<div dir="ltr">My thoughts:<br><br><div class="gmail_extra"><ul><li>An FPGA is a bad idea. You need an external ROM to contain the configuration data. How often are you going to verify the contents of that ROM? (Answer: probably never). There is no way to read protect that ROM</li>
<li>Smart card chips would be ideal but tend towards confidential specs, and additionally would seem to be obvious targets for a back door?</li><li>A commercial off the shelf micro seems like a viable option.</li></ul><p>
Why do I say this?</p><ul><li>The flash is inside. No easy lines to probe.</li><li>Most have EFuse bits which can be set which don't let you read or write the device without doing a full erase</li><li>You can get them with large flash. 512kB flash is enough for both the code and a sizable collection of public/private key pairs</li>
<li>A *lot* less gates for someone to fiddle with than an FPGA. An ARM Cortex-M-style MCU is intrinsically no less safe than an FPGA (Note that there is no complicated microcode ROM to subvert, no System Management Mode to hide in, no motherboard embedded controller to replace the code on, etc)<br>
</li></ul><p>Proposed layers of protection:</p><ul><li>The manufacturer's provided anti-readout functionality. This is probably the weakest</li><li>Once the board has been burned, encapsulate it in epoxy to make access to the device pins difficult. This just leaves the USB pins as an attack avenue</li>
<li>Key encryption</li></ul><p>Key encryption: Use some standard cryptographic algorithm (AES, Salsa/20, whatever) to encrypt the keys with the user's PIN/key/password.</p><p>Side channel protection: Main one is power. Stick a resistance in series with the power line, and a sizable capacitance after it? These micros are pretty power efficient, that should provide quite sizable decoupling between the internal power rails and external. Of course have all your high frequency bypassing like normal.</p>
<p>Precautions to be taken by user: Don't plug into strange computers?<br></p><p>Threats:</p><ul><li>Theft by non sophisticated adversary. Mitigation: PIN/Key code</li><li>Theft by sophisticated adversary (e.g. NSA). Mitigation: Encrypt the secrets with the PIN</li>
<li>Modification by a sophisticated adversary. Primary Mitigation: Potting. Hardware Protection. This certainly is the strongest, though least likely threat model. Its' difficult to find a way to protect from this one in general; a smart card chip would help, though based upon disassembly by people like Flylogic Engineering they don't buy you much.</li>
<li>Reading of memory from a live instance by an adversary. Mitigation: Don't keep keys in RAM unless you're doing a cryptographic operation. Have relatively short timeouts after which PIN re-entry is required, preferably non-resettable. <br>
<br>Could implement some form of "tamper detect" system, e.g fragile wires embedded over the chip which would provide indication of case tampering. Issues with these though (e.g. accidental shorting during assembly). Determined adversary is liable to be able to counter this.<br>
</li><li>Firmware bugs: Authenticated firmware update mechanism (i.e. require the PIN to be entered to authorize new firmware download, validate have user validate signature before letting it run? This is trickiest, because of confined flash space. <br>
Maximize simplicity of firmware. Obviously this is somewhat difficult in the face of USB. Using an off-chip USB controller avoids that issue, in exchange for the other that now the driver and user interface situation is made more complex (USB serial ports for one are seriously ugly)<br>
</li></ul><p>Other features: At a minimum a keypad, a display. This is not going to be compact.</p><p>Potentially: (Micro)SD card slot so can function as encrypted flash drive?</p><p>Some form of analog RNG built on PCB? Preferably in addition to some form of hardware RNG inside the chip (though chip manufacturers are notoriously cagey about how good their entropy generators are, it can't hurt to mix in extra slush)</p>
<p><br></p><div><div dir="ltr"><div>Owen Shepherd<br></div><a href="http://owenshepherd.net" target="_blank">http://owenshepherd.net</a> | <a href="mailto:owen.shepherd@e43.eu" target="_blank">owen.shepherd@e43.eu</a><br>
</div></div>
<br><br><div class="gmail_quote">On 10 January 2014 23:57, Natanael <span dir="ltr"><<a href="mailto:natanael.l@gmail.com" target="_blank">natanael.l@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p dir="ltr">Den 11 jan 2014 00:23 skrev "Bill Cox" <<a href="mailto:waywardgeek@gmail.com" target="_blank">waywardgeek@gmail.com</a>>:</p><div><div class="h5"><br>
><br>
> I've been noodling the idea of a USB stick designed in a way that we<br>
> can trust the crypto that goes on there. It's a hard problem, but<br>
> there seems to be some guidelines that could help:<br>
><br>
> - Open source hardware - schematics and everything including board<br>
> layout need to be free<br>
> - No ICs that could be compromised. Any CPU would have to be a<br>
> soft-core in an FPGA, with an open-source design<br>
> - FPGA configuration memory both readable and writable over a JTAG port<br>
> - External flash program memory also read/writeable through JTAG<br>
> - Reasonable hardware RNG where every node in the circuit can be probed<br>
> - Signal isolation from the PC: solid state relays would swap a simple<br>
> memory back and forth between the PC side and USB stick side. Maybe<br>
> power draw should be randomized to obscure any processing going on.<br>
> RF shielding should cover the USB stick. No other communication<br>
> should be possible. This is similar to an air gap.<br>
> - A community supported audit trail verifying produced USB keys are secure<br>
><br>
> The idea still has issues. Where would I be able to store secret keys<br>
> securely such that an attacker who stole my USB stick could not<br>
> recover it? Anyway, it's just a fun idea. I'd love to have such a<br>
> device in my pocket. There's a lot of applications I can think of<br>
> that could benefit from it, from electronic voting to<br>
> microtransactions. As one security expert once said in an<br>
> electronic-voting discussion I followed, no machine ever connected to<br>
> the Internet has proven secure. Could we make such a beast? I<br>
> probably don't really have time to work on it, but if a group were<br>
> building it, I'd participate.</div></div><p></p>
<p dir="ltr">You just put your trust in that the FPGA isn't backdoored. There's been backdoored FPGAs before, plenty of times. Secure storage of keys require custom hardware as well, an FPGA is just a computational device in itself. You need a smartcard or TPM style chip. </p>
<p dir="ltr">Maybe you want an open source HSM? </p>
<br>_______________________________________________<br>
The cryptography mailing list<br>
<a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a><br>
<a href="http://www.metzdowd.com/mailman/listinfo/cryptography" target="_blank">http://www.metzdowd.com/mailman/listinfo/cryptography</a><br></blockquote></div><br></div></div>