Bus encryption

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Bus encryption is the use of encrypted program instructions on a data bus in a computer that includes a secure cryptoprocessor for executing the encrypted instructions. Bus encryption is used primarily in electronic systems that require high security, such as Automated teller machines, TV set-top boxes, and secure data communication devices such as digital police radios.

Bus encryption can also mean encrypted data transmission on a data bus from one processor to another processor. For example from the CPU to a GPU, which does not require input of encrypted instructions. Such bus encryption is used by the Microsoft operating system Windows Vista and newer to protect certificates, BIOS, passwords, and program authenticity. PVP-UAB (Protected Video Path) provides bus encryption of premium video content in PCs as it passes over the PCIe bus to graphics cards [1] to enforce Digital rights management.

The need for bus encryption arises when countless technicians have access to internal circuitry of electronic systems, either because they service and repair such systems, stock spare components for the systems, own the system, steal the system, or find a lost or abandoned system, under battlefield conditions for example. It is not only necessary to prevent tampering of encrypted instructions that may be easily discovered on a data bus or during data transmission, but also to prevent discovery of decrypted instructions that may reveal security weaknesses that an intruder can exploit.

In TV set-top boxes, it is necessary to download program instructions periodically to customer's units, to provide new features and to fix bugs. These new instructions are encrypted before transmission to set-top boxes, but must also remain secure on data buses and during execution to prevent manufacture of unauthorized cable TV boxes. This can be accomplished by secure cryptoprocessors that read encrypted instructions on the data bus from external data memory, decrypt the instructions in the cryptoprocessor, and execute the instructions in the same cryptoprocessor.

See also[edit]

Notes[edit]

  1. ^ Encryption in Microsoft Windows Vista

References[edit]

  • R. Elbaz, et al., Hardware Engines for Bus Encryption — A Survey, 2005.PDF
  • Robert M. Best, US Patent 4,278,837, July 14, 1981