[148989] in cryptography@c2.net mail archive
Re: [Cryptography] Dumb idea: open-source hardware USB key for
daemon@ATHENA.MIT.EDU (Natanael)
Fri Jan 10 19:21:07 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAOLP8p71YW7wv-Xqw4xKMu58dv7Bv=xryn-m_AEWSVbmasUrLg@mail.gmail.com>
Date: Sat, 11 Jan 2014 00:57:21 +0100
From: Natanael <natanael.l@gmail.com>
To: Bill Cox <waywardgeek@gmail.com>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============6760916148896209478==
Content-Type: multipart/alternative; boundary=f46d043c7e769ea2ed04efa67ca8
--f46d043c7e769ea2ed04efa67ca8
Content-Type: text/plain; charset=UTF-8
Den 11 jan 2014 00:23 skrev "Bill Cox" <waywardgeek@gmail.com>:
>
> I've been noodling the idea of a USB stick designed in a way that we
> can trust the crypto that goes on there. It's a hard problem, but
> there seems to be some guidelines that could help:
>
> - Open source hardware - schematics and everything including board
> layout need to be free
> - No ICs that could be compromised. Any CPU would have to be a
> soft-core in an FPGA, with an open-source design
> - FPGA configuration memory both readable and writable over a JTAG port
> - External flash program memory also read/writeable through JTAG
> - Reasonable hardware RNG where every node in the circuit can be probed
> - Signal isolation from the PC: solid state relays would swap a simple
> memory back and forth between the PC side and USB stick side. Maybe
> power draw should be randomized to obscure any processing going on.
> RF shielding should cover the USB stick. No other communication
> should be possible. This is similar to an air gap.
> - A community supported audit trail verifying produced USB keys are secure
>
> The idea still has issues. Where would I be able to store secret keys
> securely such that an attacker who stole my USB stick could not
> recover it? Anyway, it's just a fun idea. I'd love to have such a
> device in my pocket. There's a lot of applications I can think of
> that could benefit from it, from electronic voting to
> microtransactions. As one security expert once said in an
> electronic-voting discussion I followed, no machine ever connected to
> the Internet has proven secure. Could we make such a beast? I
> probably don't really have time to work on it, but if a group were
> building it, I'd participate.
You just put your trust in that the FPGA isn't backdoored. There's been
backdoored FPGAs before, plenty of times. Secure storage of keys require
custom hardware as well, an FPGA is just a computational device in itself.
You need a smartcard or TPM style chip.
Maybe you want an open source HSM?
--f46d043c7e769ea2ed04efa67ca8
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<p dir=3D"ltr">Den 11 jan 2014 00:23 skrev "Bill Cox" <<a href=
=3D"mailto:waywardgeek@gmail.com">waywardgeek@gmail.com</a>>:<br>
><br>
> I've been noodling the idea of a USB stick designed in a way that =
we<br>
> can trust the crypto that goes on there. =C2=A0It's a hard problem=
, but<br>
> there seems to be some guidelines that could help:<br>
><br>
> - Open source hardware - schematics and everything including board<br>
> layout need to be free<br>
> - No ICs that could be compromised. =C2=A0Any CPU would have to be a<b=
r>
> soft-core in an FPGA, with an open-source design<br>
> - FPGA configuration memory both readable and writable over a JTAG por=
t<br>
> - External flash program memory also read/writeable through JTAG<br>
> - Reasonable hardware RNG where every node in the circuit can be probe=
d<br>
> - Signal isolation from the PC: solid state relays would swap a simple=
<br>
> memory back and forth between the PC side and USB stick side. =C2=A0Ma=
ybe<br>
> power draw should be randomized to obscure any processing going on.<br=
>
> RF shielding should cover the USB stick. =C2=A0No other communication<=
br>
> should be possible. =C2=A0This is similar to an air gap.<br>
> - A community supported audit trail verifying produced USB keys are se=
cure<br>
><br>
> The idea still has issues. =C2=A0Where would I be able to store secret=
keys<br>
> securely such that an attacker who stole my USB stick could not<br>
> recover it? =C2=A0Anyway, it's just a fun idea. =C2=A0I'd love=
to have such a<br>
> device in my pocket. =C2=A0There's a lot of applications I can thi=
nk of<br>
> that could benefit from it, from electronic voting to<br>
> microtransactions. =C2=A0As one security expert once said in an<br>
> electronic-voting discussion I followed, no machine ever connected to<=
br>
> the Internet has proven secure. =C2=A0Could we make such a beast? =C2=
=A0I<br>
> probably don't really have time to work on it, but if a group were=
<br>
> building it, I'd participate.</p>
<p dir=3D"ltr">You just put your trust in that the FPGA isn't backdoore=
d. There's been backdoored FPGAs before, plenty of times. Secure storag=
e of keys require custom hardware as well, an FPGA is just a computational =
device in itself. You need a smartcard or TPM style chip. </p>
<p dir=3D"ltr">Maybe you want an open source HSM? </p>
--f46d043c7e769ea2ed04efa67ca8--
--===============6760916148896209478==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============6760916148896209478==--
