programmable microcontroller to support various selectable authentication and encryption algorithms and to also use these with the emulation of different instances of TPM hardware. When execution code in a programmable microcontroller is loaded and unloaded from a cache for various operations the integrity of a particular security operation cannot be validated each time it is used. Bulk encryption (or block encryption) is on answer to this problem, but it is considered too slow.
Therefore, there is a need for a security system to overcome the shortcomings of the prior art.