Hardware Module Design for Ensuring Trust

Trust in security demanding software platforms is a very important characteristic. For this reason, Trusted computing group has specified a TPM hardware module that can enforce and guaranty a high trust level to all the platform´s involved entities. However, the TPM´s features can not be fully exploited in systems under extreme physical conditions. To solve this problem, the use of a special purpose hardware module, physically connected to a host security system´s device acting as a local trusted third party, has been proposed. In this paper, we propose a hardware structure of such a hardware module, called Autonomous Attestation Token (AAT) and discuss hardware resource constrains and security bottlenecks that can stem from improper design of its various components. From this analysis it can be concluded that the efficiency of the AAT system is closely related to the efficiency of its public key encryption-decryption unit (RSA encryption-decryption module). Thus, we propose a design methodology toward a low hardware resources (small chip covered area) and side channel attack resistant RSA hardware architecture. This architecture is based on a Fault and Simple power attack resistant version of CRT RSA algorithm that is optimized for the AAT core functionality and hardware structure. To achieve that, Montgomery modular multiplication is used with numbers in carry save format and a Fault and simple power attack resistant modular exponentiation algorithm (FSME) is developed based on this multiplication approach. The hardware structure, realizing the FSME algorithm, is the most complex and resource demanding part of the CRT RSA architecture and its behavior is discussed after implementing it in FPGA technology. The proposed architecture´s implementation provides very optimistic results of very low chip covered area and high computation speed thus verifying the efficiency of the proposed algorithms and architecture design approach.