A cool study from a Cryptech contributor seen today : Improving Master Key storage in military grade crypto-anarchist Crypto-Devices.

Mar 13 18:29 [raw]

********* *DÉBUT CONTENU CHIFFRÉ ou SIGNÉ* ********* Aloha! I've done a short study on a possible way to improve the master key memory in Cryptech. Based on the survey below, using a Lattice iCE40LP device looks promising. Esp in the light of the available open tool suite based on Yosys. (A more) Intelligent Master Key Memory ====================================== The current Master Key Memory (MKM) is implemented using a simple, serial RAM connected to the FPGA via SPI. On the alpha board there is support for powering the RAM chip with a battery connected via a switch. This provides a first, rudimentary possible way to achive tamper protection of the master key. There are however specialized security devices that provides integrated tamper detection, key memory anti-remanence functionality etc. One such family of devices are the DeepCover Security Managers by Maxim: https://para.maximintegrated.com/en/search.mvp?fam=sec_super&1351=Yes There are several devices, for example a small chip with 64 byte storage: https://www.maximintegrated.com/en/products/power/supervisors-voltage-monitors-sequencers/DS3600.html For transparency reasons we would rather implement our own master key storage using "stupid" chips, nor rely on a black box solution (which the Maxim chip really is). One solution discussed is to use a very small, low power FPGA with non-volatile fabric configuration. The master key is stored in discrete registers or block RAM. The FPGA logic implements tamper detect and key destruction mechanisms etc. One key function provided by the Maxim device is ant-remanence functionality. I found a good article about SRAM remanence and counter mechanisms for key storage: https://www.design-reuse.com/articles/17660/on-chip-sram-data-remanance-attacks.html Either flip bits periodically or move key in memory. Key flip by XORing with 0xff...ff. When key is moved erase old key and then write pattern 0xaa...aa or 0x55...55 to the old place (and all other places where the key isn't stored. Requires a separate pointer register that should also be wiped during tamper detect. Suggested time between anti-remanence operations in the article is 5 minutes. Suggested list of features -------------------------- MUST provide - Key memory. At least 128 bit. But possibly at least 64 bytes. - Anti-remanence (eg complementing, movement) of key memory. Including counter to trigger anti-remanence operation. - Tamper response wipining and overwriting of key memory. - Tamper-detect logic input. At least one pin. Level triggered. - SPI, I2C or UART interface MAY provide - Access control (password to unlock) - Tamper detect with comparators (for example temperature) - Tamper event logging. x events rolling log. - Real time-ish clock for timestamp of log. Things to consider when using FPGAs to build a secure memory ------------------------------------------------------------ - Clocks. External or internal - Sleep modes. How to react fast if sleeping? - Debug and scan ports (JTAG). Can they be locked down? - Static power consumption - Free (good) or even open (better) tools - Package types Lattice Semi –--------––– iCE40 LP are the smallest devices with lowest power consumption available. As low as 21uA in static power. SRAM-based, but with on-chip non-volatile configuration memory. Can configure itself from boot. Have internal clocks (48 MHz, 32 kHz). http://www.latticesemi.com/Products/FPGAandCPLD/iCE40 Data sheet: http://www.latticesemi.com/view_document?document_id=49312 Example packages: - 16-ball CSP - 32-pin QFN Free tool - iCEcube2: http://www.latticesemi.com/Products/DesignSoftwareAndIP/FPGAandLDS/iCEcube2 Open tool, reverse engineered bitstream. Based on Yosys. Right now smallest device supported is iCE40-LP384-QN32. http://www.clifford.at/icestorm/ Eval board: http://www.latticesemi.com/icestick Actel (Microsemi) ----------------- IGLOO Nano. Down to 2uW in Flash Freeze mode. Embedded SRAM and NVM. Flash based. Security focused device. Configuration protected with AES-128. No internal clock. Data sheet: https://www.microsemi.com/document-portal/doc_download/130695-ds0110-igloo-nano-low-power-flash-fpgas-datasheet Example packages - 36-ball CSP - 48-pin QFN Free tool (Libero SoC): https://www.microsemi.com/products/fpga-soc/design-resources/design-software/libero-soc -- Med vänlig hälsning, Yours Joachim Strömbergson - Assured AB ======================================================================== ********** *FIN CONTENU CHIFFRÉ ou SIGNÉ* **********

[chan] Crypto-Anarchist Federation
Mar 13 22:46 [raw]

> The master key is stored in discrete registers or block RAM. The FPGA logic implements tamper detect and key destruction mechanisms etc. 1. Fragment every key into multiple parts with each variable chunk stored in random memory locations. 2. These random chunks are each encrypted with session keys. 3. The device on the other side of the serial cable never has access to this memory or the session key passwords. Profit!

[chan] Crypto-Anarchist Federation

Subject Last Count
Free Git Replacement Jun 24 07:53 19
AES sucks Jun 24 02:01 8
How to Legally Accept a Drug Package as Per Police and Prosecutors Jun 23 18:08 1
Reminder Jun 23 11:54 3
Mr. Burgess Jun 18 18:50 1
So-called "hacktivists" play an unwitting role in helping the NSA Jun 17 17:15 2
Самое педерастическое и лживое место в БМ это каналы серии "ru.politics", "ru.alt.politics", и "ru.alt-... .politics" под любым номером Jun 14 15:49 1
Самое педерастическое и лживое место в БМ это каналы серии ru.politics, ru.alt.politics, а также с любым номером в ru.alt-... .poli Jun 14 11:37 1
Самое педерастическое и лживое место в БМ это каналы ru.politics, ru.alt.politics, ru.alt-1.politics, ru.alt-2.politics, ru.alt-3.politics Jun 13 20:25 1
Самое педерастическое и лживое место в БМ это каналы: ru.politics, ru.alt.politics, ru.alt-1.politics Jun 13 19:09 1
Самое педерастическое и лживое место в БМ это каналы ru.politics и ru.alt.politics => The most fucking-gay and false place in BM is the channels ru.politic Jun 13 15:58 1
Самое педерастическое и лживое место в БМ это каналы ru.politics и ru.alt.politics Jun 13 11:52 1
FIDO Jun 9 16:02 1
fast encryption/decryption routine using group summing method Jun 9 10:59 1
NIST key management guidelines suggest that 15360-bit RSA keys are equivalent in strength to 256-bit symmetric keys… Jun 5 20:12 3
Paris Crypto-Anarchist Meetup #4 Jun 4 21:09 8
Spies win right to keep monitoring all traffic at world's biggest internet hub Jun 2 11:50 1
Searching for specific interactive virus encyclopedia Jun 1 14:48 1
TRUE LOVE May 31 21:49 4
PyBitmessage Security Scan on Branch v0.6 May 31 13:56 5
What is secure? May 31 11:55 1
REAL security experts endorse "security by obscurity" May 31 11:50 2
MEET ME ON THE DARK WEB May 31 07:11 1
persistence pays May 31 06:13 1
Anyone interested in some Sex in Germany? -DM May 29 05:07 5
A Message From Our Business to the Government May 29 03:36 1
hi May 28 20:16 2