Re: [Cryptography] Dumb idea: open-source hardware USB key for crypto
On Fri, Jan 10, 2014 at 5:53 PM, Bill Cox <waywardgeek@gmail.com> wrote:
I've been noodling the idea of a USB stick designed in a way that we can trust the crypto that goes on there. It's a hard problem, but there seems to be some guidelines that could help:
- Open source hardware - schematics and everything including board layout need to be free - No ICs that could be compromised. Any CPU would have to be a soft-core in an FPGA, with an open-source design - FPGA configuration memory both readable and writable over a JTAG port - External flash program memory also read/writeable through JTAG - Reasonable hardware RNG where every node in the circuit can be probed - Signal isolation from the PC: solid state relays would swap a simple memory back and forth between the PC side and USB stick side. Maybe power draw should be randomized to obscure any processing going on. RF shielding should cover the USB stick. No other communication should be possible. This is similar to an air gap. - A community supported audit trail verifying produced USB keys are secure
The idea still has issues. Where would I be able to store secret keys securely such that an attacker who stole my USB stick could not recover it? Anyway, it's just a fun idea. I'd love to have such a device in my pocket. There's a lot of applications I can think of that could benefit from it, from electronic voting to microtransactions. As one security expert once said in an electronic-voting discussion I followed, no machine ever connected to the Internet has proven secure. Could we make such a beast? I probably don't really have time to work on it, but if a group were building it, I'd participate.
Many of these open hardware ideas come down to the fab level... can you examine (and trust) the fab process. Sure, publish all your schematics, VHDL, die masks, etc. But unless some number of random people can routinely make unannounced access-all-areas verification visits to the fab to verify those masks are the ones in use, it's moot. Or unless they can pull unannounced random samples and decap and analyse them, it's moot. That's why I've previously suggested people get together to making hardware RNG's out of discrete components... you don't have those worries then. I agree with the softcore loadable fpga and probe points ideas, they're good things. But in general, once you exceed a certain number of presupplied closed source and relatively unauditable gates [1], you should consider yourself potentially and generally fucked... and start taking a serious defense in depth approach. [1] Let's call it the number required to perform dumb leaks or take pseudo intelligent actions against you. The current lineup from Intel/AMD certainly fall in this category. As would quite a few lesser things... ARM, phones, cards, etc... firmware things. Does it not scare you that the next PC you're about to buy for your firewall is one of these systems, potentially hiding out to honor magic packets? Look at AMD's new CPU's coming out in a few weeks... besides gate count we all know about, it has embedded ARM cores. And just who is going to bring the aforesaid open model upon this class of gear? So it's +1 for spooks.
On Sat, Jan 11, 2014 at 02:35:39AM -0500, grarpamp wrote:
On Fri, Jan 10, 2014 at 5:53 PM, Bill Cox <waywardgeek@gmail.com> wrote:
I've been noodling the idea of a USB stick designed in a way that we can trust the crypto that goes on there. It's a hard problem, but there seems to be some guidelines that could help:
as hinted earlier in the pcp/pbp discussion, i'm working on such a beast: https://www.ctrlc.hu/~stef/PITCHFORK.pdf
Anyway, it's just a fun idea. I'd love to have such a device in my pocket. There's a lot of applications I can think of that could benefit from it, from electronic voting to microtransactions.
PITCHFORK will allow you to develop your own extensions, so indeed i expect a lot of experiments and innovation if this gets off. currently some of my code has licensing problems and needs to be reimplemented before publication :/
Many of these open hardware ideas come down to the fab level...
indeed, there's a lot of trust in things we have limited resources to validate. turtles all the way down. -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt
And just who is going to bring the aforesaid open model upon this class of gear? So it's +1 for spooks.
Yes and no. Across the security parts of that government with which I am familiar, the issues of which you are speaking are deeply troubling -- they buy computers, too. There is, indeed, the strong mandate to use commercial off the self (COTS) goods rather than government-only goods which, on balance, is a Very Good Thing as perversion of the supply chain is thereby a common enemy. That all significant private firms are transnational is likewise a Very Good Thing (at least in this context). Naturally, I have no access to whether the precise discussion taking place in English here on these two lists is simultaneously taking place in and around Beijing, Brussels, London, Moscow, and Tokyo, but I would be surprised if it is not. Put differently, all airlines share a joint interest in air safety and none advertise that "our planes fall out of the sky less often than theirs." Because airplane crashes are not concealable, they are studied and thus learned from. Perhaps the policy you might want to consider is mandated disclosure of computer failures whether from attacks or from clumsiness. Public health trumps medical privacy should you turn up at hospital with smallpox or the plague. Peter Neumann's long-running RISKS digest is a small mockup of what might well be a global need. As with airlines and the (US) National Transportation Safety Board, learning from events is about all you can do once collective complexity is above that level where further refinements of design are, at best, episodic. --dan
On Sat, Jan 11, 2014 at 10:08:28AM -0500, dan@geer.org wrote:
And just who is going to bring the aforesaid open model upon this class of gear? So it's +1 for spooks.
Yes and no. Across the security parts of that government with which I am familiar, the issues of which you are speaking are deeply troubling -- they buy computers, too. There is, indeed, the strong mandate to use commercial off the self (COTS) goods rather than government-only goods which, on balance, is a Very Good Thing as perversion of the supply chain is thereby a common enemy. That all significant private firms are transnational is likewise a Very Good Thing (at least in this context). Naturally, I have no access to whether the precise discussion taking place in English here on these two lists is simultaneously taking place in and around Beijing, Brussels, London, Moscow, and Tokyo, but I would be surprised if it is not.
Based on my experience at a DOE lab that let me to coin the term 'Legislative Trojan', I proposed a process called 'trusted open source', in which things like the core bios (http://coreboot.org) would be maintained by multiple different government standards agencies. Say NIST in the US, Germany, China, Japan, and Taiwan, as well as independent organizations like Wikipedia, the free software foundation, and the Debian project. So when you have VHDL, I'm very interested in looking at it, and calling up some of the people I used to work with in the Supercomputing community. They are very concerned about the integrity of open and public scientific computing, and may even be motivated to fund such a thing. The Cryptocoin community (should) also be extremely interested as well, and http://efabless.com would love to actually make the thing. Then you just randomly sample and X-ray the chips. The intelligence agencies that want to subvert this process will still have plenty of physical/humint/social engineering attacks so they will be happy. When do we start? Please upload some VHDL/verilog ASAP. -- Troy
participants (4)
-
dan@geer.org -
grarpamp -
stef -
Troy Benjegerdes