diff options
Diffstat (limited to 'content/Joachim Strömbergson.md')
| -rw-r--r-- | content/Joachim Strömbergson.md | 340 |
1 files changed, 340 insertions, 0 deletions
diff --git a/content/Joachim Strömbergson.md b/content/Joachim Strömbergson.md new file mode 100644 index 0000000..5a74548 --- /dev/null +++ b/content/Joachim Strömbergson.md @@ -0,0 +1,340 @@ +Title: Joachim Strömbergson +Author: trac +Date: 2016-12-15 22:54 + +# Joachim Strömbergson +## Bio + + +## Current activities + +* Developing coretest - a core testing framework for FPGAs. +* Implementation of UART +* Verification of SHA-256 +* Verification of SHA-1 +* Implementation of AES-128 +* Design proposal for TRNG +* Design proposal for Curve25519 accelerator + + + +## Work Notes +### Presentations from meeting 2014-03-10 (updated and extended): + +* [Cryptech HW status 2014-03-10](https://git.cryptech.is/doc/presentations/tree/Cryptech_HW_status_2014-03-10.pdf) +* [Cryptech TRNG Ideas 2014-03-17](https://git.cryptech.is/doc/presentations/tree/Cryptech_TRNG_Ideas_2014-03-17.pdf) + + +### Open EDA Tools + +* http://torc-isi.sourceforge.net/index.php - Torc is an open-source C++ infrastructure and tool set for reconfigurable computing + + + +### Curve25519 +We need to create an accelerator or possibly a complete implementation of the Curve25519 EC based DH-excgange. We should be able to look at some previous work: + + +* http://eprint.iacr.org/2013/375 - NaCl on 8-Bit AVR Microcontrollers. Includes an iterative implementation of Curve25519 +* http://cryptojedi.org/crypto/index.shtml - The code to the implementation +* http://nacl.cr.yp.to/ - The main NaCl library by DJB. +* http://cr.yp.to/ecdh/curve25519-20060209.pdf - The Curve25519 paper by DJB. + + + +## Pre meeting notes + +### Stockholm 2013-12-05 - 2012-12-06 +Preparation notes for the OpenHSM meeting 2013-12-05 -- +2013-12-06. The notes contains topics, questions and ideas +I want to bring up, check and discuss on the meeting. + +Philosophy +---------- + +- How to build trust in the project? + - Total openess and transparency + - Traceability of decisions + - Focus on simple third party validation + - Partitioning of security functions + + + +Project goal +------------ + +- Low cost vs high performance + + + +- Scalability + - Functionality + - Performance + - Security + + + +- Target system + - Performance + + + +- Self contained, external + - USB, + - Ethernet + + + +- Integrated + - PCIe + - Mem module + - SD card + + + +- Target users + - Single user + - Enterprise + + + +- Roadmap and development plan + - Prototyp - första målplattform + - Establish first Use cases + + + +- Deliveries + - Proof of concept, prototype + - Self assembly and/or finished product + - Source code for SW, HW + - PCB + - Enclosures + - Development environment + - Test, validation environment + - Tool development + + + +- Time plan + - Start when + - Proto when + - v 1.0 when + + + + +Project management +------------------ + +- Status financing + + + +- Ownership + + + +- Oveerseeing board + - IETF, ISOC,... ? + + + +- Advisory board + - Reviewers, external experts + - FPGA key extract dude + - DJB + + + +- Team + - Addtiona competency needed? + + + +- Project security + - Communication + - ... + + + +Development general +------------------- + +- License(s) + - GPLv2, v3 + - BSD + + + +- Methodology + - Agile + - Minimal functionality in PoC + - Clear increments + + + +- Repository + - Github + + + +Technology +---------- + +- Target technologies + - FPGA (+ internal, external CPUs) + - ASIC + - Pure CPU based + + + +- Target PoC board + - Select one early + + + +- Toolchains and languages + - SW + - HW + - Verilog 2001, 2005, SystemVerilog + - Icarus, gplcver + - Vendor specific + - Validation of bitstream + - Edge of trust, dowm the Rabbit hole + + + +- Security support in design + - JTAG + - BIST for functionality + - BIST for security + - KATS + + + +- On-line self check + - RNG + - Pathological problems + - Stuck at fixed values + - variance + - bias + + + +- Reuse of existing design, code? + - Cores - OpenCores + - OpenRISC + - AES, SHA, RSA + - SoftHSM - DNSSEC PKCS#11 + - Nettle + - ... + + + +- On chip 32-bit or 64 bit CPU core + - OpenRISC + - LGPL + - http://openrisc.net/ + - http://opencores.org/or1k/Main_Page + - https://en.wikipedia.org/wiki/OpenRISC + + + +- RNG + - More than one entropy source + - Just external sources + - User/vendor/implemented supplied + - One external, one internal + - YubiHSM entropy source: https://www.yubico.com/products/yubihsm/ + - Haveged: http://www.issihosts.com/haveged/ + - DakaRand: http://dankaminsky.com/2012/08/15/dakarand/ + - Jytter a userspace RNG: http://www.chronox.de/ + - CPU Jitter RNG: http://www.chronox.de/ + - CSPRNG based on Linux, OpenBSD, Fortuna, NIST etc. + - NIST SP 800-90. CTR_DRBG + - Fortuna https://en.wikipedia.org/wiki/Fortuna_PRNG + - Schneier, Ferguson. No estimator needed. + - OpenBSD arc4random: http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3 + - Raw read access in test mode to collected entropy pre whitening + - Write access in test mode to CSPRNG + - No key generation etc allowed during test mode. + + + +Technical requirements +---------------------- + +- Functional requirements + - TLS 1.x + - Need roadmap for functions + - AES, SHA-256, DH, RSA first iteration + - Why GOST? + - Why MD5? + - Curves supported? + - Curve25519 + - NIST, IEEE, RFC 4xxx + + + +- HW/SW partitioning + - Modularity + + + +- API + - DMA, buffering, formats + - PKCS#11 + - Observability and control + + + +- Security requirements + - Common Criteria - EAL + - FIPS 140-2 level 3-4 + + + +- Performance + - Operations/s + - Packets per second + - Latency + + + +Validaiton +---------- + +- Methodology + - Unit tests, KATs + + + +- Documentation + - What to document + - How + + + +- Reviews + - Plan for them + - Who to ask + + + +- Tools + - Valgrind, Purify, linters + + + +Documentation +------------- + +- Meetings + - Discussions, MoMs + - Decisiona - motivation + + + +- Design +- Test and validation |