Advertisement

Keeping Secrets in Hardware: The Microsoft XboxTM Case Study

  • Andrew Huang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2523)

Abstract

This paper discusses the hardware foundations of the cryptosystem employed by the XboxTM video game console from Microsoft. A secret boot block overlay is buried within a system ASIC. This secret boot block decrypts and verifies portions of an external FLASH-type ROM. The presence of the secret boot block is camouflaged by a decoy boot block in the external ROM. The code contained within the secret boot block is transferred to the CPU in the clear over a set of high-speed busses where it can be extracted using simple custom hardware. The paper concludes with recommendations for improving the Xbox security system. One lesson of this study is that the use of a high-performance bus alone is not a sufficient security measure, given the advent of inexpensive rapid prototyping services and affordable high-performance FPGAs.

Keywords

Reset Signal FPGA Board Kernel Image Symmetric Cipher Video Game Console 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Federal Information Processing Standards Publication, FIPS PUB 185: Escrowed Encryption Standard (EES) http://www.itl.nist.gov/.pspubs/.p185.htm
  2. 2.
    Thomas W. Krygowski, Jeffry J. Sniegowski, M. Steven Rodgers, Stephen Montague, James J. Allen, Jerome F. Jakubczak, Samuel L. Miller, Infrastructure, Technology and Applications Of Micro-Electro-Mechanical Systems (MEMS), Sandia National Laboratories, Intelligent Micromachine Department, http://www.mdl.sandia.gov/Micromachine, also appears in Sensor Expo 1999.
  3. 3.
    IBM, IBM 4758 PCI Cryptographic Coprocessor, http://www.ibm.com/security/cryptocards/
  4. 4.
    Gemplus (a smartcard vendor), Gemplus Corporate Website, http://www.gemplus.com
  5. 5.
    Pil Joon Lee, Eun Jeong Lee, Yong Duk Kim, How to Implement Cost-Effective and Secure Public Key Cryptosystems Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems (CHES), August 1999.Google Scholar
  6. 6.
    Federal Information Processing Standards Publication, FIPS PUB 140-2: Security Requirements for Cryptographic Modules, http://csrc.nist.gov/publications/.ps/.ps140-2/.ps1402.pdf
  7. 7.
    distributed.net, distributed.net: Project RC5, http://www.distributed.net/rc5/
  8. 8.
    HyperTransport Consortium, HyperTransportTM I/O Link Specification, Version 1.03, http://www.hypertransport.org
  9. 9.
    nVidia Corporation, nForce MCP Product Overview, 06.01v1, http://www.nvidia.com
  10. 10.
    Microsoft Developer Network, Introduction to Code Signing, http://msdn.microsoft.com/workshop/security/authcode/intro authenticode.asp
  11. 11.
    Nicholas P. Carter, Stephen W. Keckler, and William J. Dally, Hardware support for fast capability-based addressing, Proceedings of ASPLOS VI, October 1994, pp. 319–27.Google Scholar
  12. 12.
    Jeremy Brown, J.P. Grossman, Andrew Huang, and Thomas F. Knight, Jr., A capability representation with embedded address and nearly-exact object bounds, Project Aries Technical Memo 5, http://www.ai.mit.edu/projects/aries/Documents/Memos/ARIES-05.pdf
  13. 13.
    Auguste Kerckhoffs, La cryptographie militaire, Journal des sciences militaires, vol. IX, pp. 5–38, Jan. 1883, pp. 161–191, Feb. 1883.Google Scholar
  14. 14.
    Marcus Comstedt, Dreamcast Programming-Bootable CD-Rs, http://mc.pp.se/dc/cdr.html.
  15. 15.
    R. Anderson and M. Kuhn, Tamper Resistance-a Cautionary Note, Proceedings of the Second Usenix Workshop on Electronic Commerce, pp. 1–11, November 1996.Google Scholar
  16. 16.
    R. Anderson and M. Kuhn, Low Cost Attacks on Tamper Resistant Devices, IWSP: International Workshop on Security Protocols, LNCS, 1997.Google Scholar
  17. 17.
    Van Hook, et al., High Performance Low Cost Video Game System with Coprocessor Providing High Speed Efficient 3D Graphics and Digital Audio Signal Processing, U.S. Patent 6,239,810, May 29, 2001.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Andrew Huang
    • 1
  1. 1.Massachusetts Institute of TechnologyCambridge MAUSA

Personalised recommendations