[Cryptech Tech] A more intelligent master key memory
joachim.strombergson at assured.se
Tue Mar 13 13:33:31 UTC 2018
-----BEGIN PGP SIGNED MESSAGE-----
I've done a short study on a possible way to improve the master key
memory in Cryptech. Based on the survey below, using a Lattice iCE40LP
device looks promising. Esp in the light of the available open tool
suite based on Yosys.
(A more) Intelligent Master Key Memory
The current Master Key Memory (MKM) is implemented using a simple,
serial RAM connected to the FPGA via SPI. On the alpha board there is
support for powering the RAM chip with a battery connected via a
switch. This provides a first, rudimentary possible way to achive tamper
protection of the master key.
There are however specialized security devices that provides integrated
tamper detection, key memory anti-remanence functionality etc. One such
family of devices are the DeepCover Security Managers by Maxim:
There are several devices, for example a small chip with 64 byte storage:
For transparency reasons we would rather implement our own master key
storage using "stupid" chips, nor rely on a black box solution (which
the Maxim chip really is).
One solution discussed is to use a very small, low power FPGA with
non-volatile fabric configuration. The master key is stored in discrete
registers or block RAM. The FPGA logic implements tamper detect and key
destruction mechanisms etc. One key function provided by the Maxim
device is ant-remanence functionality.
I found a good article about SRAM remanence and counter mechanisms for
Either flip bits periodically or move key in memory.
Key flip by XORing with 0xff...ff.
When key is moved erase old key and then write pattern 0xaa...aa or
0x55...55 to the old place (and all other places where the key isn't
stored. Requires a separate pointer register that should also be wiped
during tamper detect.
Suggested time between anti-remanence operations in the article is 5
Suggested list of features
- - Key memory. At least 128 bit. But possibly at least 64 bytes.
- - Anti-remanence (eg complementing, movement) of key memory.
Including counter to trigger anti-remanence operation.
- - Tamper response wipining and overwriting of key memory.
- - Tamper-detect logic input. At least one pin. Level triggered.
- - SPI, I2C or UART interface
- - Access control (password to unlock)
- - Tamper detect with comparators (for example temperature)
- - Tamper event logging. x events rolling log.
- - Real time-ish clock for timestamp of log.
Things to consider when using FPGAs to build a secure memory
- - Clocks. External or internal
- - Sleep modes. How to react fast if sleeping?
- - Debug and scan ports (JTAG). Can they be locked down?
- - Static power consumption
- - Free (good) or even open (better) tools
- - Package types
iCE40 LP are the smallest devices with lowest power consumption available.
As low as 21uA in static power. SRAM-based, but with on-chip
non-volatile configuration memory. Can configure itself from boot. Have
internal clocks (48 MHz, 32 kHz).
- - 16-ball CSP
- - 32-pin QFN
Free tool - iCEcube2:
Open tool, reverse engineered bitstream. Based on Yosys.
Right now smallest device supported is iCE40-LP384-QN32.
IGLOO Nano. Down to 2uW in Flash Freeze mode. Embedded SRAM and NVM.
Flash based. Security focused device. Configuration protected with
AES-128. No internal clock.
- - 36-ball CSP
- - 48-pin QFN
Free tool (Libero SoC):
Med vänlig hälsning, Yours
Joachim Strömbergson - Assured AB
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Tech