[Cryptech Tech] Tamper MCU and memory choice

[Fredrik Thulin]

Hi all

I met with Richard Lamb in Berlin, and in an interesting discussion about the 
tamper subsystem he raised a couple of questions I think are relevant for the 
list.


1) How fast are we erasing the master key from the volatile memory after a 
tamper event? Richard thought maybe the ATtiny would be too slow. The answer 
is that we can do it in just under 4ms plus a (short) sleep wake-up time.

I tweaked the tamper code to use SPI at f/4 speed, and not erase the whole 
memory but just the first 256 bits (key) + 32 bits status and timed it with my 
logic analyzer. Picture attached.

This is with busy-waiting for the PANIC button signal.



2) Is it best to have a separate MKM memory like we do today, or to instead 
put the MKM in the volatile memory of the tamper MCU?

What reasoning is there really to have a separate memory? A memory chip is 
probably a little bit faster in reacting to read requests, but to me it seems 
much more difficult to shuffle the key around in memory (to prevent 
imprinting) if it is a separate memory.



3) Richard also suggests using the PCF2127AT real-time clock instead of our 
current MCP79412. The point as I understood it was that the PFC2127AT should 
stay reasonably in sync over 10 years.


/Fredrik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: alpha_rev02_tamper_timings.png
Type: image/png
Size: 37982 bytes
Desc: not available
URL: <https://lists.cryptech.is/archives/tech/attachments/20160719/ecca2845/attachment-0001.png>