{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:43:45Z","timestamp":1750308225702,"version":"3.41.0"},"reference-count":33,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2005,3,1]],"date-time":"2005-03-01T00:00:00Z","timestamp":1109635200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGARCH Comput. Archit. News"],"published-print":{"date-parts":[[2005,3]]},"abstract":"<jats:p>Cryptographic processing is a critical component of secure networked computing systems. The protection offered by cryptographic processing, however, greatly depends on the methods employed to manage, store, and exercise a user's cryptographic keys. In general, software-only key management schemes contain numerous security weaknesses. Thus, many systems protect keys with distributed protocols or supplementary hardware devices, such as smart cards and cryptographic coprocessors. However, these key protection mechanisms suffer from combinations of user inconvenience, inflexibility, performance penalties, and high cost.In this paper, we propose architectural enhancements for general-purpose processors that protect core secrets by facilitating virtual secure coprocessing (VSCoP). We describe modest hardware modifications and a trusted software library that allow common computing devices to perform flexible, high-performance, and protected cryptographic computation. The hardware additions include a small key store in the processor, encryption engines at the cache-memory interface, a few new instructions, and minor hardware platform modifications. With these enhancements, users can store, transport, and employ their secret keys to safely complete cryptographic operations in the presence of insecure software. In addition, we provide a foundation with which users can more securely access their secret keys on any Internet-connected computing device (that supports VSCoP) without requiring auxiliary hardware such as smart cards.<\/jats:p>","DOI":"10.1145\/1055626.1055630","type":"journal-article","created":{"date-parts":[[2005,11,7]],"date-time":"2005-11-07T19:28:32Z","timestamp":1131391712000},"page":"16-26","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Protecting cryptographic keys and computations via virtual secure coprocessing"],"prefix":"10.1145","volume":"33","author":[{"given":"John P.","family":"McGregor","sequence":"first","affiliation":[{"name":"Princeton University"}]},{"given":"Ruby B.","family":"Lee","sequence":"additional","affiliation":[{"name":"Princeton University"}]}],"member":"320","published-online":{"date-parts":[[2005,3]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"American National Standards Institute \"American National Standard X9.17: Financial Institution Key Management \" 1985.]]  American National Standards Institute \"American National Standard X9.17: Financial Institution Key Management \" 1985.]]"},{"key":"e_1_2_1_2_1","unstructured":"Amphion Corporation \"AES Encryption\/Decryption\" available at http:\/\/www.amphion.com\/cs5265.html 2002.]]  Amphion Corporation \"AES Encryption\/Decryption\" available at http:\/\/www.amphion.com\/cs5265.html 2002.]]"},{"key":"e_1_2_1_3_1","unstructured":"R. Anderson Security Engineering John Wiley and Sons Inc. New York NY 2001.]]  R. Anderson Security Engineering John Wiley and Sons Inc. New York NY 2001.]]"},{"key":"e_1_2_1_4_1","doi-asserted-by":"crossref","unstructured":"R. Anderson and M. Kuhn \"Low cost attacks on tamper resistant devices \" Security Protocols: 5th International Workshop Springer Verlag LNCS no. 1361 pp. 125--136 1997.]]   R. Anderson and M. Kuhn \"Low cost attacks on tamper resistant devices \" Security Protocols: 5th International Workshop Springer Verlag LNCS no. 1361 pp. 125--136 1997.]]","DOI":"10.1007\/BFb0028165"},{"key":"e_1_2_1_5_1","unstructured":"ARM Corporation \"A New Foundation for CPU Systems Security: Security Extensions to the ARM Architecture \" available at http:\/\/www.arm.com\/pdfs\/TrustZone.pdf May 2003.]]  ARM Corporation \"A New Foundation for CPU Systems Security: Security Extensions to the ARM Architecture \" available at http:\/\/www.arm.com\/pdfs\/TrustZone.pdf May 2003.]]"},{"key":"e_1_2_1_6_1","unstructured":"D. Balfanz and E. W. Felten \"Hand-Held Computers Can Be Better Smart Cards \" Proc. of the 1999 USENIX Security Symposium 1999.]]   D. Balfanz and E. W. Felten \"Hand-Held Computers Can Be Better Smart Cards \" Proc. of the 1999 USENIX Security Symposium 1999.]]"},{"key":"e_1_2_1_7_1","first-page":"466","volume-title":"Proc. of IEEE Spring COMPCON '80","author":"Best R. M.","year":"1980"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/647931.740581"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.955101"},{"key":"e_1_2_1_11_1","unstructured":"CERT Coordination Center http:\/\/www.cert.org\/ 2002.]]  CERT Coordination Center http:\/\/www.cert.org\/ 2002.]]"},{"key":"e_1_2_1_12_1","unstructured":"J. Dyer R. Perez S. Smith M. Lindemann \"Application Support Architecture for a High-Performance Programmable Secure Coprocessor \" Proceedings of the 22nd National Information Systems Security Conference October 1999.]]  J. Dyer R. Perez S. Smith M. Lindemann \"Application Support Architecture for a High-Performance Programmable Secure Coprocessor \" Proceedings of the 22nd National Information Systems Security Conference October 1999.]]"},{"key":"e_1_2_1_13_1","unstructured":"W. Ford and B. S. Kaliski Jr. \"Sever-assisted Generation of a Strong Secret from a Password \" Proceedings of the 5th IEEE International Workshop on Enterprise Security 2000.]]  W. Ford and B. S. Kaliski Jr. \"Sever-assisted Generation of a Strong Secret from a Password \" Proceedings of the 5th IEEE International Workshop on Enterprise Security 2000.]]"},{"key":"e_1_2_1_14_1","first-page":"275","volume-title":"Workshop on Distributed Algorithms, Springer-Verlag LNCS, no. 1320","author":"Garay J.","year":"1997"},{"key":"e_1_2_1_15_1","unstructured":"B. Gassend E. Suh D. Clarke M. van Dijk and S. Devadas \"Caches and Merkle Trees for Efficient Memory Authentication \" Proc. of the Ninth International Symposium on High Performance Computer Architecture (HPCA-9) Feb. 2003.]]   B. Gassend E. Suh D. Clarke M. van Dijk and S. Devadas \"Caches and Merkle Trees for Efficient Memory Authentication \" Proc. of the Ninth International Symposium on High Performance Computer Architecture (HPCA-9) Feb. 2003.]]"},{"key":"e_1_2_1_16_1","first-page":"79","volume-title":"Proc. of the International Workshop on Intelligent Communications and Multimedia Terminals","author":"Gilmont T.","year":"1998"},{"volume-title":"Proceedings of the 2000 USENIX Security Symposium","year":"2000","author":"Gutmann P.","key":"e_1_2_1_17_1"},{"key":"e_1_2_1_18_1","unstructured":"Intel Corporation \"LaGrande Technology Architectural Overview \" avail. at http:\/\/www.intel.com\/technology\/security\/ September 2003.]]  Intel Corporation \"LaGrande Technology Architectural Overview \" avail. at http:\/\/www.intel.com\/technology\/security\/ September 2003.]]"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/605397.605409"},{"key":"e_1_2_1_20_1","doi-asserted-by":"crossref","unstructured":"P. Kocher J. Jaffe and B. Jun \"Differential Power Analysis \" Advances in Cryptology - CRYPTO '99 Springer-Verlag LNCS no. 1666 pp. 388--397 1999.]]   P. Kocher J. Jaffe and B. Jun \"Differential Power Analysis \" Advances in Cryptology - CRYPTO '99 Springer-Verlag LNCS no. 1666 pp. 388--397 1999.]]","DOI":"10.1007\/3-540-48405-1_25"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/378993.379237"},{"key":"e_1_2_1_22_1","first-page":"12","author":"MacKenzie P.","year":"2001","journal-title":"\"Networked Cryptographic Devices Resilient to Capture,\" Proceedings of the 22nd IEEE Symposium on Security and Privacy"},{"volume-title":"LLC","year":"1997","author":"Menezes A. J.","key":"e_1_2_1_24_1"},{"key":"e_1_2_1_25_1","unstructured":"Microsoft \"Next-Generation Secure Computing Base \" avail. at http:\/\/www.microsoft.com\/resources\/ngscb\/ June 2004.]]  Microsoft \"Next-Generation Secure Computing Base \" avail. at http:\/\/www.microsoft.com\/resources\/ngscb\/ June 2004.]]"},{"key":"e_1_2_1_26_1","unstructured":"National Institute of Standards and Technology \"Advanced Encryption Standard \" FIPS Publication 197 Nov. 2001.]]  National Institute of Standards and Technology \"Advanced Encryption Standard \" FIPS Publication 197 Nov. 2001.]]"},{"key":"e_1_2_1_27_1","doi-asserted-by":"crossref","unstructured":"R. L. Rivest \"The MD5 Message Digest Algorithm \" RFC 1321 available at http:\/\/www.ietf.org\/rfc\/rfc1321.txt April 1992.]]   R. L. Rivest \"The MD5 Message Digest Algorithm \" RFC 1321 available at http:\/\/www.ietf.org\/rfc\/rfc1321.txt April 1992.]]","DOI":"10.17487\/rfc1321"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/359340.359342"},{"key":"e_1_2_1_29_1","unstructured":"RSA Security Inc. \"PKCS #11 v2.11: Cryptographic Token Interface Standard \" available at http:\/\/www.rsasecurity.com\/rsalabs\/pkcs\/pkcs-11\/ Nov. 2001.]]  RSA Security Inc. \"PKCS #11 v2.11: Cryptographic Token Interface Standard \" available at http:\/\/www.rsasecurity.com\/rsalabs\/pkcs\/pkcs-11\/ Nov. 2001.]]"},{"key":"e_1_2_1_30_1","unstructured":"The SANS Institute \"The Twenty Most Critical Internet Security Vulnerabilities \" http:\/\/www.sans.org\/top20\/ Oct. 2002.]]  The SANS Institute \"The Twenty Most Critical Internet Security Vulnerabilities \" http:\/\/www.sans.org\/top20\/ Oct. 2002.]]"},{"volume-title":"Addison-Wesley","year":"2002","author":"Smith R. E.","key":"e_1_2_1_31_1"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.5555\/647502.728325"},{"issue":"8","key":"e_1_2_1_33_1","first-page":"831","volume":"31","author":"Smith S. W.","year":"1999","journal-title":"\"Building a High-Performance, Programmable Secure Coprocessor,\" Computer Networks"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/782814.782838"},{"key":"e_1_2_1_35_1","unstructured":"Trusted Computing Group http:\/\/www.trustedcomputinggroup.org June 2004.]]  Trusted Computing Group http:\/\/www.trustedcomputinggroup.org June 2004.]]"}],"container-title":["ACM SIGARCH Computer Architecture News"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1055626.1055630","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1055626.1055630","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:31:27Z","timestamp":1750264287000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1055626.1055630"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,3]]},"references-count":33,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2005,3]]}},"alternative-id":["10.1145\/1055626.1055630"],"URL":"https:\/\/doi.org\/10.1145\/1055626.1055630","relation":{},"ISSN":["0163-5964"],"issn-type":[{"type":"print","value":"0163-5964"}],"subject":[],"published":{"date-parts":[[2005,3]]},"assertion":[{"value":"2005-03-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}