[Cryptech Tech] fyi: [Cryptography] Dumb idea: open-source hardware USB key for crypto
Jeff.Hodges at KingsMountain.com
Sun Jan 12 01:43:06 UTC 2014
fyi, others have ideas similar to cryptech.is.
Here's a recent msg to the <cryptography at metzdowd.com> list (several msgs
in the ensuing thread are likely of interest to y'all)..
Subject: [Cryptography] Dumb idea: open-source hardware USB key for crypto
From: Bill Cox <waywardgeek at gmail.com>
Date: Fri, 10 Jan 2014 17:53:08 -0500 (14:53 PST)
To: "cryptography at metzdowd.com" <cryptography at metzdowd.com>
I've been noodling the idea of a USB stick designed in a way that we
can trust the crypto that goes on there. It's a hard problem, but
there seems to be some guidelines that could help:
- Open source hardware - schematics and everything including board
layout need to be free
- No ICs that could be compromised. Any CPU would have to be a
soft-core in an FPGA, with an open-source design
- FPGA configuration memory both readable and writable over a JTAG port
- External flash program memory also read/writeable through JTAG
- Reasonable hardware RNG where every node in the circuit can be probed
- Signal isolation from the PC: solid state relays would swap a simple
memory back and forth between the PC side and USB stick side. Maybe
power draw should be randomized to obscure any processing going on.
RF shielding should cover the USB stick. No other communication
should be possible. This is similar to an air gap.
- A community supported audit trail verifying produced USB keys are secure
The idea still has issues. Where would I be able to store secret keys
securely such that an attacker who stole my USB stick could not
recover it? Anyway, it's just a fun idea. I'd love to have such a
device in my pocket. There's a lot of applications I can think of
that could benefit from it, from electronic voting to
microtransactions. As one security expert once said in an
electronic-voting discussion I followed, no machine ever connected to
the Internet has proven secure. Could we make such a beast? I
probably don't really have time to work on it, but if a group were
building it, I'd participate.
The cryptography mailing list
cryptography at metzdowd.com
More information about the Tech