Table Of ContentHardware-Based Computer
Security Techniques
to Defeat Hackers
Hardware-Based Computer
Security Techniques
to Defeat Hackers
From Biometrics to Quantum Cryptography
Roger Dube
WEEY
A JOHN WILEY & SONS, INC., PUBLICATION
Copyright 0 2008 by John Wiley & Sons, Inc. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey
Published simultaneously in Canada.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or
by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as
permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior
written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to
the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax
(978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should
be addressed to the Permissions Department, John Wiley & Sons, Inc., 11 1 River Street, Hoboken, NJ
07030, (201) 748-601 I, fax (201) 748-6008. or online at http://www.wiley.com/go/permission.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in
preparing this book, they make no representations or warranties with respect to the accuracy or
completeness of the contents of this book and specifically disclaim any implied warranties of
merchantability or fitness for a particular purpose. No warranty may be created or extended by sales
representatives or written sales materials. The advice and strategies contained herein may not be suitable
for your situation. You should consult with a professional where appropriate. Neither the publisher nor
author shall be liable for any loss of profit or any other commercial damages, including but not limited
to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our
Customer Care Department within the United States at (800) 762-2974, outside the United States at
(317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may
not be available in electronic format. For information about Wiley products, visit our web site at
www.wiley.com.
Library of Congress Cataloging-in-Publication Data is available.
ISBN 978-0-470-1 9339-6
Printed in the United States of America.
1 0 9 8 7 6 5 4 3 2 1
This book is dedicated to my wife, Jeri, whose undying support and love have
given me the courage to chart new directions in my life. The book is also
dedicated to my children-Dawn, Danielle, Laura, and Jordan-and their
wonderful children as well. The thrill of seeing each of them grow to find their
talents, passions and partners in art, science, animal care and writing continues
to make life fulfilling. I am very proud of them all.
Finally, the dedication would be incomplete without my deepest thanks to my
mom and dad who created and maintained a nurturing environment through
easy and hard times alike.
ACKNOWLEDGMENTS
I would like to express sincere appreciation to a number of professional colleagues
who aided in my education as a physicist and my immersive education in the com-
puter security field. The Experimental General Relativity Group at Princeton pro-
vided an environment in which a young physicist could learn fundamental
approaches to difficult weak signal detection problems. Bill Wickes, the late Dave
Wilkinson, Jim Peebles, and Ed Groth provided engaging and challenging discus-
sions on various aspects of differential and phase sensitive detection. My years at
IBM Research provided first hand management experience of technology develop-
ment and commercialization projects, giving me an appreciation of the need to inte-
grate technology and science with product schedules. Omesh Sahni was instrumental
in helping me grow as a manager, carefully guiding me through progressively more
difficult management situations. At DAT, Rick Morgenstern, Mary Ann Voreck, Peter
Patsis, John Burdick, Bill Kazis, and Mukesh Kumar have provided support, compan-
ionship and boundless energy as the team worked to develop, refine, and deliver mil-
itary grade authentication technology to various governmental organizations.
The fine folks at the United States Joint Forces Command, especially the Joint
Experimentation Lab headed by Tony Cerri, were helpful, instructive, and patient as
our technology was exposed to demanding attacks and attempts to break the hard-
ware-based authentication system that we had developed. Lt. Col. Dave Robinson and
Brad Mabe at SAIC invested countless hours helping us test, debug, and refine the
technology.
I would like to thank Paul Petralia, senior editor at Wiley, for supporting the con-
cept of the book. Finally, I would like to express my sincerest thanks to Lt. Col. Dave
Robinson, who patiently read drafts and offered valuable suggestions, corrections,
and refinements even through the height of Michigan football season.
vi
ABOUT THE AUTHOR
Roger Dube received his bachelor’s degree in physics and math from Cornell
University and his Ph.D. in experimental physics from Princeton University. He
completed a post-doctoral position at Kitt Peak National Observatory in Tucson,
where he continued his work on using weak signal detection techniques to tackle
problems in experimental general relativity. Over the next few years he held vari-
ous academic positions at Caltech/Jet Propulsion Laboratory, the University of
Michigan, and the University of Arizona. He joined IBM’s Research Division in
Yorktown Heights, NY after developing a system to store real time data in pho-
torefractive crystals using holography. Dr. Dube rose through management levels
at IBM while maintaining an adjunct professorship at nearby Yale University,
where he mentored graduate students as well as lectured on device physics and
technology commercialization.
Dr. Dube left IBM in 1996 to become president of Gate Technologies
International, Inc. (later named Digital Authentication Technologies, Inc.) based
in Boca Raton, FL. Gate provided advanced technology search services for lead-
ing technology companies in a variety of industries through the year 2000. During
those years, it became apparent to Dr. Dube that there was a strong need for a
computer security and authentication technology that employed an unalterable
physical process as a source of randomness for cryptographic keys. During 2000
and early 200 1, Dr. Dube invented the fundamental patents for a physics-based
location aware security and authentication technology. Over the course of the next
few years, the company received numerous contracts and research grants for the
technology to examine how it might be applied to problems of securing informa-
tion sharing, wireless communication, and control of critical infrastructure.
Dr. Dube currently holds a joint position as president and chief scientist of
Digital Authentication Technologies, Inc. and as a professor of imaging science at
Rochester Institute of Technology (RIT).
vii
CONTENTS
1 THE ELEMENTS OF COMPUTER SECURITY 1
Cryptography, 2
Symmetric Key Cryptography, 2
Asymmetric Key Cryptography, 3
Passwords and Keys, 5
PasswordlKey Strength, 6
PasswordlKey Storage and Theft, 8
Passwords and Authentication, 9
Something You Know, 9
Something You Have, 9
Something You Are, 10
Random-Number Generators, 1 1
Pseudo-Random-Number Generators (PRGs), 12
Hardware-Based Random-Number Generators, 12
Hybrid HardwareEoftware Random-Number Generators, 13
Key Generation, 13
Security and the Internet, 14
References, 16
ix
x HARDWARE-BASED COMPUTER SECURITY TECHNIQUES TO DEFEAT HACKERS
2 CRYPTOGRAPHY APPROACHES AND ATTACKS 17
Symmetric Key Cryptography, 17
One-Time Pad, 18
DES and Triple DES, 19
International Data-Encryption Algorithm, 24
Rivest Cipher 4,24
Blowfish, 28
Advanced Encryption Standard, 29
Quantum Cryptography, 3 1
Hash Algorithms, 36
The Birthday Paradox and Hash Algorithms, 36
References, 39
3 KEY GENERATION AND DISTRIBUTION
APPROACHES AND ATTACKS 41
Key Generation, 4 1
Software Key Generation, 43
Hardware Key Generation, 47
Noise-Based Approaches, 47
Noisy Diodes and Resistors, 47
Radio-Frequency Sources, 48
Brownian-Motion Devices, 48
Quantum Devices, 49
Nuclear Decay Devices, 49
Optical Devices, 50
Other Hardware Sources of Randomness, 5 1
Key Distribution, 5 1
Key Distribution for Software-Based PRGs, 52
CONTENTS xi
Key Distribution, 52
Key Storage, 53
Key Use, 53
Key Distribution for Hardware-Based RNGs, 54
Creation of RNGs, 54
Initialization of RNGs, 54
Distribution of RNGs, 54
Key Storage and Use, 54
Minimizing Hardware Attack Risks, 55
References, 56
4 THE QUALITIES OF WORKABLE SECURITY
SOLUTIONS 57
Secure Coprocessors, 58
Attack Vectors, 59
Techniques for Creating Strong Coprocessors, 59
Secure Bootstrap Loading, 60
Protection of the Bootstrap Process, 60
Secure Memory Management, 61
Protection of Memory Management, 62
Trusted Platform Module, 62
TPM Attack Vectors, 62
LaGrande (Trusted Execution Technology), 63
Video Protection, 64
Input Devices, 64
Memory Protection, 64
Trusted Execution Technology Attack Vectors, 65
Field-Programmable Gate Array, 65
