[Cryptography] Show Crypto: prototype USB HSM
Ron Garret
ron at flownet.com
Tue Apr 12 11:28:41 EDT 2016
One of the biggest challenges in crypto is protecting your keys against an attacker who pwns your machine. The fundamental problem is that such an attacker can do anything you can do, including access hardware tokens that are connected to the machine. Some hardware tokens have an input device built in (usually a push button, sometimes a fingerprint sensor) which needs to be activated before the token will operate, but these are still subject to phishing attacks. In order to really be secure, a hardware token must have not just an input device, but a display as well so that information about the operation being authorized can be shown to the user in a way that is guaranteed to be out of the control of an attacker who pwns the host machine.
I did a market survey and could not find a device that met these requirements. The closest thing I could find was the Trezor bitcoin wallet, but at $99 it seemed a bit pricey so I decided to roll my own. The result is the SC4-HSM, a USB dongle with an STM32F405 processor (32-bit ARM cortex M4 with a built-in hardware RNG, 1MB flash, 192k RAM) and a 128-32 pixel monochrome Adafruit display. It also has two user pushbuttons and two LEDs (though I’m going to be changing that to a single tri-color LED). It currently runs TweetNaCl, but there’s a lot of headroom for more complex crypto. It’s also possible to swap the F405 for an F415, which has built-in crypto operations (AES, 3DES, various SHA hashes). Both processors have hardware support for freezing a firmware load so that it cannot be overwritten, and so the contents of the flash cannot be read out even with physical access to the device. The target market for these chips is medical devices and process controllers, and one of the requirements is to keep the firmware out of the hands of Chinese industrial espionage agents.
Photos of the prototype are attached. I’m about to do a small production run (O(10) units) which will cost about $50 each. If anyone here is interested in obtaining one of these please contact me privately.
I’m also actively recruiting a consultant to help with firmware development and auditing.
rg
NOTE: The pins sticking up out of the case on the right end of the device are a hardware debug interface and will probably not be on the next round of prototypes.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IMG_2133.jpeg
Type: image/jpg
Size: 56650 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160412/caef311c/attachment-0004.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IMG_2132.jpeg
Type: image/jpg
Size: 51054 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160412/caef311c/attachment-0005.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IMG_2134.jpeg
Type: image/jpg
Size: 70665 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160412/caef311c/attachment-0006.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IMG_2135.jpeg
Type: image/jpg
Size: 50281 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160412/caef311c/attachment-0007.jpg>
More information about the cryptography
mailing list