We propose "secret-protected (SP)" architecture to enable secure and convenient protection of critical secrets for a given user in an on-line environment. Keys are examples of critical secrets, and key protection and management is a fundamental problem -- often assumed but not solved -- underlying the use of cryptographic protection of sensitive files, messages, data and programs. SP-processors

Abstract. Software that covertly monitors user actions, also known as spyware, has become a first-level security threat due to its ubiquity and the difficulty of detecting and removing it. Such software may be inadvertently installed by a user that is casually browsing the web, or may be purposely installed by an attacker or even the owner of a system. This is particularly problematic in the case of utility computing, early manifestations of which are Internet cafes and thin-client computing. Traditional trusted computing approaches offer a partial solution to this by significantly increasing the size of the trusted computing base (TCB) to include the operating system and other software. We examine the problem of protecting a user accessing specific services in such an environment. We focus on secure video broadcasts and remote desktop access when using any convenient, and often untrusted, terminal as two example applications. We posit that, at least for such applications, the TCB can be confined to a suitably modified graphics processing unit (GPU). Specifically, to prevent spyware on untrusted clients from accessing the user’s data, we restrict the boundary of trust to the client’s GPU by moving image decryption into GPUs. We use the GPU in order to leverage existing capabilities as opposed to designing a new component from scratch. We discuss the applicability of GPU-based decryption in these two sample scenarios and identify the limitations of the current generation of GPUs. We propose straightforward modifications to future GPUs that will allow the realization of the full approach. 1

Abstract — With rapidly decreasing cost of storage, even for mobile computing applications involving PDAs / mobile phones storage (using flash memory) is an inexpensive resource. Weintroduce a novel probabilistic key predistribution scheme (PKPS) I-HARPS which can make good use of this inexpensive resource to improve security. I-HARPS is a combination of random subset allocation schemes first proposed by Dyer et al [1] in 1995, and the escrowed master key based key distribution scheme proposed by Leighton and Micali in 1993 [2]. While PKPSs have received substantial attention recently in the context of highly resource constrained sensor networks, we argue that the fact that I-HARPS can resist coalitions of even millions of nodes with very low computational complexity, and very reasonable storage requirements, can significantly expand the scope of applications of PKPSs. I.

Abstract — For many evolving application scenarios like ubiquitous and autonomic computing systems, trustworthy computing solutions are essential. However the fact that the autonomic elements that may take part in such networks may be 1) severely resource constrained, and that 2) the sheer scale of such devices may also place constraints on their cost, calls for inexpensive, low complexity (but nevertheless trustworthy) computing modules, or secure co-processors (ScP). We propose two synergistic strategies for the realization of very low complexity, inexpensive ScPs. The first is a simple security policy, decrypt only when necessary (DOWN). The second is the utilization of untrusted external resources to improve the security of very low complexity ScPs. We point out some very desirable properties of probabilistic key pre-distribution schemes (PKPS) that can take good advantage of the DOWN policy and simultaneously make use of external resources, to render the problem of their susceptibility to collusions irrelevant. I.

Cryptographic processing is a principal enabler of many secure computing systems. Using cryptographic techniques such as encryption and secure hashing, we can satisfy several essential security requirements for networks, computers, and data against a diverse set of threats. This thesis