[Cryptography] Dumb idea: open-source hardware USB key for crypto
Natanael
natanael.l at gmail.com
Sat Jan 11 05:06:08 EST 2014
Den 11 jan 2014 08:44 skrev "grarpamp" <grarpamp at gmail.com>:
>
> On Fri, Jan 10, 2014 at 5:53 PM, Bill Cox <waywardgeek at gmail.com> wrote:
> > I've been noodling the idea of a USB stick designed in a way that we
> > can trust the crypto that goes on there. It's a hard problem, but
> > there seems to be some guidelines that could help:
> >
> > - Open source hardware - schematics and everything including board
> > layout need to be free
> > - No ICs that could be compromised. Any CPU would have to be a
> > soft-core in an FPGA, with an open-source design
> > - FPGA configuration memory both readable and writable over a JTAG port
> > - External flash program memory also read/writeable through JTAG
> > - Reasonable hardware RNG where every node in the circuit can be probed
> > - Signal isolation from the PC: solid state relays would swap a simple
> > memory back and forth between the PC side and USB stick side. Maybe
> > power draw should be randomized to obscure any processing going on.
> > RF shielding should cover the USB stick. No other communication
> > should be possible. This is similar to an air gap.
> > - A community supported audit trail verifying produced USB keys are
secure
> >
> > The idea still has issues. Where would I be able to store secret keys
> > securely such that an attacker who stole my USB stick could not
> > recover it? Anyway, it's just a fun idea. I'd love to have such a
> > device in my pocket. There's a lot of applications I can think of
> > that could benefit from it, from electronic voting to
> > microtransactions. As one security expert once said in an
> > electronic-voting discussion I followed, no machine ever connected to
> > the Internet has proven secure. Could we make such a beast? I
> > probably don't really have time to work on it, but if a group were
> > building it, I'd participate.
>
> Many of these open hardware ideas come down to the fab level...
> can you examine (and trust) the fab process. Sure, publish all your
> schematics, VHDL, die masks, etc. But unless some number of
> random people can routinely make unannounced access-all-areas
> verification visits to the fab to verify those masks are the ones in use,
> it's moot. Or unless they can pull unannounced random samples
> and decap and analyse them, it's moot. That's why I've previously
> suggested people get together to making hardware RNG's out of
> discrete components... you don't have those worries then.
>
> I agree with the softcore loadable fpga and probe points ideas, they're
> good things. But in general, once you exceed a certain number of
> presupplied closed source and relatively unauditable gates [1], you
> should consider yourself potentially and generally fucked... and
> start taking a serious defense in depth approach.
>
> [1] Let's call it the number required to perform dumb leaks or take
> pseudo intelligent actions against you. The current lineup from
> Intel/AMD certainly fall in this category. As would quite a few
> lesser things... ARM, phones, cards, etc... firmware things.
> Does it not scare you that the next PC you're about to buy
> for your firewall is one of these systems, potentially hiding out
> to honor magic packets? Look at AMD's new CPU's coming
> out in a few weeks... besides gate count we all know about, it
> has embedded ARM cores. And just who is going to bring
> the aforesaid open model upon this class of gear? So it's
> +1 for spooks
What do you guys think of a device like this?
http://www.alansonsample.com/research/NFC-WISP-Eink.html
You could add capacitive touch, and then you have a very simple and cheap
device that can do basic crypto.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140111/edab7e19/attachment.html>
More information about the cryptography
mailing list