Thermal Simulations Applied to Embedded Cryptographic Coprocessor Devices

In these last years there have been an increasing need to secure information transmitted on the Internet. In order to meet this requirement in an absolutely secure way, the major OEMs have designed devices that complies with these requirements. Such device embeds very high-level type of technology that make their design, build and development a real big challenge. Our laboratory (of Celestica Italia s.r.l. in Vimercate) has acquired a great deal of experience in this field and we have realised different versions of this type of products: Flotherm has been used to study those structures and to solve the problem of heat generation that is the other big challenge of these packages due to their particular configuration. www.celestica.com Italia 2 The importance of cryptography Emerging computer and communications technologies are radically altering the ways in which we communicate and exchange information. Along with the speed, efficiency, and cost-saving benefits of the "digital revolution" come new challenges to the security and privacy of communications and information traversing the global communications infrastructure. In response to these challenges, the security mechanisms of traditional paper-based communications media -envelopes and locked filing cabinets -are being replaced by cryptographic security techniques. Through the use of cryptography, communication and information stored and transmitted by computers can be protected against interception to a very high degree. Until recently, there was little nongovernmental demand for encryption capabilities. Modern encryption technology -a mathematical process involving the use of formulas (or algorithms) -was traditionally deployed most widely to protect the confidentiality of military and diplomatic communications. With the advent of the computer revolution, and recent innovations in the science of encryption, a new market for cryptographic products has developed. Electronic communications are now widely used in the civilian sector and have become an integral component of the global economy. Computers store and exchange an ever-increasing amount of highly personal information, including medical and financial data. In this electronic environment, the need for privacy-enhancing technologies is apparent. Communications applications such as electronic mail and electronic fund transfers require secure means of encryption and authentication -features that can only be provided if cryptographic know-how is widely available and unencumbered by government regulation. Governmental regulation of cryptographic security techniques endangers personal privacy. Encryption ensures the confidentiality of personal records, such as medical information, personal financial data, and electronic mail. In a networked environment, such information is increasingly at risk of theft or misuse. In their "Resolution in Support of the Freedom to Use Cryptography," members of the Global Internet Liberty Campaign (GILC) noted that "the use of cryptography implicates human rights and matters of personal liberty that affect individuals around the world" and that "the privacy of communication is explicitly protected by Article 12 of the Universal Declaration of Human Rights, Article 17 of the International Covenant on Civil and Political Rights, and national law." Source: http://www.gilc.org What is a secure Coprocessor Device A secure coprocessor is a general-purpose computing environment that withstands physical attacks and logical attacks. The device must run the programs that it is supposed to, unmolested. The user must be able to (remotely) distinguish between the real device and application, and a clever impersonator. The Coprocessor must remain secure even if adversaries carry out destructive analysis of one or more devices. Many servers operate in distributed environments where it is difficult or impossible to provide complete physical security for sensitive processing. And, in some applications, the motivated adversary is the end user. You need a device that you can trust even though you cannot control its environment. Cryptography is an essential tool in secure processing. When an application must communicate with other distributed elements, or assert or ascertain the validity of data it is processing, you will find cryptography an essential tool. The IBM 4758 PCI Cryptographic Coprocessor The IBM 4758-001 PCI Cryptographic Coprocessor (nicknamed Crypto card) adds a highsecurity environment to the Windows NT, S/390, OS/2, AIX and OS/400 server systems for DES, RSA and DSA cryptographic functions and sensitive custom applications. The PCI board incorporates specialized electronics to off-load servers from time-consuming cryptographic functions. Certification under FIPS PUB 140-1 at levels 3 and 4 assures a high-integrity processing environment. FIPS PUB 140-1 is the benchmark standard for evaluating the security and proper algorithmic implementation of a commercial cryptographic product. The IBM 4758 Model 001 and the Integrated Cryptographic Feature on IBM System/390 processors are distinguished as the only products certified at level 4. These independent certifications provide assurance of the security, integrity, and correctness of the cryptographic algorithms inherent in the Coprocessor designs. FIPS 140 is unique with its emphasis on clear testing criteria for design validation and its focus, at levels 3 and 4, on hardware implementations. Under the supervision of the USA and Canadian Governments, independent laboratories conduct thorough analyses of the product design and actual tests of products. The test report is discussed with the governmental bodies and, when found acceptable, www.celestica.com Italia 3 a certificate is issued. Issued certifications are posted to the NIST website. The Coprocessor module incorporates physical penetration, power sequencing, temperature, and radiation sensors to detect physical attacks against the encapsulated subsystem. Batteries provide backup power that is active from the time of factory certification until the end of the product's useful life. Any detected tamper event results in loss of power, which immediately causes the zeroization of internal secrets and the destruction of the factory certification. Four Coprocessor models are offered. The models certified under FIPS PUB 140-1 level 4 use a mesh around the electronics to detect the most sophisticated physical penetration attempts. The other models certified at level 3 use a simpler penetration-detection design. Both designs zeroize all critical secret data when tamper is detected. Otherwise, both new and both old models are the same in all functional respects. Source: http://www-3.ibm.com/security/cryptocards/ Fig. 1: the 4758 PCI Cryptographic Coprocessor The thermal simulations The Crypto card has been conceived for guaranteeing, with different models, the level of security prescribed by the two standards FIPS level 3 and level 4. In order to satisfy this needs, the board had to be protected both from mechanical and electronic intrusion. Just for the peculiar box in the box concept of the Crypto, first experiments put in evidence the excessively high temperature reached over the case of some devices. It was necessary to find out a way to dissipate the generated heat in order to get lower that temperature. The aim was to guarantee an acceptable junction-temperature for any device. A thermal study was organised both with experiments and with numerical simulations performed using “Flotherm” by Flomerics Limited, software based on the Finite Volume Analysis. In this article, the work done on two different models of the IBM 4758 PCI Cryptographic Coprocessor and a preliminary study made for an other important customer are described. The two models of the IBM 4758 PCI Cryptographic Coprocessor are the model 023, which does not present the tamper detection mesh and the potting resin, and the 002 version, which satisfies the highest level of security. Model 023: setting of the simulation It has been explained that Model 023 does not present the potting resin and the tamper detection mesh, but just two metal covers. From the thermal point of view, the principal importance for this version of the Crypto was the definition of the combination for materials, coatings and protections for the two layers of the enclosure. It was necessary to sort the best solution among the six ones which have been proposed as described in table 3. In these paragraphs, thermal simulations made using Flotherm are reported. First of all, the following conditions have been set for the simulation: Ambient Temperature: 42 °C Ambient Pressure: 1 atm Air properties: Thermal Conductivity (at 30 °C): 0,0261 W/m⋅K Viscosity (at 30 °C): 1,84e N⋅s/m Density (at 30 °C): 1,1614 Kg/m Crypto card position: horizontal Die 1: Package: PQFP Power: 3,96 W Die dimensions: 9 x 9 x 0,82 mm Die 2: Package: PBGA Power: 1,5 W Die dimensions: 8 x 8 x 0,82 mm Other powers: 1,693 W Air flow: no airflow Then, the model has been drawn also using some packages downloaded from FLOPACK, the web site of Flomerics. Particularly, we used Flopack for the two main dies, the Crypto PCB and the PCI PCB. In tables 1 and 2 dimensions and materials of the main components of this model are displayed. www.celestica.com Italia 4 Description Length (mm) Width (mm) Height (mm) Die 1 package 25,4 25,4 5,09 Die 2 package 27 27 2,36 PCB substrate 93,4 102,2 1,6 PCI substrate 99 175 1,6 Screws 3 (diameter) 9,5 Heat spreader 66,5 32 0,5 Overall dimensions (without the PCI PCB) 97 111,42 13,06 Table 1: Dimensions of the main components used in Model 023 Description Thermal conductivity (W/mK) Die 1 and Die 2 Varies with temperature Substrate of die 1 and die 2 17,5 Cap of die 1 168 Die attach of die 1 0,95 Bumps of die 1 15,7 Encapsulant of Die 2 1 Die attach of die 2 0,3 Bumps of die 2 108,4 Copper 395 Tin 66,6 Typical epoxy resin 0,2 Table 2: Thermal conductivity of the main materials used in Model 023 Fig. 2: The Model 023 of the Cryptographic Coprocessor (a 3D view of the model in the “Visualization Window” of Flotherm) Fig. 3: The Model 023 of the Cryptographic Coprocessor (top view in the “Drawing Board Window” of Flotherm) Fig. 4: The 4758 PCI Cryptographic Coprocessor in a wireframe view (model 023) For this model, a grid array of 111 x 84 x 37 in the x, y and z directions (344988 cells) has been obtained. Table 3 displays the six different cases that were available. The alternative was related to the kind of metal, coating and protection that were proposed both for the inner and the external cover of the enclosure. These simulations were run with the previous release of Flotherm (version 2.2), but also the new 3.1 version has been tested with this project. Specifically, the new available feature “Command Centre” has revealed all its potentiality in this parametric study. Table 3 summarizes all the combinations studied, whereas table 4 gives the final results.