[Cryptech Tech] Fwd: Re: Cryptech HSM enquiry
Fredrik Thulin
fredrik at thulin.net
Thu Jul 21 13:38:04 UTC 2016
On tisdag 19 juli 2016 kl. 18:53:13 CEST Thotheolh Tay wrote:
> Hi,
>
> I would like to congratulate the CrypTech team on having an Alpha board
> released after around 2 years of development (since 2014).
Thank you!
> I find the CrypTech webpage terse on information so I have to ask questions
> via email.
Sorry about that - we know we have done much more coding than documentation.
How to get documentation written without hampering the engineering effort was
discussed some in Berlin... with no real answer yet.
> In the previous email, I was told the KMK key would be stored in a tamper
> detecting and battery backed RAM.
>
> Here are my questions:
>
> 1.) Is the tamper detection provided by software inputs or what sort of
> inputs are needed to trigger the tamper reaction ? Would attempts to tap or
> tamper the chips directly cause the KMK to be wiped like other secure chips
> ? Does it use some sort of tamper detecting sensor (i.e. metal shields and
> meshes, power glitch sensing algorithms) and where is this particular
> battery backed RAM stored in (inside the ARM chip or FPGA chip) ?
>
> 2.) Are there software protection against timing and power analysis or
> other side-channel protection mechanism (i.e. dynamic whitebox crypto) ?
>
> 3.) Are there software protection against attempts to listen to CPU
> processes via EM emissions (i.e. dynamic generation of false instructions
> and routines) ?
>
> 4.) Are there considerations to tamper protect (physically and logically
> protect) the ARM and FPGA chips against attempts to tamper the HSM in order
> to extract processing details (i.e. loaded and unwrapped keys inside the
> FPGA) ?
We're getting to designing the actual tamper subsystem just about now. I think
your questions can be good input to that process, but as the questions are
phrased ("are there") the answer at this time have to be "no" or "not yet".
The only thing we have today is a volatile memory and a small microcontroller
that will erase the memory when a small button on the PCB (labeled PANIC) is
pressed.
> 5.) Traditional HSMs (i.e. Thales nCipher HSM) uses M/N quorums to create
> an administrator key to unwrap the master key with the M/N quorum shares
> stored inside smart cards. Are there going to be similar approaches to use
> a M/N quorum share to create an administrative shared key to protect the
> KMK key for additional security ?
Some people around here are very interested in M/N.
> 6.) How do I know I have booted the correct software and firmware without
> any tampering ?
Is "because you built it from source yourself" a possible answer to that
question, or do you mean something else like "how do I know the software in
the device wasn't replaced since the time I installed it"?
/Fredrik
More information about the Tech
mailing list