Keeping Secrets in Hardware: The Microsoft XboxTM Case Study
This paper discusses the hardware foundations of the cryptosystem employed by the XboxTM video game console from Microsoft. A secret boot block overlay is buried within a system ASIC. This secret boot block decrypts and verifies portions of an external FLASH-type ROM. The presence of the secret boot block is camouflaged by a decoy boot block in the external ROM. The code contained within the secret boot block is transferred to the CPU in the clear over a set of high-speed busses where it can be extracted using simple custom hardware. The paper concludes with recommendations for improving the Xbox security system. One lesson of this study is that the use of a high-performance bus alone is not a sufficient security measure, given the advent of inexpensive rapid prototyping services and affordable high-performance FPGAs.
KeywordsReset Signal FPGA Board Kernel Image Symmetric Cipher Video Game Console
- 1.Federal Information Processing Standards Publication, FIPS PUB 185: Escrowed Encryption Standard (EES) http://www.itl.nist.gov/.pspubs/.p185.htm
- 2.Thomas W. Krygowski, Jeffry J. Sniegowski, M. Steven Rodgers, Stephen Montague, James J. Allen, Jerome F. Jakubczak, Samuel L. Miller, Infrastructure, Technology and Applications Of Micro-Electro-Mechanical Systems (MEMS), Sandia National Laboratories, Intelligent Micromachine Department, http://www.mdl.sandia.gov/Micromachine, also appears in Sensor Expo 1999.
- 3.IBM, IBM 4758 PCI Cryptographic Coprocessor, http://www.ibm.com/security/cryptocards/
- 4.Gemplus (a smartcard vendor), Gemplus Corporate Website, http://www.gemplus.com
- 5.Pil Joon Lee, Eun Jeong Lee, Yong Duk Kim, How to Implement Cost-Effective and Secure Public Key Cryptosystems Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems (CHES), August 1999.Google Scholar
- 6.Federal Information Processing Standards Publication, FIPS PUB 140-2: Security Requirements for Cryptographic Modules, http://csrc.nist.gov/publications/.ps/.ps140-2/.ps1402.pdf
- 7.distributed.net, distributed.net: Project RC5, http://www.distributed.net/rc5/
- 8.HyperTransport Consortium, HyperTransportTM I/O Link Specification, Version 1.03, http://www.hypertransport.org
- 9.nVidia Corporation, nForce MCP Product Overview, 06.01v1, http://www.nvidia.com
- 10.Microsoft Developer Network, Introduction to Code Signing, http://msdn.microsoft.com/workshop/security/authcode/intro authenticode.asp
- 11.Nicholas P. Carter, Stephen W. Keckler, and William J. Dally, Hardware support for fast capability-based addressing, Proceedings of ASPLOS VI, October 1994, pp. 319–27.Google Scholar
- 12.Jeremy Brown, J.P. Grossman, Andrew Huang, and Thomas F. Knight, Jr., A capability representation with embedded address and nearly-exact object bounds, Project Aries Technical Memo 5, http://www.ai.mit.edu/projects/aries/Documents/Memos/ARIES-05.pdf
- 13.Auguste Kerckhoffs, La cryptographie militaire, Journal des sciences militaires, vol. IX, pp. 5–38, Jan. 1883, pp. 161–191, Feb. 1883.Google Scholar
- 14.Marcus Comstedt, Dreamcast Programming-Bootable CD-Rs, http://mc.pp.se/dc/cdr.html.
- 15.R. Anderson and M. Kuhn, Tamper Resistance-a Cautionary Note, Proceedings of the Second Usenix Workshop on Electronic Commerce, pp. 1–11, November 1996.Google Scholar
- 16.R. Anderson and M. Kuhn, Low Cost Attacks on Tamper Resistant Devices, IWSP: International Workshop on Security Protocols, LNCS, 1997.Google Scholar
- 17.Van Hook, et al., High Performance Low Cost Video Game System with Coprocessor Providing High Speed Efficient 3D Graphics and Digital Audio Signal Processing, U.S. Patent 6,239,810, May 29, 2001.Google Scholar