[Cryptech Tech] goals / use cases
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Jan 28 22:15:30 UTC 2015
Fredrik Thulin <fredrik at thulin.net> writes:
>The side channel could be in some other operation. Hidden inside timing of
>USB packets sent for example.
That's a quite significant amount of backdooring though, that's tying the AES
core via some sort of microcontroller into the USB core, and assumes an
attacker has access to the USB channel (which requires physical access to the
HSM). Anything like that is going to have an enormous footprint, and if it's
ever discovered then no-one will ever trust anything from that chip vendor
again.
The tradeoff is in how paranoid we want to get. At the moment we're leaving
aside a perfectly functional, high-speed AES and SHA-1 core for paranoia
reasons. Some arguments for/against doing the deterministic ops in an FPGA:
For:
- The CPU could be backdoored.
Against:
- The FPGA could be backdoored (both AES and SHA-1 have very obvious
footprints).
- Wastes a set of perfectly good IP blocks in the CPU.
- Consumes needed space in the FPGA.
It seems the downsides far outweigh any benefits.
Peter.
More information about the Tech
mailing list