Outbound authentication for programmable secure coprocessors

Abstract

A programmable secure coprocessor platform can help solve many security problems in distributed computing. However, these solutions usually require that coprocessor applications be able to participate as full-fledged parties in distributed cryptographic protocols. Thus, to fully enable these solutions, a generic platform must not only provide programmability, maintenance, and configuration in the hostile field—it must also provide outbound authentication for the entities that result. A particular application on a particular untampered device must be able to prove who it is to a party on the other side of the Internet. This paper offers our experiences in solving this problem for a high-end secure coprocessor product. This work required synthesis of a number of techniques, so that parties with different and dynamic views of trust can draw consistent and complete conclusions about remote coprocessor applications. These issues may be relevant to the industry’s growing interest in rights management for general desktop machines.