Hardware such as integrated circuits are frequently manufactured overseas and in insecure environments. Such hardware may be exposed to persons with malevolent intent before, during or after the manufacturing process. At such times, it may be possible to alter intended programming, insert back doors or Trojans, or otherwise compromise the integrity of the hardware.
Some Advanced Encryption Standard (“AES”) algorithms, for example Galois Counter Mode (“GCM”) AES algorithms, produce authentication tags in addition to being able to encrypt and decrypt data. These algorithms accept as inputs: (1) a key, (2) data to be encrypted or decrypted, (3) “additional data,” which is not encrypted or decrypted, and (4) an initialization vector, also referred to as a “nonce.” All inputs are accounted for in the authentication tags produced by the algorithms. Depending on whether the tags are produced by an encryption or a decryption operation, the resulting tags will be referred to herein as “encryption authentication tags” or “decryption authentication tags,” respectively. Note also that regardless as to whether the tags were produced by an encryption or a decryption operation, if the encrypted or decrypted data represents the same plaintext data, if the same key and additional data are input, and if the initialization vectors correspond, then the encryption authentication tags will be identical to the decryption authentication tags. Otherwise, the tags will not match. Thus, the authentication tags are essentially a signature on the encrypted or decrypted data (as appropriate) that also takes into account the key used for the encryption operation, the additional data and the nonce.
Summary of Certain Embodiments of the Invention
According to an embodiment of the present invention, a method of provisioning a module with cryptographic parameters, where the module includes a first nonvolatile memory, a second nonvolatile memory and a processor, is disclosed. The method includes storing a first cryptographic key in at least one of the first nonvolatile memory and the second nonvolatile memory. The method also includes storing a first program encrypted using the first cryptographic key in at least one of the first nonvolatile memory and the second nonvolatile memory, where the first program is configured to: generate, within the module and using the processor, a second cryptographic key and a third cryptographic key, encrypt, within the module, the second cryptographic key using the third cryptographic key, whereby encrypting the second cryptographic key with the third cryptographic key generates an encrypted second cryptographic key and a first authenticator, store, within the first nonvolatile memory, the encrypted second cryptographic key and the first authenticator, and store, within the second nonvolatile memory, the third cryptographic key.
Various optional features of the embodiment described in the above paragraph include the following. The method may include that the first nonvolatile memory and the second nonvolatile memory are logically partitioned portions of a single physical persistent memory. The method may include storing in the module additional programming, encrypted using the second cryptographic key. The method may include, when the module is activated, decrypting, within the module, the encrypted second cryptographic key, whereby decrypting the encrypted second cryptographic key generates a second authenticator, comparing the first authenticator and the second authenticator, and disabling at least some operations of the module if a result of the comparing indicates a lack of authenticity. The method may include that the module lacks a power supply. A form factor for the module may be one or more of: SD, mini SD, micro SD, PCMCIA, P2, Compact Flash, Memory Stick, PRO Memory Stick, PRO Duo Memory Stick, Micro Memory Stick, Multi Media Card, SmartMedia Memory Card, MultiMedia Memory Card, Reduced Size MultiMedia Memory Card, MultiMedia Memory Card Mobile, MultiMedia Memory Card Plus, MultiMedia Memory Card Micro, xD Memory Card, SIP, DIP and USB. The method may include, prior to the step of storing a first cryptographic key, receiving the module, where the received module includes a test program and a test key, where the test program and test key are configured to test that the module has been correctly manufactured. The method may include accessing a public key associated with an entity, encrypting a symmetric key using the public key, whereby an encrypted symmetric key is generated, transmitting the encrypted symmetric key to the entity, receiving, from the entity, at least one key encrypted with the symmetric key, and decrypting, within the module, the at least one key. The method may include encrypting the at least one key using the second cryptographic key, whereby an encrypted symmetric key is generated, and storing the encrypted symmetric key in the second nonvolatile memory.
According to an embodiment of the present invention, a system for provisioning a module with cryptographic parameters, where the module includes a first nonvolatile memory, a second nonvolatile memory and a processor, is presented. The system includes means for storing a first cryptographic key in at least one of the first nonvolatile memory and the second nonvolatile memory. The system also includes means for storing a first program encrypted using the first cryptographic key in at least one of the first nonvolatile memory and the second nonvolatile memory, where the first program is configured to: generate, within the module and using the processor, a second cryptographic key and a third cryptographic key, encrypt, within the module, the second cryptographic key using the third cryptographic key, whereby encrypting the second cryptographic key with the third cryptographic key generates an encrypted second cryptographic key and a first authenticator, store, within the first nonvolatile memory, the encrypted second cryptographic key and the first authenticator, and store, within the second nonvolatile memory, the third cryptographic key.
Various optional features of the embodiment described in the above paragraph include the following. The system may include that the first nonvolatile memory and the second nonvolatile memory are logically partitioned portions of a single physical persistent memory. The system may include storing in the module additional programming, encrypted using the second cryptographic key. The system may include that the first programming is further configured to, when the module is activated, decrypt, within the module, the encrypted second cryptographic key, whereby decrypting the encrypted second cryptographic key generates a second authenticator, compare the first authenticator and the second authenticator, and disable at least some operations of the module if a result of the comparing indicates a lack of authenticity. The system may include that the module lacks a power supply. A form factor for the module may be one or more of: SD, mini SD, micro SD, PCMCIA, P2, Compact Flash, Memory Stick, PRO Memory Stick, PRO Duo Memory Stick, Micro Memory Stick, Multi Media Card, SmartMedia Memory Card, MultiMedia Memory Card, Reduced Size MultiMedia Memory Card, MultiMedia Memory Card Mobile, MultiMedia Memory Card Plus, MultiMedia Memory Card Micro, xD Memory Card, SIP, DIP and USB.