[Cryptography] The Crypto Pi

Ralf Senderek crypto at senderek.ie
Fri Jan 2 12:30:19 EST 2015


On Fri, 2 Jan 2015 raindog wrote:

> The R Pi runs a mass of closed-source, proprietary firmware that can never be audited. 
> You're loading this firmware into the kernel and trusting it does
> what it says it does. For some applications you don't care about that, but for this...
> 
> It's one of the major drawbacks of the R Pi. I would love to see something like this that runs on
> hardware that is more open (such as the BeagleBone).

I don't know how much more auditable the beagle bone will be compared to the Raspberry Pi.
To be honest, we don't have a platform that is completely auditable and probably won't 
get one in the near future. So we need to use something we have, even if it is not ideal.

> Complete personal opinion: I'd prefer something that runs on the best audited/most secure/most
> crypto-friendly, namely OpenBSD.  However, that is just my opinion

Of course the core Crypto Pi software is not limited to Linux, it probably will run
out of the box with a minimalist OpenBSD, as long as the OS provides bash, python and
the essential tools (/usr/bin/gpg, hostapd, apache, postfix). If there was a mini or
better micro version of OpenBSD running on the Raspberry, I'd love to use this as the
foundation for the Crypto Pi.

> 
> Some other thoughts:
> 
> 1. Is your choice of symmetric shared-secret technology based on Johnny's inability 
> to understand PKI?

Actually there are two reasons. First public key cryptography is not necessary for secure
message exchange, as I assume Johnny had been able to hand over a random secret to his 
correspondent at a meeting or using some other suitable way. Secondly, using a series
of symmetric keys makes recovery from a compromise much easier and reliable compared
to the necessary revocation of public keys when private keys have been compromised.

> 
> 2. Unless I'm missing something, if ${EVIL_SPIES} steal the R Pi, they have access to 
> everything Johnny has sent,

No, keys used to encrypt past messages are destroyed already as well as the messages.

> can imitate Johnny, etc. Or even if Johnny's backpack gets 
> stolen, whoever picks it up will be able to do these things.

Yes, if they can steal the Crypto Pi with the medium on which the secrets are stored, 
they can. If Johnny uses model B his secrets reside on a USB memory key that has to
be removed while the Crypto Pi is not in use. On the model A+ secrets are stored on
the SD card, which has to be removed like the memory stick.


> 3. ${EVIL_SPIES} might also grab Johnny at a cafe while his device is still powered on and
> unencrypted. They'll bring their own UPS power and splice into it so it never powers off, so this
> should have some sort of regular re-encrypt/unmount/etc, ideally loaded in the kernel or 
> something that can't just be disabled by someone killing a process.

The Crypto Pi's threat model won't protect against raiding Johnny's device while he uses it.
At gunpoint, it won't be of any use if the secrets on the Crypto Pi are encrypted, 
because a bit of rubber hose cryptography would suffice to get the secrets. What someone
can do then, is to act like Johnny, but Johnny could send his correspondents a message, telling
them that he's been "hacked", asking his correspondents to reset his key on their devices
and the stolen Crypto Pi will not be of any use then, except for the 
limited his correspondents get his notice and act accordingly.


      --Ralf


More information about the cryptography mailing list