| Cryptographic processing is a principal enabler of many secure computing systems. Using cryptographic techniques such as encryption and secure hashing, we can satisfy several essential security requirements for networks, computers, and data against a diverse set of threats.; This thesis proposes four architectural solutions to problems associated with enabling cryptographic processing in software and hardware. Two of the solutions involve protecting cryptographic keys, which are small secrets upon which cryptographic security critically depends. The other two solutions improve performance and reduce vulnerabilities in cryptographic software implementations.; First, since the security provided by cryptographic processing depends on the secrecy and integrity of cryptographic keys, we describe a flexible system for shielding a user's keys while in storage, transmission, and use on networked computing devices. Second, we present a new broadcast encryption system that enables the identification of users who contribute to piracy by divulging cryptographic keys that can be used to decode protected information. Third, since software rather than specialized hardware often supplies cryptographic functionality, we describe a method for alleviating performance problems suffered by cryptographic software implementations. In particular, we propose new processor instructions to improve the performance of bit-level mappings employed by several common cryptographic operations. Fourth, we present a processor-based method for mitigating certain software vulnerabilities in both cryptographic and general software. The method provides built-in and dynamic protection against buffer overflow attacks, which compose one of the most common classes of software exploits. By applying these four contributions individually or in concert, we can achieve improved cryptographic security in existing and future systems. |
PDF Full Text Request