Applying Protocol Analysis to Security Device Interfaces

Despite best efforts, general-purpose computing platforms and servers continue to be insecure. Due totheir complexity, furthermore, it seems unlikely that a completely secure system can be built in the foreseeable future. Fortunately, a promising alternative exists: the use of trusted cryptographic devicesand subsystems. Like smart cards, such devices hold and use secret cryptographic keys on behalf of a largergeneral-purpose system. Yet these devices are more than simply cryptographic coprocessors--they areresponsible for the secrecy of their keys and will withhold them from even the system itself. If the deviceis also tamper-resistant (which is common), its keys will (hopefully) be used only in ways the device permits.