[[PageOutline]]
\
[[Image(layer-cake.jpg)]]
\
\
- RPKI/DNSSEC Signing
- Transport VPNs
- Routers and TCP/AO
- Email
- Federations, Identity Systems, SSO etc
- Password Stretching & HMAC:ing
- PGP and SSH Keys on a Stick
- High Quality Entropy Randomness
- A Communications Terminal Doing One Thing Well, Like Jabber w/o X11
- HSM for Pond, OTR identity keys, ssh private keys, etc. (i.e. key gen, store, import/export non X.509 packages)
- Password management
[[Image(cryptech venn.png)]]
- Key Generation
- Key Storage
- Key Wrap
- Key Unwrap
- Hash
- Sign
- M of N Sign
- Verify Signature
- Encrypt
- Decrypt
- KDFs, e.g. Password Stretching (a la PBKDF2)
- Random (RO + noisy diode?)
We need to support key wrapping. Some pointers:
- https://en.wikipedia.org/wiki/Key_Wrap
- http://tools.ietf.org/html/rfc5297
- http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf
- https://tools.ietf.org/html/rfc3394
- https://tools.ietf.org/html/rfc5649
- Tamper Protection (wipe on signal, suggest detectors, suggest potting features)
- Side Channel Attack Reduction
As a proof of concept, to validate as much as possible the assurance of the tools and methods, and as a demonstration of the project tools, team, and architecture, we have a [wiki:RoughV1 proposed version 0.01 product] as a proof of concept and a demonstration of the project tools, team, and architecture
\
\
- Security Target Description
- Performance Target(s)
- Tool-Chain Investigation
- Prototype Design
- Testing / Assurance Methods for all Components
- Verilog/RTL assurance, with open source and with proprietary
- Prototyping Platform(s)
- Documentation, Decision History, & Transparency
\
\
- [wiki:SunetInitialDevelopment "SUNET is sponsoring the first two development steps"] currently being done.
- [wiki:TRNGDevelopment " Investigation and planning of a TRNG with entropy sources"]
- [wiki:EDAToolchainSurvey" Investigation of possible EDA tools and ways to do open and assured HW development"]
- [wiki:SideChannel" Collection about side-channel attacks and detection, mitigation methods"]
-
The Bunnie laptop Novena. Includes a Xilinx Spartan 6 LX45 FPGHA. The specs, drivers, source for Novena can be found here: http://www.kosagi.com/w/index.php?title=Novena_Main_Page
-
TerasIC C5G Cyclone 5 GX Starter Kit. Includes an Altera C5GX FPGA. This board is used for core, subsystem development and verification. Info, documentation and ordering of the TerasIC board can be found here: http://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=167&No=830
Here is a writeup on how to [wiki:CoretestHashesC5G "setup and run coretest_hashes on the C5G board"].
- TerasIC DE0-Nano board. This tiny, USB powered board is used for core development and verification. Info, documentation, resources, ordering of the TerasIC board can be found here: http://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=139&No=593
- Research
- Select
- [wiki:InterconnectStandards "On-chip Interconnect Standards"] to use.
- Overall Strategy
- Following the Tool-Chain
- Spec / ABI
- Development
- Documentationa and Testing
- DDC Compiler
- System Build
- Minimal Component Set
- Specification of v0.1 Goals and Feature Set
- Security Goals & Documentation Outline
- TRNG
- Assured Linux Platform - Initial Report
- Security Goals & Documentation Overall and v0.1
- RSA Signing on Bunnie Board
- Assured Linux Platform - Compiler
The v0.1 version of CrypTech is not the last version nor the only possible version. The project for example consider possible [wiki:ASICImplementations "ASIC Implementations"].