[prev in list] [next in list] [prev in thread] [next in thread]
List: cryptography
Subject: Re: [Cryptography] Design of a secure hardware dongle
From: Ron Garret <ron () flownet ! com>
Date: 2016-01-25 19:01:13
Message-ID: C5703D30-63EE-4FCC-A4BC-7865F58E13F6 () flownet ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
The chip we’re using was chosen in part because it has a hardware lock-down feature \
specifically designed to defeat such an attack:
http://www.st.com/web/en/resource/technical/document/application_note/DM00075930.pdf
It’s designed to keep the Chinese from stealing proprietary code, but it works for \
keys as well. But if you’re still worried that an adversary is going to, say, do a \
direct hardware probe of the EEPROM, you can add a layer of security in software by \
encrypting the keys with a pass-phrase. And if you really want to batten down the \
hatches you can have the device erase the keys after N unsuccessful attempts to \
decrypt them, or (for you Mission Impossible fans out there) if the correct pass \
phrase is not provided within a certain amount of time.
rg
On Jan 25, 2016, at 10:23 AM, Gé Weijers <ge@weijers.org> wrote:
> The question is whether that particular ARM processor can keep a secret if it gets \
> into the wrong hands. People with logic analyzers and chip probes.
> Gé
> On Tue, Jan 19, 2016 at 12:38 Ron Garret <ron@flownet.com> wrote:
> I’m working on a design for a minimalist secure hardware dongle. The goal is to \
> have it be usable as an HSM for the secure storage of secrets. I have a prototype \
> running on a Teensy3, but I’ve come to the conclusion that in order to really be \
> secure there has to be some I/O on the dongle itself. Hence, I am commissioning a \
> new design that is essentially a Teensy3 with the addition of an OLED display and \
> two push-buttons. It will also have an on-board noise source for key generation. \
> The resulting device will be very similar to the Trezor, but not designed \
> specifically for BitCoin. I expect to be able to sell them for about $50.
> If anyone here has an interest in such a device and would like to see a feature \
> that I have not listed please let me know.
> rg
>
> _______________________________________________
> The cryptography mailing list
> cryptography@metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
> --
> —
> Gé
[Attachment #5 (unknown)]
<html><head><meta http-equiv="Content-Type" content="text/html \
charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: \
space; -webkit-line-break: after-white-space;">The chip we’re using was chosen in \
part because it has a hardware lock-down feature specifically designed to defeat such \
an attack:<div><br></div><div><a \
href="http://www.st.com/web/en/resource/technical/document/application_note/DM00075930 \
.pdf">http://www.st.com/web/en/resource/technical/document/application_note/DM00075930.pdf</a><br><div><br></div><div>It’s \
designed to keep the Chinese from stealing proprietary code, but it works for keys as \
well. But if you’re still worried that an adversary is going to, say, do a \
direct hardware probe of the EEPROM, you can add a layer of security in software by \
encrypting the keys with a pass-phrase. And if you really want to batten down \
the hatches you can have the device erase the keys after N unsuccessful attempts to \
decrypt them, or (for you Mission Impossible fans out there) if the correct pass \
phrase is not provided within a certain amount of \
time.</div><div><br></div><div>rg</div><div><br><div><div>On Jan 25, 2016, at 10:23 \
AM, Gé Weijers <ge@weijers.org> wrote:</div><br \
class="Apple-interchange-newline"><blockquote type="cite">The question is whether \
that particular ARM processor can keep a secret if it gets into the wrong hands. \
People with logic analyzers and chip probes.<br><br>Gé<br><div \
class="gmail_quote"><div dir="ltr">On Tue, Jan 19, 2016 at 12:38 Ron Garret <<a \
href="mailto:ron@flownet.com">ron@flownet.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">I’m working on a design for a minimalist secure hardware \
dongle. The goal is to have it be usable as an HSM for the secure storage of \
secrets. I have a prototype running on a Teensy3, but I’ve come to the \
conclusion that in order to really be secure there has to be some I/O on the dongle \
itself. Hence, I am commissioning a new design that is essentially a Teensy3 \
with the addition of an OLED display and two push-buttons. It will also have an \
on-board noise source for key generation. The resulting device will be very \
similar to the Trezor, but not designed specifically for BitCoin. I expect to \
be able to sell them for about $50.<br> <br>
If anyone here has an interest in such a device and would like to see a feature that \
I have not listed please let me know.<br> <br>
rg<br>
<br>
_______________________________________________<br>
The cryptography mailing list<br>
<a href="mailto:cryptography@metzdowd.com" \
target="_blank">cryptography@metzdowd.com</a><br> <a \
href="http://www.metzdowd.com/mailman/listinfo/cryptography" rel="noreferrer" \
target="_blank">http://www.metzdowd.com/mailman/listinfo/cryptography</a></blockquote></div><div \
dir="ltr">-- <br></div><div dir="ltr">—<br>Gé</div> \
</blockquote></div><br></div></div></body></html>
[Attachment #6 (text/plain)]
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic