diff options
Diffstat (limited to 'markdown/OpenCryptoChip.md')
| -rw-r--r-- | markdown/OpenCryptoChip.md | 183 |
1 files changed, 183 insertions, 0 deletions
diff --git a/markdown/OpenCryptoChip.md b/markdown/OpenCryptoChip.md new file mode 100644 index 0000000..521d19c --- /dev/null +++ b/markdown/OpenCryptoChip.md @@ -0,0 +1,183 @@ +[[PageOutline]] + +# An Open Crypto Chip + +## The Layer Cake Architecture Picture +\\ +[[Image(layer-cake.jpg)]] + +\\ +\\ +## Use Cases + +* RPKI/DNSSEC Signing +* Transport VPNs +* Routers and TCP/AO +* Email +* Federations, Identity Systems, SSO etc +* Password Stretching & HMAC:ing +* PGP and SSH Keys on a Stick +* High Quality Entropy Randomness +* A Communications Terminal Doing One Thing Well, Like Jabber w/o X11 +* HSM for Pond, OTR identity keys, ssh private keys, etc. (i.e. key gen, store, import/export non X.509 packages) +* Password management + + +[[Image(cryptech venn.png)]] + +## Basic Functions of Crypto Chip + +* Key Generation +* Key Storage +* Key Wrap +* Key Unwrap +* Hash +* Sign +* M of N Sign +* Verify Signature +* Encrypt +* Decrypt +* KDFs, e.g. Password Stretching (a la PBKDF2) +* Random (RO + noisy diode?) + + +## Key wrapping +We need to support key wrapping. Some pointers: + + +- https://en.wikipedia.org/wiki/Key_Wrap +- http://tools.ietf.org/html/rfc5297 +- http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf +- https://tools.ietf.org/html/rfc3394 +- https://tools.ietf.org/html/rfc5649 + + + +## Things we Should Try To Do, Even if we Can't Do Them Perfectly + +* Tamper Protection (wipe on signal, suggest detectors, suggest potting features) +* Side Channel Attack Reduction + + + + +# Rough Cut at v0.01 Proof of Concept Feature Set +As a proof of concept, to validate as much as possible the assurance of the tools and methods, and as a demonstration of the project tools, team, and architecture, we have a [wiki:RoughV1 proposed version 0.01 product] as a proof of concept and a demonstration of the project tools, team, and architecture +\\ +\\ +# Ongoing Decisions and Research + +* Security Target Description +* Performance Target(s) +* Tool-Chain Investigation +* Prototype Design +* Testing / Assurance Methods for all Components +* Verilog/RTL assurance, with open source and with proprietary +* Prototyping Platform(s) +* Documentation, Decision History, & Transparency + +\\ +\\ + +# Ongoing Development + +* [wiki:SunetInitialDevelopment "SUNET is sponsoring the first two development steps"] currently being done. +* [wiki:TRNGDevelopment " Investigation and planning of a TRNG with entropy sources"] +* [wiki:EDAToolchainSurvey" Investigation of possible EDA tools and ways to do open and assured HW development"] +* [wiki:SideChannel" Collection about side-channel attacks and detection, mitigation methods"] + + +# v0.1 Major Sub-Projects + +## Security Goals and Documentation + +* Agreement +* Specification + + +## Development Platform + +* The Bunnie laptop Novena. Includes a Xilinx Spartan 6 LX45 FPGHA. The specs, drivers, source for Novena can be found here: http://www.kosagi.com/w/index.php?title=Novena_Main_Page + + + +* TerasIC C5G Cyclone 5 GX Starter Kit. Includes an Altera C5GX FPGA. This board is used for core, subsystem development and verification. Info, documentation and ordering of the TerasIC board can be found here: http://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=167&No=830 + + +Here is a writeup on how to [wiki:CoretestHashesC5G "setup and run coretest_hashes on the C5G board"]. + + +* TerasIC DE0-Nano board. This tiny, USB powered board is used for core development and verification. Info, documentation, resources, ordering of the TerasIC board can be found here: http://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=139&No=593 + + + +## Hardware Development Tools + + +## Component Libraries + +* Research +* Select +* [wiki:InterconnectStandards "On-chip Interconnect Standards"] to use. + + +## Methods and Validation + +* Overall Strategy +* Following the Tool-Chain + + +## Detailed Specification + +* Feature Set + + +## QA & Documentation + +## Green/Yellow Software Support + +* Spec / ABI +* Development +* Documentationa and Testing + + +## Assured Linux Platform + +* DDC Compiler +* System Build +* Minimal Component Set + + +# v0.1 Project Timeline + +## February 2014 + +* Specification of v0.1 Goals and Feature Set +* Security Goals & Documentation Outline + + +## July 2014 + +* SHA & AES + + +## September 2014 + +* TRNG +* Assured Linux Platform - Initial Report + + +## November 2014 + +* Security Goals & Documentation Overall and v0.1 +* RSA Signing on Bunnie Board +* Assured Linux Platform - Compiler + + +## March 2015 + +* v0.1 Protoype + + +# Future Development +The v0.1 version of CrypTech is not the last version nor the only possible version. The project for example consider possible [wiki:ASICImplementations "ASIC Implementations"]. |