🔐

Hardware Cryptography & Security

Jun 24, 2025

Overview

This lecture covers hardware-based cryptographic security using Trusted Platform Modules (TPMs), secure elements, trusted execution environments, and the importance of randomness in encryption.

Trusted Platform Module (TPM)

  • TPM is a dedicated hardware crypto processor built into computers for secure key generation, random number generation, and data protection.
  • TPMs have a unique secret RSA key embedded at manufacture, enabling hardware authentication and detection of unauthorized hardware changes.
  • Remote attestation allows a system to prove its configuration integrity to a remote party using the TPM's secure hash.
  • Data binding and sealing use the TPM's hardware-backed key to encrypt data, making decryption possible only on that particular system and under specific system states.
  • TPMs can be discrete chips (most secure), integrated into other chips, implemented in firmware, or virtualized in a hypervisor.

Secure Elements & Trusted Execution Environments

  • Secure elements are tamper-resistant chips in mobile devices that securely store cryptographic keys and run secure applications.
  • Trusted Execution Environment (TEE) is an isolated execution space on a device, providing security even from the main operating system and other apps.

TPM Limitations & Attacks

  • Trust in TPM depends on the manufacturer, as they have access to secret keys during production.
  • Physical attacks on TPMs are possible but require highly specialized equipment and technical knowledge.

Applications of TPM and Encryption

  • TPMs ensure platform integrity and are used in full disk encryption (FDE/FTE) to protect data from theft or tampering.
  • FDE encrypts the entire disk and requires a small unencrypted boot partition to start the OS.
  • Products like BitLocker (Microsoft), FileVault2 (Apple), and DMCrypt (Linux) are commonly used for FDE and can utilize TPMs for added security.

Importance of Randomness in Cryptography

  • Cryptographic systems require truly random numbers for security; patterns in pseudo-random numbers can be exploited by attackers.
  • Operating systems maintain an entropy pool to seed random number generators for cryptographic use.
  • Hardware and software random number generators help ensure the randomness needed for secure key generation.

Key Terms & Definitions

  • TPM (Trusted Platform Module) — Hardware chip for secure cryptographic operations and storage.
  • Remote Attestation — Process where a system proves its configuration integrity to a remote verifier.
  • Data Binding/Sealing — Encrypting data so it can be accessed only by a specific TPM in a specific system state.
  • Full Disk Encryption (FDE/FTE) — Encrypts all data on a disk, requiring authentication at boot.
  • Entropy Pool — A source of randomness in an OS to seed cryptographic operations.
  • Secure Element — Tamper-resistant chip in mobile devices for security.
  • Trusted Execution Environment (TEE) — Isolated execution space for running secure code.

Action Items / Next Steps

  • Review lecture notes on hardware security modules and disk encryption software.
  • Understand the role of randomness and entropy in cryptographic systems.

View note sourcehttps://d3c33hcgiwev3.cloudfront.net/F_uarlF3S1OpXQcuh0n2KA.processed/full/720p/index.mp4?Expires=1750896000&Signature=b4tz9Ym9awPAUddGORqWiFXNRhvhVerCNdO1Vx16IlPsNtpZVG1qcPMT9Nylyr548pk-xpYeA05bQA9LKAzXVMwoFTJg1r9qnUmBI7iLtFtzjVrKsXj4nnH3UBtP6m-RRXE3z8gnqEWBcHuYH9SzgqjShDHjItb9biW42bj3oVs_&Key-Pair-Id=APKAJLTNE6QMUY6HBC5A