Re: RS232 Crypto Dongle (idea for widely accessible crypto technology)
I've also been thinking about the risks of running crypto software on hackable PCs and ways of protecting against this with external special purpose devices. My thinking is to limit the external "dongle" to the one function that is truly sensitive and worthy of special protection: RSA secret key operations. It seems to me that whenever you use a PC to encrypt or decrypt something, you have to accept the risk that it might have been hacked, and whatever you do on it might be secretly recorded. But when I now run PGP (or any similar package) on a machine, I must risk much more than this every single time I type in my pass phrase, namely *everything* that ever was or will ever be encrypted with this same RSA key pair. This may well be an unacceptable risk, especially if I'm temporarily borrowing somebody else's machine or using one in a public area. I see this as THE major obstacle to our goal of routinely encrypting all communications, sensitive or otherwise, as a way of "desensitizing" the world to the use of cryptography. The way around this risk is to move the RSA secret key storage and processing operations to some external dongle. The device would have only one primary function -- the execution of an RSA secret key operation. It would not allow the secret key to be read out of the device, although it might have a "zeroize" function to destroy it. (It might also include a good random number generator for the convenience of the host computer.) Everything else (data compression and armoring, public key operations, symmetric cryptography, etc) can and should go in the PC where cycles and memory space are much more plentiful. If the dongle has a built-in keypad, then it could store your RSA secret key encrypted with a PIN that you'd have to enter to enable the device. This would protect you if the device were stolen. Of course, the best protection is to make the device so small that you can conveniently keep it with you at all times instead of having to store it someplace. I believe that "smart cards" are already available on the market that do these or similar functions, although they are much more widespread in Europe than in the US. Comments? Phil
Phil K. writes:
My thinking is to limit the external "dongle" to the one function that is truly sensitive and worthy of special protection: RSA secret key operations.
Phil's comment are right on. There is a need for you secret keys to be easily and physically relocatable. Re: key compromise
I see this as THE major obstacle to our goal of routinely encrypting all communications, sensitive or otherwise, as a way of "desensitizing" the world to the use of cryptography.
It is my own opinion that there will be a market for personal protection devices only when data is worth money. Data will be worth money when some data _is_ money.
only one primary function -- the execution of an RSA secret key operation. [...] it might have a "zeroize" function to destroy it.
I refer to this as WEEM: Write, Erase, Encrypt Memory
Everything else (data compression and armoring, public key operations, symmetric cryptography, etc) can and should go in the PC where cycles and memory space are much more plentiful.
Depending on the silicon size and production volume, you could probably use this device for all modular exponentiation operations. Or a cheap version could use a DSP module from a cell library and do all the arithmetic more slowly.
If the dongle has a built-in keypad, then it could store your RSA secret key encrypted with a PIN that you'd have to enter to enable the device.
Not only a keypad, but a full 4-function calculator with an LCD display as well! :-)
I believe that "smart cards" are already available on the market that do these or similar functions, although they are much more widespread in Europe than in the US.
Smart cards have the disadvantage that their die size is pretty severely limited. They have to fit within the thickness of a credit card and withstand repeated flexure. Much better for this application is the PCMCIA standard, which has plenty of room for circuitry. Eric
participants (2)
-
Eric Hughes -
karn@qualcomm.com