Firmware Deployment of Strong Encryption: An Investigation and Implementation

Software encipherment and an equivalent firmware implementation is the general scope of this work. Current cryptographic implementations rely on software running under general purpose, often multi-user, operating systems alongside a horde of untrusted and possibly malicious applications. Additionally there are other threats to security, such as that posed by "crackers'' or government agencies listening in to network traffic. This work addresses one method for minimising these risks. A framework is presented for implementation of a cryptographic coprocessor, capable of securely performing encryption, decryption and key management. To achieve maximum performance and security the algorithm is instantiated in firmware. This achieves superior performance to pure software implementations. This work also examines various issues related to the choice of algorithms out "in the wild" today, how they operate, and how they can be used for different purposes. It shows how a software algorithm can be brought into the hardware/firmware domain and deployed as effectively therein. The framework implemented retains all the functionality of the pure software solution while gaining significantly in performance. This approach is also significantly more secure, as a firmware implementation is not open to the standard security workarounds and breaches commonly applied to software solutions. As part of the project a corresponding software implementation has been verified against the firmware equivalent, and an assessment made on the relative merits of both approaches with respect to speed, security, and ease of implementation.