[Cryptech Tech] Fwd: Re: Cryptech HSM enquiry

Thotheolh Tay twzgerald at gmail.com
Tue Sep 8 06:47:12 UTC 2015

Previous message (by thread): [Cryptech Tech] why not deterministic ecdsa?
Next message (by thread): [Cryptech Tech] Fwd: Re: Cryptech HSM enquiry
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------- Forwarded message ----------
From: "Randy Bush" <randy at psg.com>
Date: 8 Sep 2015 2:29 pm
Subject: Re: Cryptech HSM enquiry
To: "Thotheolh Tay" <twzgerald at gmail.com>
Cc:

> I noticed that the Novena board was used as the HSM. That means the use of
> ARM and probably Xilinx were used.
>
> 1.) May I know how the secret keys are stored ?
>
> 2.) I would like to know if inter-bus communications are encrypted and
> signed as well ?
>
> 3.) Tamper resistance keystorage can be provided by smartcards or SIM
cards
> in your Alpha board model. A JavaCard enabled smartcard may accept certain
> smartcard protocols to process the secret key instead of using a
> power-backed memory chip that is not tamper resistance.
>
> The weakness of the Alpha board design in regards to tamper is it needs to
> protect the entire board instead of just a chip and a huge net might be
> less effective and efficient than a protected chip. Thus, the use of
> smartcard(s) in such a place for the master key would be advantageous.
>
> The master key can unwrap a subordinate key and pass it to the FPGA or ARM
> chip which you now only need to wrap the two chips and RTC in tamper
> shields and pot. The inter-bus can be left exposed as long as chips are
> using end-to-encryption and signing of bus messages.
>
> The exposed physical and logical interfaces must logically be protected at
> least via Diffie-Hellman sessions and even better with the HSM's Root
Cert.
>
> Things like equipping an attached display and keyboard or scroll wheel
must
> also be secured via the display unit having it's own crypto chip and same
> for the scroll wheel and keyboard to ensure end-to-end security.
>
> The problem left is secure and trusted bootloading. Not trusting the ARM
> TrustZone or FPGA to do the trusted boot is a wise choice to prevent
> certain backdoors. This is by far the hardest problem which would take
> sometime to solve without really needing to trustvthe secure boot baked
> into chips due to backdoor concerns.

could you please repost this to tech at cryptech.is?  thanks.

randy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cryptech.is/archives/tech/attachments/20150908/0f1de1d8/attachment.html>

Previous message (by thread): [Cryptech Tech] why not deterministic ecdsa?
Next message (by thread): [Cryptech Tech] Fwd: Re: Cryptech HSM enquiry
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list