We propose minimalist new hardware additions to a microprocessor chip that protect cryptographic keys in portable computing devices which are used in the field but owned by a central authority. Our authority-mode architecture has trust rooted in two critical secrets: a Device Root Key and a Storage Root Hash, initialized in the device by the trusted authority. Our architecture protects trusted software, bound to the device, which can use the root secrets to protect other sensitive information for many different usage scenarios. We describe a detailed usage scenario for crisis response, where first responders are given transient access to third-party sensitive information which can be securely accessed during a crisis and reliably revoked after the crisis is over.

We leverage the Concealed Execution Mode of our earlier user-mode SP (Secret-Protecting) architecture to protect trusted code and its execution [1]. We call our new architecture authority-mode SP since it shares the same architectural lineage and the goal of minimalist hardware roots of trust. However, we completely change the key management hardware and software to enable new remote trust mechanisms that user-mode SP cannot support. In our new architecture, trust is built on top of the shared root key which binds together the secrets, policy and trusted software on the device. As a result, the authority-mode SP architecture can be used to provide significant new functionality including transient access to secrets with reliable revocation mechanisms, controlled transitive support for policy-controlled secrets belonging to different organizations, and remote attestation and secure communications with the authority.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Ruby B. Lee , Peter C. S. Kwan , John P. McGregor , Jeffrey Dwoskin , Zhenghong Wang, Architecture for Protecting Critical Secrets in Microprocessors, Proceedings of the 32nd annual international symposium on Computer Architecture, p.2-13, June 04-08, 2005
	2	IETF Network Working Group. "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)," Request for Comments: 4279. http://www.ietf.org/rfc/rfc4279.txt
	3	R. C. Merkle. "Protocols for public key cryptography," IEEE Symposium on Security and Privacy, pp.122--134, 1980.
	4	Trusted Computing Group. "Trusted Platform Module (TPM) Specifications," April 2006. https://www.trustedcomputinggroup.org/specs/TPM
	5	National Institute of Standards and Technology, "Advanced Encryption Standard," Federal Information Processing Standards Publication, FIPS Pub 197, Nov. 2001.
	6	Intel, "LaGrande Technology Architectural Overview," http://www.intel.com/technology/security/, September 2003.
	7	National Institute of Standards and Technology. "The Keyed-Hash Message Authentication Code (HMAC)," Federal Information Processing Standards Publication, FIPS Pub 198. http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf
	8	"ITU-T Recommendation X.509, The Directory: Authentication Framework", Int'l Telecomm. Union, Geneva, 2000; ISO/IEC 9594-8.
	9	David Lie Chandramohan Thekkath , Mark Mitchell , Patrick Lincoln , Dan Boneh , John Mitchell , Mark Horowitz, Architectural support for copy and tamper resistant software, Proceedings of the ninth international conference on Architectural support for programming languages and operating systems, p.168-177, November 2000, Cambridge, Massachusetts, United States
	10	G. Edward Suh , Dwaine Clarke , Blaise Gassend , Marten van Dijk , Srinivas Devadas, AEGIS: architecture for tamper-evident and tamper-resistant processing, Proceedings of the 17th annual international conference on Supercomputing, June 23-26, 2003, San Francisco, CA, USA  [doi>10.1145/782814.782838]
	11	R. M. Best, "Preventing Software Piracy with Crypto-Microprocessors," Proc. of IEEE Spring COMPCON Š80, pp. 466--469, 1980.
	12	T. Gilmont, J. D. Legat, and J. J. Quisquater "An Architecture of Security Management Unit for Safe Hosting of Multiple Agents," Proc. of the Int'l Workshop on Intelligent Communications and Multimedia Terminals, pp. 79--82, Nov 1998.
	13	Darko Kirovski , Milenko Drinić , Miodrag Potkonjak, Enabling trusted software integrity, Proceedings of the 10th international conference on Architectural support for programming languages and operating systems, October 05-09, 2002, San Jose, California
	14	"SecureCore for Trustworthy Commodity Computing and Communications," collaborative project by Princeton University, Naval Postgraduate School and University of Southern California. Project home-page at http://palms.ee.princeton.edu/securecore/