[Cryptography] Anyone interested in a cheap security module for Raspberry Pi?

Bill Cox waywardgeek at gmail.com
Wed Jul 26 14:10:17 EDT 2017 

On Wed, Jul 26, 2017 at 9:39 AM, Ron Garret <ron at flownet.com> wrote:

>
> On Jul 25, 2017, at 7:47 PM, Bill Cox <waywardgeek at gmail.com> wrote:
>
> I also am a fan of the low cost open SC4-HSM <https://sc4.us/hsm/>,
>
>
> Thank you!  :-)
>
> but I am interested in devices with better physical security.
>
>
> Can you elaborate on what you mean by this?  The SC4-HSM can be made
> secure against an adversary with physical possession of the device.  If
> you’re willing to type in a pass-phrase, it can even be made secure against
> an adversary capable of decapping the SoC.  What more do you want?
>
> rg
>
> I have a different threat model than most HSMs:  I assume the attacker
could be:

- Malware on the host computer
- The owner of the device, so pass phrases do not help
- A botnet of HSM emulators, so I'll need hardware attestation
- A group of hackers motivated enough to buy a large number of HSMs and PWN
them to control the network

I think it would be useful to have:

- Basic tamper resistance

Having an accessible debug port would be bad.  This would allow an attacker
to see secret keys.  There is a debug port on the  STM32F405R.  Do you
somehow disable it?

Neither a safe nor passphrase would help, because the owner is in the
threat model.  I do not want to lock it down like a Tivo, but instead have
the hardware erase all secrets, including the attestation key, before
allowing the owner to reprogram the entire device.

Tamper detection would be useful.  Random physical auditing of nodes could
help determine when the fraction of PWNed nodes is getting too high, but
only if we can tell when a device has been PWNed.  We could use glitter
nail polish and a photo of the original device to detect physical
intrusion.  It is also important to thwart side-channel attacks, such as
extracting secrets using timing, power analysis, or RF emissions.  We do
not need to defend against experts since they are rare, but a you-tube
video should not be enough to enable most HSM owners to easily PWN their
device through side-channels.

- Verifiable boot and firmware updates.

I'll need to be able to run a boot loader that verifies firmware signatures
before upgrading, and in some cases, it will need to erase secrets before
upgrading.  Can the STM32F405R do that?

- ECC (P256 is fine), AES, and SHA256 acceleration to enable reasonable
transactions per second (as in more than 1).

The main metric here is hardware cost per transaction per second.  The K81
is pretty fast at 150 MHz, but it is slower than the  STM32F405R, and the
K81 costs about 30% more.  I'm assuming the crypto engines are equivalent...

- Several KiB of SRAM, say a minimum of 4KiB

SRAM is divided up between applications, and one applications cannot read
another's SRAM.  More SRAM is better.  The K81's 256KiB of SRAM is more
than I need as is the 192KiB on the  STM32F405R.

- A lot of flash, say at least 100KiB

Flash would be divided between the virtual machine emulator and the
application it runs, so each app only gets a fraction of flash memory.  The
K81's 256KiB of flash seems low, but probably good enough.  The 1MiB of
the  STM32F405R is a nice upgrade.

Do you think a SC4-HSM might be close to supporting this application's
needs?  If not, would you have any interest in having my help developing a
new HSM that would?

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170726/3da58fe5/attachment.html>

More information about the cryptography mailing list