The Value of Cryptochips
Crypto chips are useful in protecting data. They can be used to store keys securely. In this scenario, keys are stored in a secure element inside the chip. A secure element is a piece of hardware that is, in a practical sense, an impenetrable vault for bits and bytes. The keys stored here are only used internally; they never leave the crypto chip because the registers in the secure element are, generally, write-only. This helps ensure that nobody can read or use the key registers.
Also, a secure element protects against side-channel attacks by shielding the electromagnetic radiation, power usage, and duration of the operations of the chip. This type of information can provide useful data for hackers. By monitoring electromagnetic radiation patterns, it is possible to deduce that the keys are being used.
Before sending any data, the crypto chip uses the securely-stored keys to encrypt and sign data at the hardware level. When receiving data, a crypto chip can be used to efficiently verify signatures and decrypt the incoming message. This type of security is more efficient than encrypting data with software, leading to less latency. It is the ability to dedicate crypto chips to application-specific encryption that accounts for this elimination of latency. When crypto chips are dedicated to application-specific encryption, they do not take up CPU resources and don’t get interrupted by other software tasks.
Crypto chips can also be used to verify the authenticity of the software that is uploaded to the device. This mitigates the threat of an attacker overwriting the device firmware. A special signature, computed with a specific key known only by the authentic programmer and the crypto chip, is implemented in the firmware before it is uploaded to the device. The device bootloader asks the crypto chip to verify the signature; if it doesn’t match the software, it is rejected. This verification of new firmware applies to the software that is uploaded to the device physically using a cable (wire), or digitally through firmware updates over-the-air.