Hardware Reference
In-Depth Information
test resulted in a CPU usage of 69 percent. However, using the crypto co-processor on the
AM335x, they measured a throughput of 24376.66 kB/sec with a CPU usage of 41 per-
cent. That's almost a 200 percent gain in throughput performance and a 40 percent drop in
CPU usage!
Note
More information on the crypto accelerators on the AM335x can be found on TI Crypto
Performance page at
http://processors.wiki.ti.com/index.php/
If your embedded application's purpose is to perform a computationally intense calcula-
tion, using a cryptographic co-processor designed to offload the crypto processing can
save your CPU cycles for your main program.
Protecting keys through physical isolation
A major advantage of using hardware cryptography devices is that keys can be generated
internal to the device and are designed to be difficult to remove. In the web server world,
these devices are called
Hardware Security Modules
(
HSMs
). In April 2014, a major
vulnerability was announced that affected the OpenSSL software, colloquially called
heartbleed
. The vulnerability was not a cryptographic one
per se
, but rather the result of a
programming error called a
buffer overrun
. This vulnerability is unfortunately common
in the C programming language, in which OpenSSL is written, because of the lack of
automatic array bounds checking. It was possible for a client to exploit this error and view
internal memory of the server, potentially discovering sensitive information. The code to
fix this problem was shorter than this paragraph.
Note
The following
xkcd
comic provides a succinct and amusing explanation of the heartbleed
bug:
The scale and severity of this vulnerability cannot be overstated. The most damaging at-
tack is if the server's private key was leaked. Knowing the private key, an attacker can im-
personate the server, and clients could willingly disclose private information to the im-
postor. However, on a server with a HSM, the heartbleed vulnerability was more limited.
