[Cryptech Tech] Roadmap & remarks about the opportunity of developing a secure TOR router on the Novena platform.

Joachim Strömbergson joachim at secworks.se
Wed Aug 6 11:31:16 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

★ STMAN ★ wrote:
> No, of course, I don’t trust Xilinx implementation of PCIe as it is 
> impossible to check the corresponding VHDL code. Now, there are many 
> « Free VHDL PCIe cores » available on OpenCore.

Have you tried them? Most of them are bridges and not complete PCIe. And
few of them are proven in real devices. Is my experience.

> But in the project we want to develop, this may not be such a big 
> problem : The workaround would be to cipher all the messages we 
> exchange on the PCIe bus.
> 
> And in the particular project we are planing : It would mean using 
> the PCIe bus to exchange TCP/IP paquets with the Secure TOR router : 
> - We would have a driver on the PC hooking TCP/IP stack packets to 
> encrypt and send them to the PCIe TOR Router end-point, so if the 
> PCIe has some backdoors, as we would cipher the data sent through
> it, these backdoors would be useless.
> 
> Do you agree with this approach ?

Yes, that might work, but it looks kludgy to me. I would rather build a
system with either a separate MCU for control or an internal core in the
FPGA doing the routing and then have a simpler, low latency interface
between the cores. PCIe is complex and will eat a lot of resources in
the FPGA.

If you really are thinking of going that direction, you might want to
look at the NetFPGAs:

http://netfpga.org/

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJT4hIEAAoJEF3cfFQkIuyNaUIP/1l8jlnwwt7OPqPpUQOGJEhM
Wdycuz884zOmnqEBa85p+hFHpXtW9/iV5CXXeUg/C5h5vZkTsLyYFcMx+nsnGi4E
qnnsdxOFMQAhr739r98daNg6HYuV4lApP8/zj0aA0vaeeFZ8ulReIdGCo0D/V7GC
OPq+spiMcIwkmELrYbYVKKafvmTTIA4Xpsd25RG2QbxM6Migud4mobOgQCo6SQYt
h92vWdEUJuRPVw3qtYbeSGEhhMIShjHx0qh13HAfx38hK/+4F0aZkgTJJlbZ1THw
auvpJQdeo2vOfq8eU050tn+/6W4g7MgR/uk7HVJP+dAkxxnGM77eE5Ii2iV0iWB3
vcTRX1ELqoKd90b7rEyNVZ2u4Qe0YRgOeT9xn39FUaiwqatKZUNsXnI03c6oO0JO
sQBOcdYkSZTwaEs1BN211TSVHNbw51Q+bNxau6SMNkp1fhWjkYC0m6D4SZQ7x87J
83VFWReOy4FskeHq56OlYeYDP+xFvgiWgn89sdYSL+JvpzTdJi2iYebSaemXYlAH
LySdL+DmxQyhAPuw5Db3nKxfgeepb5g47nvnIpPwnkkRqKMyRi+f6P6NxF4MPnuJ
fn4hkukzAJmQemcmaqog7Otcgh6FAAfYIvlzCEq1guuQcOeufGVrjudwxHaXmDEf
IjrpxLLAvshtq1oxSM0F
=te0J
-----END PGP SIGNATURE-----


More information about the Tech mailing list