Bus encryption
Encyclopedia
Bus encryption is the use of encrypted
program instructions on a data bus in a computer that includes a secure cryptoprocessor
for executing the encrypted instructions. Bus encryption is used primarily in electronic systems that require high security, such as Automated teller machine
s, TV set-top box
es, and secure data communication devices such as digital police radios.
Bus encryption can also mean encrypted data transmission on a data bus from one processor to another processor. For example from the CPU to a GPU, which does not require input of encrypted instructions. Such bus encryption is used by the Microsoft operating system Vista
to protect certificates, BIOS, passwords, and program authenticity. PVP-UAB (Protected Video Path) provides bus encryption of premium video content in PCs as it passes over the PCIe bus to graphics cards to enforce Digital rights management
.
The need for bus encryption arises when countless technicians have access to internal circuitry of electronic systems, either because they service and repair such systems, stock spare components for the systems, own the system, steal the system, or find a lost or abandoned system, under battlefield conditions for example. It is not only necessary to prevent tampering of encrypted instructions that may be easily discovered on a data bus or during data transmission, but also to prevent discovery of decrypted instructions that may reveal security weaknesses that an intruder can exploit.
In TV set-top boxes, it is necessary to download program instructions periodically to customer's units, to provide new features and to fix bugs. These new instructions are encrypted before transmission to set-top boxes, but must also remain secure on data buses and during execution to prevent manufacture of unauthorized cable TV boxes. This can be accomplished by secure cryptoprocessors that read encrypted instructions on the data bus from external data memory, decrypt the instructions in the cryptoprocessor, and execute the instructions in the same cryptoprocessor.
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
program instructions on a data bus in a computer that includes a secure cryptoprocessor
Secure cryptoprocessor
A secure cryptoprocessor is a dedicated computer on a chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance....
for executing the encrypted instructions. Bus encryption is used primarily in electronic systems that require high security, such as Automated teller machine
Automated teller machine
An automated teller machine or automatic teller machine, also known as a Cashpoint , cash machine or sometimes a hole in the wall in British English, is a computerised telecommunications device that provides the clients of a financial institution with access to financial transactions in a public...
s, TV set-top box
Set-top box
A set-top box or set-top unit is an information appliance device that generally contains a tuner and connects to a television set and an external source of signal, turning the signal into content which is then displayed on the television screen or other display device.-History:Before the...
es, and secure data communication devices such as digital police radios.
Bus encryption can also mean encrypted data transmission on a data bus from one processor to another processor. For example from the CPU to a GPU, which does not require input of encrypted instructions. Such bus encryption is used by the Microsoft operating system Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
to protect certificates, BIOS, passwords, and program authenticity. PVP-UAB (Protected Video Path) provides bus encryption of premium video content in PCs as it passes over the PCIe bus to graphics cards to enforce Digital rights management
Digital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...
.
The need for bus encryption arises when countless technicians have access to internal circuitry of electronic systems, either because they service and repair such systems, stock spare components for the systems, own the system, steal the system, or find a lost or abandoned system, under battlefield conditions for example. It is not only necessary to prevent tampering of encrypted instructions that may be easily discovered on a data bus or during data transmission, but also to prevent discovery of decrypted instructions that may reveal security weaknesses that an intruder can exploit.
In TV set-top boxes, it is necessary to download program instructions periodically to customer's units, to provide new features and to fix bugs. These new instructions are encrypted before transmission to set-top boxes, but must also remain secure on data buses and during execution to prevent manufacture of unauthorized cable TV boxes. This can be accomplished by secure cryptoprocessors that read encrypted instructions on the data bus from external data memory, decrypt the instructions in the cryptoprocessor, and execute the instructions in the same cryptoprocessor.