Processor-based computing platforms are employed in a wide variety of applications, from personal computers (PCs), smartphones, and other information-oriented devices, to industrial controls, vehicles, appliances, consumer electronic articles, and wearable devices, just to name a few. In virtually every application, reliable operation and information security are paramount.
Processor manufacturers have a business need to provision cryptographic keys in their processors during manufacturing, so that they are able to securely authenticate their processors after the processors have left manufacturing. Authentication of processors is used, for example, to provide attestation for Trusted Execution Environments (TEEs) or to provision the attestation keys. Present-day manufacturing methods generally involve generating unique key pairs in a back-end secure server, and transmitting keys over a secure encrypted communications channel to a secure service that performs the authentication when called upon.
One concern with this approach is the possibility that quantum computers may become a reality. Although quantum computers do not exist today, and it is generally thought that they will not be built for at least 15 years, the problem still poses a risk to products built in the next few years, since an attacker could capture the key exchange messages and the encrypted communications channel when they are sent, and then years later, with new computational capabilities offered by quantum computers, break the key exchange and thus obtain all of the keying material for processors made years earlier. If some of those processors were still being used and authenticated, the attacker could successfully masquerade as one of these processors.
Although the key exchange attack vector might be avoided by configuring unique keys into the processors and generating public and private key pairs during their manufacture, such an operation involves individually powering each processor and executing a key-generation algorithm. This operation tends to impact manufacturing throughput, particularly in high-volume production lines, where even milliseconds are accounted for. A practical solution is therefore needed to address these, and related, challenges.