Issue No. 01 - January-March (2008 vol. 5)
Trustworthy computing modules, most often in the form of secure co-processors (ScP) are already in extensive use today, albeit limited predominantly to scenarios where constraints on resources like computation complexity, bandwidth, or even cost, is not a serious limiting factor. However, trustworthy computing solutions for many evolving application scenarios where resources may be constrained, and the fact that the sheer scale of such devices may also place constraints on cost, have not received adequate consideration. We introduce a simple security policy, decrypt only when necessary (DOWN), which can substantially improve the ability of low cost ScPs to protect their secrets. The implementation of the DOWN policy is however intricately tied to the nature of computations involving secrets. More specifically, the DOWN policy relies on the ability to operate with fractional parts of secrets. Taking full advantage of the DOWN policy requires consideration of the cryptographic primitives used and even the mechanism employed for distribution of secrets. We discuss the feasibility of extending the DOWN policy to various asymmetric and symmetric cryptographic primitives. Limiting the complexity of operations performed by the ScP to very levels, say by restricting ScPs to perform only symmetric cryptographic primitives, can render them inexpensive and trustworthy. We propose some novel and simple ID-based key predistribution schemes which demand very low complexity of operations to be performed by the ScP, and can take good advantage of the DOWN policy.
Security, integrity, and protection, Security, Mobile Computing
M. Ramkumar, "Trustworthy Computing under Resource Constraints with the DOWN Policy," in IEEE Transactions on Dependable and Secure Computing, vol. 5, no. , pp. 49-61, 2007.