|
|
|
|
Utimaco CryptWare →
Hardware Security Module · 8-bit ISA-bus
SAFE-Board or SafeBoard, is a Hardware Security Module (HSM)
for Personal Computers (PC) with an 8-bit ISA-bus 1 expansion slot,
developed around 1990 by the German company Utimaco.
The encapsulated plug-in card is
used in combination with dedicated PC-based encryption software.
|
The first iteration of the SAFE-Board HSM was released in 1987 [1]. It was
developed by Prof. Dr. Horst Günter who, aside his job at the Berlin
Polytechnics University, also worked for Utimaco.
The board was used for encrypting the
contents of the harddisc of a computer, and prevented the computer from booting
from a floppy disc drive.
In addition it allows passwords and encryption keys to
be stored in its on-board non-volatile 2KB
Electrically Erasable Programmable Read-Only Memory (EEPROM), 2
that is mapped into the computer's addressable memory space.
|
|
|
The SAFE-Board shown here is not from 1987 but is probably a later iteration.
According to the text on the PCB, it was developed in 1989, and according to
the text on the metal enclosure, it was released a year later in 1990. To protect the unit from
inspection by an adversary or a competitor of the product, the entire PCB is
cast in epoxy and is housed in a metal enclosure.
|
Normally, it would be impossible to reveal the contents of the encapsulated
product without damaging the components, but fortunately we have a development
version of the board which has not been cast in epoxy. The image on the right
shows the development version aside the encapsulated unit, and reveals what
is inside.
Aparently, there are no cryptographic chips or any other components that
perform a cryptographic function on the board, apart from
the 2KB non-volatile memory (EEPROM) that is used for storing passwords
and cryptographic keys. 2
|
|
|
The remaining parts are address buffers (74LS244),
a data bus buffer (74LS245)
a comparator for reading the settings of the DIP-switches
(74LS85), and 'glue logic' consisting of a set of
NAND gates (74LS132) and a reprogrammable logic device
(18CV8) that is used as an address decoder for the on-board
EEPROM (KM28C16). The first four DIP-switches (1-4) are
used to set the desired address in the computer's memory map.
For use in a cryptographic security solution, additional software on the PC
is necessary, preferably in the form of a modified BIOS ROM.
|
-
The 8-bit ISA bus is also known as
PC bus or
XT bus.
➤ Wikipedia
-
This memory type cannot be purged (zeroized) in case of an emergency.
➤ More
|
The fact that a 2KB EEPROM is used for storing passwords and cryptographic
keys, does not seem a very wise decision. An EEPROM is non-volatile and
retains its contents even when the power supply is cut off. This means that the
keys and passwords cannot be destroyed quickly when security is compromised,
and, worse, that they can't be destroyed at all when the computer is off.
For this reason, later HSMs like the CryptWare Board, use
Static Random Access Memory (SRAM) instead. An SRAM is a low-power device
of which the contents are retained by an external battery. Destroying the
contents of the SRAM is possible by cutting the power supply from the
battery, which is also possible when the computer is off. This procedure
is known as ZEROIZING.
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Sunday 05 March 2023. Last changed: Wednesday, 08 March 2023 - 07:35 CET.
|
|
|
|
|