New hardware-based security initiative offers as-needed access to protected data

Researchers at Princeton are puting security features directly into the hardware of personal computer, cell phone or PDA with the goal of building a computer architecture that enables the secure transmission of crucial rescue information to first responders during events such as natural disasters, fires or terrorist attacks.

Researchers say the Secret Protected (SP) computer architecture relies on two new elements that are embedded in the hardware of an electronic device: a device root key and a storage root hash.

That technology, embedded in a firefighter’s handheld computer would let trusted authority such as a municipal Fire Department grant emergency access to relevant floor plans, security codes or other essential information. Once the emergency was over, the access to this sensitive information would end. 

Specifically, according to the white paper describing the architecture, SP-processors contain a minimalist set of architectural features that can be built into a general-purpose microprocessor to provide protection of critical secrets and their computations, without expensive or inconvenient auxiliary hardware. SP-architecture also requires a trusted software module, a few modifications to the operating system, a secure I/O path to the user, and a secure installation process. Unique aspects of our architecture include: decoupling of user secrets from the devices, enabling users to securely access their keys from different networked computing devices; the use of symmetric master keys rather than more costly public-private key pairs; and the avoidance of any permanent or factory-installed device secrets.

The Princeton work is part of the SecureCore multi-university research project, funded by the NSF Cybertrust program and DARPA, which aims to integrate essential security into the hardware, software and networking at the core of commodity computing and communications devices.

Many researchers do not think it is possible to build security features into computer hardware without slowing the computer down or causing it to consume lots of power.  

“Our research shows that these hardware ‘roots of trust’ are actually quite deployable on consumer devices like desktop computers or PDAs, and also in sensor networks and larger servers,” said Electrical engineering professor Ruby Lee in a statement. “Computers were not originally designed with security as a goal,” said Lee. “I’m trying to rethink the design of computers so they can be trustworthy while at the same time retain all their original design goals, such as high performance, low cost and energy efficiency.”

In addition to trust anchors for software, Lee is also researching hardware “safety nets” to defend against software vulnerabilities that remote attackers exploit to gain entry into a computer.

The ultimate goal is to inoculate individual computers and electronic devices such as cell phones against threats like viruses, worms and bots so that they cannot infect, or be used to attack, other machines.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.

IT Salary Survey 2021: The results are in