[148993] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
Re: [Cryptography] Dumb idea: open-source hardware USB key for

daemon@ATHENA.MIT.EDU (Natanael)
Sat Jan 11 14:25:08 2014

X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAD2Ti29XLZ1-v3jJqD3Y-ySimRGroV5yXrUNB3bF2ep6K53NOg@mail.gmail.com>
Date: Sat, 11 Jan 2014 11:06:08 +0100
From: Natanael <natanael.l@gmail.com>
To: grarpamp <grarpamp@gmail.com>
Cc: cpunks <cypherpunks@cpunks.org>,
	Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com

--===============3360556509638818993==
Content-Type: multipart/alternative; boundary=001a11c28dccd4aa6204efaefdac

--001a11c28dccd4aa6204efaefdac
Content-Type: text/plain; charset=UTF-8

Den 11 jan 2014 08:44 skrev "grarpamp" <grarpamp@gmail.com>:
>
> On Fri, Jan 10, 2014 at 5:53 PM, Bill Cox <waywardgeek@gmail.com> wrote:
> > I've been noodling the idea of a USB stick designed in a way that we
> > can trust the crypto that goes on there.  It's a hard problem, but
> > there seems to be some guidelines that could help:
> >
> > - Open source hardware - schematics and everything including board
> > layout need to be free
> > - No ICs that could be compromised.  Any CPU would have to be a
> > soft-core in an FPGA, with an open-source design
> > - FPGA configuration memory both readable and writable over a JTAG port
> > - External flash program memory also read/writeable through JTAG
> > - Reasonable hardware RNG where every node in the circuit can be probed
> > - Signal isolation from the PC: solid state relays would swap a simple
> > memory back and forth between the PC side and USB stick side.  Maybe
> > power draw should be randomized to obscure any processing going on.
> > RF shielding should cover the USB stick.  No other communication
> > should be possible.  This is similar to an air gap.
> > - A community supported audit trail verifying produced USB keys are
secure
> >
> > The idea still has issues.  Where would I be able to store secret keys
> > securely such that an attacker who stole my USB stick could not
> > recover it?  Anyway, it's just a fun idea.  I'd love to have such a
> > device in my pocket.  There's a lot of applications I can think of
> > that could benefit from it, from electronic voting to
> > microtransactions.  As one security expert once said in an
> > electronic-voting discussion I followed, no machine ever connected to
> > the Internet has proven secure.  Could we make such a beast?  I
> > probably don't really have time to work on it, but if a group were
> > building it, I'd participate.
>
> Many of these open hardware ideas come down to the fab level...
> can you examine (and trust) the fab process. Sure, publish all your
> schematics, VHDL, die masks, etc. But unless some number of
> random people can routinely make unannounced access-all-areas
> verification visits to the fab to verify those masks are the ones in use,
> it's moot. Or unless they can pull unannounced random samples
> and decap and analyse them, it's moot. That's why I've previously
> suggested people get together to making hardware RNG's out of
> discrete components... you don't have those worries then.
>
> I agree with the softcore loadable fpga and probe points ideas, they're
> good things. But in general, once you exceed a certain number of
> presupplied closed source and relatively unauditable gates [1], you
> should consider yourself potentially and generally fucked... and
> start taking a serious defense in depth approach.
>
> [1] Let's call it the number required to perform dumb leaks or take
> pseudo intelligent actions against you. The current lineup from
> Intel/AMD certainly fall in this category.  As would quite a few
> lesser things... ARM, phones, cards, etc... firmware things.
> Does it not scare you that the next PC you're about to buy
> for your firewall is one of these systems, potentially hiding out
> to honor magic packets? Look at AMD's new CPU's coming
> out in a few weeks... besides gate count we all know about, it
> has embedded ARM cores. And just who is going to bring
> the aforesaid open model upon this class of gear? So it's
> +1 for spooks

What do you guys think of a device like this?

http://www.alansonsample.com/research/NFC-WISP-Eink.html

You could add capacitive touch, and then you have a very simple and cheap
device that can do basic crypto.

--001a11c28dccd4aa6204efaefdac
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr">Den 11 jan 2014 08:44 skrev &quot;grarpamp&quot; &lt;<a href=
=3D"mailto:grarpamp@gmail.com">grarpamp@gmail.com</a>&gt;:<br>
&gt;<br>
&gt; On Fri, Jan 10, 2014 at 5:53 PM, Bill Cox &lt;<a href=3D"mailto:waywar=
dgeek@gmail.com">waywardgeek@gmail.com</a>&gt; wrote:<br>
&gt; &gt; I&#39;ve been noodling the idea of a USB stick designed in a way =
that we<br>
&gt; &gt; can trust the crypto that goes on there. =C2=A0It&#39;s a hard pr=
oblem, but<br>
&gt; &gt; there seems to be some guidelines that could help:<br>
&gt; &gt;<br>
&gt; &gt; - Open source hardware - schematics and everything including boar=
d<br>
&gt; &gt; layout need to be free<br>
&gt; &gt; - No ICs that could be compromised. =C2=A0Any CPU would have to b=
e a<br>
&gt; &gt; soft-core in an FPGA, with an open-source design<br>
&gt; &gt; - FPGA configuration memory both readable and writable over a JTA=
G port<br>
&gt; &gt; - External flash program memory also read/writeable through JTAG<=
br>
&gt; &gt; - Reasonable hardware RNG where every node in the circuit can be =
probed<br>
&gt; &gt; - Signal isolation from the PC: solid state relays would swap a s=
imple<br>
&gt; &gt; memory back and forth between the PC side and USB stick side. =C2=
=A0Maybe<br>
&gt; &gt; power draw should be randomized to obscure any processing going o=
n.<br>
&gt; &gt; RF shielding should cover the USB stick. =C2=A0No other communica=
tion<br>
&gt; &gt; should be possible. =C2=A0This is similar to an air gap.<br>
&gt; &gt; - A community supported audit trail verifying produced USB keys a=
re secure<br>
&gt; &gt;<br>
&gt; &gt; The idea still has issues. =C2=A0Where would I be able to store s=
ecret keys<br>
&gt; &gt; securely such that an attacker who stole my USB stick could not<b=
r>
&gt; &gt; recover it? =C2=A0Anyway, it&#39;s just a fun idea. =C2=A0I&#39;d=
 love to have such a<br>
&gt; &gt; device in my pocket. =C2=A0There&#39;s a lot of applications I ca=
n think of<br>
&gt; &gt; that could benefit from it, from electronic voting to<br>
&gt; &gt; microtransactions. =C2=A0As one security expert once said in an<b=
r>
&gt; &gt; electronic-voting discussion I followed, no machine ever connecte=
d to<br>
&gt; &gt; the Internet has proven secure. =C2=A0Could we make such a beast?=
 =C2=A0I<br>
&gt; &gt; probably don&#39;t really have time to work on it, but if a group=
 were<br>
&gt; &gt; building it, I&#39;d participate.<br>
&gt;<br>
&gt; Many of these open hardware ideas come down to the fab level...<br>
&gt; can you examine (and trust) the fab process. Sure, publish all your<br=
>
&gt; schematics, VHDL, die masks, etc. But unless some number of<br>
&gt; random people can routinely make unannounced access-all-areas<br>
&gt; verification visits to the fab to verify those masks are the ones in u=
se,<br>
&gt; it&#39;s moot. Or unless they can pull unannounced random samples<br>
&gt; and decap and analyse them, it&#39;s moot. That&#39;s why I&#39;ve pre=
viously<br>
&gt; suggested people get together to making hardware RNG&#39;s out of<br>
&gt; discrete components... you don&#39;t have those worries then.<br>
&gt;<br>
&gt; I agree with the softcore loadable fpga and probe points ideas, they&#=
39;re<br>
&gt; good things. But in general, once you exceed a certain number of<br>
&gt; presupplied closed source and relatively unauditable gates [1], you<br=
>
&gt; should consider yourself potentially and generally fucked... and<br>
&gt; start taking a serious defense in depth approach.<br>
&gt;<br>
&gt; [1] Let&#39;s call it the number required to perform dumb leaks or tak=
e<br>
&gt; pseudo intelligent actions against you. The current lineup from<br>
&gt; Intel/AMD certainly fall in this category. =C2=A0As would quite a few<=
br>
&gt; lesser things... ARM, phones, cards, etc... firmware things.<br>
&gt; Does it not scare you that the next PC you&#39;re about to buy<br>
&gt; for your firewall is one of these systems, potentially hiding out<br>
&gt; to honor magic packets? Look at AMD&#39;s new CPU&#39;s coming<br>
&gt; out in a few weeks... besides gate count we all know about, it<br>
&gt; has embedded ARM cores. And just who is going to bring<br>
&gt; the aforesaid open model upon this class of gear? So it&#39;s<br>
&gt; +1 for spooks</p>
<p dir=3D"ltr">What do you guys think of a device like this? </p>
<p dir=3D"ltr"><a href=3D"http://www.alansonsample.com/research/NFC-WISP-Ei=
nk.html">http://www.alansonsample.com/research/NFC-WISP-Eink.html</a></p>
<p dir=3D"ltr">You could add capacitive touch, and then you have a very sim=
ple and cheap device that can do basic crypto. <br>
</p>

--001a11c28dccd4aa6204efaefdac--

--===============3360556509638818993==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============3360556509638818993==--

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[148993] in cryptography@c2.net mail archive

Re: [Cryptography] Dumb idea: open-source hardware USB key for

daemon@ATHENA.MIT.EDU (Natanael)Sat Jan 11 14:25:08 2014

daemon@ATHENA.MIT.EDU (Natanael)
Sat Jan 11 14:25:08 2014
