1. Technical field of the Invention
This invention relates generally to cryptographic devices, and more particularly to cryptographic microprocessors for preventing alteration of computer programs and data.
2. Description of the Prior Art
Prior-art methods of computer and data security have been concerned mostly with secure transmission and storage of data outside of a computer and design of computer systems which resist penetration from the outside. The problem of preventing intrusion by technicians who have legitimate access to the internal wiring of a computer, has received little attention. Technicians who routinely maintain microcomputers and replace defective circuit boards can introduce unauthorized patches to system programs to circumvent security features. Increasing use of microcomputers by banks, small businesses, and in data communication networks has made security of microprocessor programs an urgent concern.
If access to sensitive data is controlled by a program which an intruder can alter, then both the data and programs are exposed to tampering. Without adequate means for preventing such intrusion, the risk to microcomputer owners may become excessive. Sustained growth of the microcomputer industry may therefore depend on preventing program alteration.
One prior-art method to certify that a program has not been altered is to compute cryptographic check sums for a program and compare the results with a previous prepared list of check sums. But an intruder with access to internal wiring can introduce circuitry which does not disrupt computing of check sums, but does alter execution of a program which processes sensitive data. The program or circuit which computes check sums can itself be altered to always give expected results.
To prevent an intruder from learning the detailed instructions of a program and to prevent execution of part of a program in unauthorized microprocessors, an intruder should be prevented from disassembling the program.
Various prior-art encryption systems have been developed to provide data security within data processing systems, during transmission over data communications networks, and during storage on media such as magnetic tape and disc. An example of such an encryption system may be found in U.S. Pat. No. 3,958,081 which was adopted as a standard by the National Bureau of Standards in January 1977 and is now commonly called the Data Encryption Standard (DES). The DES enciphers and deciphers data in blocks of 64 bits as a function of a secret 56-bit key. DES requires 16 iterations of processing during which every bit in the enciphered output block becomes a complicated function of every key bit and every bit in the plain unenciphered block.
U.S. Pat. No. 4,074,066 describes an improvement to DES for chaining enciphered data blocks so that a block is enciphered differently in different parts of the chain even though the key and data remain the same. This prevents an intruder from substituting one block for another in a data transmission.
Preventing such block substitution is also a problem when enciphered data is stored in blocks that are accessed "randomly". An intruder must be prevented from substituting one block for another to induce a cryptographic microprocessor to execute valid deciphered instructions in an unauthorized sequence or to induce it to decipher an unauthorized block of data in lieu of an authorized block. The block chaining method described in U.S. Pat. No. 4,074,066 is designed for sequential data transmission and is therefore not suitable for non-sequential "random" access as required by an executing microprocessor.