Cryptographic hardware modules, such as smartcards and encrypting co-processors, offer a number important architectural and security benefits in the design of secure systems. In particular, because the security functions are physically encapsulated in hardware, certain security properties that are almost impossible to achieve in software, such as that keys are never revealed, can be assumed from the hardware configuration. Unfortunately, the use of cryptographic hardware often carries with it performance and trust disadvantages. The bandwidth and computing power of inexpensive crypto devices such as smartcards can be quite limited compared with the host processors that use it, creating a serious bottleneck. Furthermore, it is generally impossible for the end user to be sure that a cryptographic module from an untrusted manufacturer is actually carrying out the security functions advertised, especially when the module is relied upon to manage keys.

This talk presents a collection of protocols for managing trust and performance in cryptographic hardware. First, we present "Remotely Keyed Encryption", which allows the use of an inexpensive, low-bandwidth but trusted smartcard to perform encryption using the resources and bandwidth of its high-bandwidth, but untrusted, host processor. Next we present the "Mafia Black Box Protocol", which enables the use of a secure module from an untrusted source in a way that allows the user to verify that the module is behaving properly. Finally, we present directions for future research in this area.