Secure Shared Processing on a Cluster of Trust-Anchors

Attacks on computer systems and networks have never been more prolific, hence the great effort from government, industry and academia, to identify and adopt information/cyber security best-practices. Most of this effort has been directed to the logical design and operational security of systems, however the security of implementation is also vitally important, especially for critical and machine-to-machine infrastructures. One approach to underpinning implementation security, is to distribute, certified-secure chips, as hardware security modules (HSM), to provide strongly attack-resistant and trusted endpoints for protocols. A risk with physically deploying fixed function HSMs is that they may need to have a long life-time, yet be unable to support new algorithms and protocols in response to evolving threats and defenses; so a manageable secure platform is attractive. Existing single-chip platforms have specialist hardware security, including crypto coprocessors to help performance, however their general processing is slow, due to the secure platform software defenses, within what are small, low-cost and low-power chips. In this research we explore the idea of multiple HSMs sharing resources on security processing tasks, without compromising that security via inter-HSM communications. The proposal and related performance experiments center around clusters of up to eight HSMs, using a communications protocol, based on Offset Codebook authenticated encryption; sharing resources for processor intensive tasks. A localised cluster of MULTOS Trust-Anchor chips was used for experimentation, although the principles of the proposal extend to clusters that are widely dispersed.