A cool study from a Cryptech contributor seen today : Improving Master Key storage in military grade crypto-anarchist Crypto-Devices.

Mar 13 18:29 [raw]

********* *DÉBUT CONTENU CHIFFRÉ ou SIGNÉ* ********* Aloha! I've done a short study on a possible way to improve the master key memory in Cryptech. Based on the survey below, using a Lattice iCE40LP device looks promising. Esp in the light of the available open tool suite based on Yosys. (A more) Intelligent Master Key Memory ====================================== The current Master Key Memory (MKM) is implemented using a simple, serial RAM connected to the FPGA via SPI. On the alpha board there is support for powering the RAM chip with a battery connected via a switch. This provides a first, rudimentary possible way to achive tamper protection of the master key. There are however specialized security devices that provides integrated tamper detection, key memory anti-remanence functionality etc. One such family of devices are the DeepCover Security Managers by Maxim: https://para.maximintegrated.com/en/search.mvp?fam=sec_super&1351=Yes There are several devices, for example a small chip with 64 byte storage: https://www.maximintegrated.com/en/products/power/supervisors-voltage-monitors-sequencers/DS3600.html For transparency reasons we would rather implement our own master key storage using "stupid" chips, nor rely on a black box solution (which the Maxim chip really is). One solution discussed is to use a very small, low power FPGA with non-volatile fabric configuration. The master key is stored in discrete registers or block RAM. The FPGA logic implements tamper detect and key destruction mechanisms etc. One key function provided by the Maxim device is ant-remanence functionality. I found a good article about SRAM remanence and counter mechanisms for key storage: https://www.design-reuse.com/articles/17660/on-chip-sram-data-remanance-attacks.html Either flip bits periodically or move key in memory. Key flip by XORing with 0xff...ff. When key is moved erase old key and then write pattern 0xaa...aa or 0x55...55 to the old place (and all other places where the key isn't stored. Requires a separate pointer register that should also be wiped during tamper detect. Suggested time between anti-remanence operations in the article is 5 minutes. Suggested list of features -------------------------- MUST provide - Key memory. At least 128 bit. But possibly at least 64 bytes. - Anti-remanence (eg complementing, movement) of key memory. Including counter to trigger anti-remanence operation. - Tamper response wipining and overwriting of key memory. - Tamper-detect logic input. At least one pin. Level triggered. - SPI, I2C or UART interface MAY provide - Access control (password to unlock) - Tamper detect with comparators (for example temperature) - Tamper event logging. x events rolling log. - Real time-ish clock for timestamp of log. Things to consider when using FPGAs to build a secure memory ------------------------------------------------------------ - Clocks. External or internal - Sleep modes. How to react fast if sleeping? - Debug and scan ports (JTAG). Can they be locked down? - Static power consumption - Free (good) or even open (better) tools - Package types Lattice Semi –--------––– iCE40 LP are the smallest devices with lowest power consumption available. As low as 21uA in static power. SRAM-based, but with on-chip non-volatile configuration memory. Can configure itself from boot. Have internal clocks (48 MHz, 32 kHz). http://www.latticesemi.com/Products/FPGAandCPLD/iCE40 Data sheet: http://www.latticesemi.com/view_document?document_id=49312 Example packages: - 16-ball CSP - 32-pin QFN Free tool - iCEcube2: http://www.latticesemi.com/Products/DesignSoftwareAndIP/FPGAandLDS/iCEcube2 Open tool, reverse engineered bitstream. Based on Yosys. Right now smallest device supported is iCE40-LP384-QN32. http://www.clifford.at/icestorm/ Eval board: http://www.latticesemi.com/icestick Actel (Microsemi) ----------------- IGLOO Nano. Down to 2uW in Flash Freeze mode. Embedded SRAM and NVM. Flash based. Security focused device. Configuration protected with AES-128. No internal clock. Data sheet: https://www.microsemi.com/document-portal/doc_download/130695-ds0110-igloo-nano-low-power-flash-fpgas-datasheet Example packages - 36-ball CSP - 48-pin QFN Free tool (Libero SoC): https://www.microsemi.com/products/fpga-soc/design-resources/design-software/libero-soc -- Med vänlig hälsning, Yours Joachim Strömbergson - Assured AB ======================================================================== ********** *FIN CONTENU CHIFFRÉ ou SIGNÉ* **********

[chan] Crypto-Anarchist Federation
Mar 13 22:46 [raw]

> The master key is stored in discrete registers or block RAM. The FPGA logic implements tamper detect and key destruction mechanisms etc. 1. Fragment every key into multiple parts with each variable chunk stored in random memory locations. 2. These random chunks are each encrypted with session keys. 3. The device on the other side of the serial cable never has access to this memory or the session key passwords. Profit!

[chan] Crypto-Anarchist Federation

Subject Last Count
cnf Mar 19 15:18 1
get on bitboard Mar 19 14:28 1
disabling onion page Mar 18 20:43 1
Hardware trojans... Mar 17 05:16 27
redice.tv Mar 17 04:54 5
warning Mar 16 06:28 2
The Transgender Assualt on the Creator of JavaScript Mar 15 19:09 1
The Corbett Report - The Bitcoin Psyop Mar 15 18:33 1
bitboard Mar 15 07:52 7
RIP Stephen Hawking - I'll miss your brillance, honnesty, clarity, truths & heart. Mar 15 00:42 5
A cool study from a Cryptech contributor seen today : Improving Master Key storage in military grade crypto-anarchist Crypto-Devices. Mar 13 22:46 2
Crypto-Anarchist "Paris Bitcoin Tech Meetup" in Paris - Preliminary organisational meeting next wednesday in "Jack" Hackerspace in Jardin d'Alice - Montreuil (Paris). Mar 12 18:35 1
Red Ice Radio Mar 10 20:41 1
How to run Bitmessage in a secure Linux and Firejail sandbox Mar 10 20:08 1
Looking for some TOR bridges Mar 7 14:44 7
xiphos Mar 6 20:56 8
#crypto-anarchist-federation chan was created on irc.freenode.net ! Mar 3 20:17 3
C.N.F. Mar 3 04:03 2
They never forgive. Mar 2 21:30 1
Compression discovery Mar 2 14:21 4
Compress Random Data Mar 2 05:19 5
Crypto-Anarchist tip to escape state sandboxing of your internet access when installing new software or doing fresh installs of OS's from ISO disk images downloaded from the internet Feb 28 16:34 3
security/cryptography Feb 28 15:54 1
Sigh... Feb 28 00:31 1
Integrated Circuits (ASICs) and FPGA "lab attack" Trojan Detection using IC fingerprinting. Feb 25 11:13 1
Tor / Proxychains is leaking my hostname Feb 23 08:31 2
@S3 ... SPOOQKE ... Secure Pair Orthogonal OTP Quantum Key Exchange Feb 22 14:04 2