The views and conclusions in this document are those of the authors and do not necessarily represent the official policies or endorsements of any of the research sponsors. How do we build distributed systems that are secure? Cryptographic techniques can be used to secure the communications between physically separated systems, but this is not enough: we must be able to guarantee the privacy of the cryptographic keys and the integrity of the cryptographic functions, in addition to the integrity of the security kernel and access control databases we have on the machines. Physical security is a central assumption upon which secure distributed systems are built; without this foundation even the best cryptosystem or the most secure kernel will crumble. In this thesis, I address the distributed security problem by proposing the addition of a small, physically secure hardware module, a secure coprocessor, to standard workstations and PCs. My central axiom is that secure coprocessors are able to maintain the privacy of the data they process. This thesis attacks the distributed security problem from multiple sides. First, I analyze the security properties of existing system components, both at the hardware and

Many researchers believe electronic wallets (secure storage devices that maintain account balances) are the solution to electronic commerce challenges. This paper argues for a more powerful model --- a secure coprocessor --- that can run a small operating system, run application programs, and also keep secure storage for cryptographic keys and balance information. We have built a system called Dyad, on top of a port of the Mach 3.0 microkernel to the IBM Citadel secure coprocessor. This paper describes the abstract architecture of Dyad and a general discussion of secure coprocessor implementations of a variety of electronic commerce applications: ffl Copy protection for software ffl Electronic cash (including a critique of proposed solutions for point-of-sale electronic wallet systems) ffl Electronic contracts ffl Secure postage 1 Introduction Many researchers believe electronic wallets (secure storage devices that maintain account balances) are the solution to electronic commerc...

One often hears the claim that smart cards are the solution to a number of security problems, including those arising in point-of-sale systems. This paper argues that many proposed smart card systems still lack effective security for point-of-sale applications. We consider the point-of-sale terminal as a potentially hostile environment to the smart card. Moreover, we discuss several types of modifications that can be made to smart cards to improve their security and address this problem. We prove a set of equivalences among a number of these modifications: ffl private input = private output ffl trusted input + one-bit trusted output = trusted output + one-bit trusted input ffl secure input = secure output This research was supported in part by the Advanced Research Projects Agency under contract F119628-93-C-0193, IBM, U.S. Department of Energy under Contract No. W-7405-ENG-36 and the US Postal Service. Howard Gobioff was supported in part by a National Science Foundation Graduate Fe...