Paul Kocher’s presentation at the 2004 Workshop on Cryptographic Hardware and Embedded Systems.
Download “From Proof to Practice: Real-World Cryptography – CHES 2004”
Paul Kocher’s presentation at the 2004 Workshop on Cryptographic Hardware and Embedded Systems.
Download “From Proof to Practice: Real-World Cryptography – CHES 2004”
Paul Kocher’s presentation at the Wireless & Embedded track of the 2004 RSA Conference.
Randomness is required for a variety of computational, statistical, and security-related applications. In particular, random numbers and the processes used to generate them are a critical component of secure protocols and cryptographic key generation. Security processes that lack adequate sources of randomness will have poor security. Cryptography Research has evaluated the C3 Nehemiah random number generator, which is an on-chip component of the VIA Technologies Nehemiah processor core. When properly used, the generator was found to be a consistent, high-rate source of entropy which we believe is suitable for use in cryptographic and high-assurance applications.
This report analyzes the Nehemiah RNG design, provides an entropy analysis of the source, and provides developer recommendations for proper use of the Nehemiah RNG. Cryptography Research provided no Nehemiah design assistance to VIA Technologies or Centaur Technology.
Paul Kocher’s presentation at the General Session of the 2003 RSA Conference.
Download “Securing Unusually High Threat Systems – RSA 2003”
Despite the high public profile of piracy as a threat to intellectual property owners, surprisingly little useful research has been done to understand the range of technical solutions that are feasible. This paper presents results from a study sponsored by Cryptography Research, Inc. to determine how cryptographic systems can provide the most effective long-term deterrent to the piracy of digital video and other content distributed on optical media.
Although numerous products and technologies have been advertised as solutions to the problem of piracy, most commercial security systems fail catastrophically once an implementation is compromised. These designs can work in limited deployments, but any technology deployed as part of a major standard will inevitably attract extremely determined attacks – and some implementations will get broken. The long lifespan of media formats, diversity of player implementations, complexity of security/usage models, and constantly-changing risk scenarios provide attackers with numerous avenues of attack and the time and resources to explore them. As a result, effective content protection systems must be able to survive compromises and adapt to new threats.
Paul Kocher’s presentation at the Hackers and Threats track of the 2002 RSA Conference.