One particular area that Bennet has been working on is the secure coprocessor model, where physically secure (tamper-detecting/-responding) hardware is added to conventional computing systems. We perform security-critical operations such as the execution of cryptographic protocols and access control decisions only within secure coprocessors, where both privacy of key material and integrity of security databases are axiomatic -- thereby bootstrapping security properties from the secure coprocessor to the entire system as a whole. This work includes some (minimal) hardware design, operating system implementation (porting Mach 3.0 microkernel to the prototype hardware), and cryptographic protocol design. Much of this work was done jointly with Doug Tygar at Carnegie Mellon (now at Berkeley) and IBM's Embedded Cryptographic Systems group. In the summer of 1997, IBM announced a secure coprocessor product, the 4758 crypto coprocessor embodying many of these ideas. (See also the linux driver for the 4758.)
In addition to the IBM secure coprocessor, Dallas Semiconductor has built a secure coprocessor that they call a Cryptographic iButton that has undergone validation for compliance to the FIPS 140-1 standard. IRE has built a secure DSP coprocessor, the ADSP-2141. It is undergoing FIPS 140-1 level 3 validation.
Current evaluation labs include Cygnacom and Domus. (See the NIST list of accredited labs.)
bsy+www@bennetyee.org, last updated
email bsy.