[Cryptography] Kindle as crypto hardware

Phillip Hallam-Baker hallam at gmail.com
Wed Dec 4 10:40:25 EST 2013 

On Wed, Dec 4, 2013 at 9:50 AM, Theodore Ts'o <tytso at mit.edu> wrote:

> On Tue, Dec 03, 2013 at 11:39:27PM -0500, Phillip Hallam-Baker wrote:
> > What I really want from a crypto key management device is that it be
> >
> > * Small and light
> > * Have processor and display capabilities
> > * Be possible to control the operating system build completely
> > * Be cheap enough to be a burner machine
> >
> > Which is how I started thinking about the Kindle. It is pretty much ideal
> > in every respect, at least after it is jailbroken.
> >
> > And very unlikely that anyone has backdoored the existing stocks.
>
> Why not use an Arduino?
>
>                                 - Ted
>

I would not choose an Arduino due to the lack of a display capability. But
I have certainly been considering the Raspberry Pi which has far more
capability for essentially the same price.

But the cost of a Kindle is $69 including shipping for the device and
display combined. That is a pretty hard price point to beat. And it is a
ready to run device rather than a kit. They can be bought off the shelf in
ready to run condition from numerous retail outlets. So it is pretty easy
to pin down the potential for compromise.


And further, Amazon is a company that is very net.friendly that faces a
massive problem as a result of Snowdonia. So they might well be willing to
cooperate if not participate.

The worst case risk they face would be if they are selling the Kindle at
below cost to make up the difference by selling content. Which might not
sit well with my type of application where certified destruction of the
device is a requirement in some ceremonies.


But for your typical law firm or the like looking to secure the apex of the
enterprise trust infrastructure, a Kindle kept in a tamper-evident pouch
could well be the best compromise between convenience and security.


If I was running a ceremony for a law firm I would imagine the process
would be something like the following:

1) Show up with some number of Raspberry Pi computers that have been potted
in transparent epoxy.

2) Download and confirm the boot disk for the Pi onto an SD card.

3) Disable the WiFi function on the Kindle

4) Download the key management application onto the Kindle from the Pi

5) Generate the keys, copy the encrypted versions onto the Pi, distribute
the key shares to the client key holders.

6) Either bag up the Kindle in a tamper proof bag or perform verifiable
physical destruction.

7) Invoice the client


What would make the system easier to audit would be a special edition
Kindle that had a removable SD card instead of the built-in firmware.


-- 
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131204/c1d9f5a0/attachment.html>

More information about the cryptography mailing list