diff options
Diffstat (limited to 'pelican/content/OpenCryptoChip.md')
| -rw-r--r-- | pelican/content/OpenCryptoChip.md | 187 |
1 files changed, 0 insertions, 187 deletions
diff --git a/pelican/content/OpenCryptoChip.md b/pelican/content/OpenCryptoChip.md deleted file mode 100644 index 78a0bcf..0000000 --- a/pelican/content/OpenCryptoChip.md +++ /dev/null @@ -1,187 +0,0 @@ -Title: OpenCryptoChip -Author: trac -Date: 2016-12-15 22:44 - - - -# An Open Crypto Chip - -## The Layer Cake Architecture Picture -<br/> - - -<br/> -<br/> -## Use Cases - -* RPKI/DNSSEC Signing -* Transport VPNs -* Routers and TCP/AO -* Email -* Federations, Identity Systems, SSO etc -* Password Stretching & HMAC:ing -* PGP and SSH Keys on a Stick -* High Quality Entropy Randomness -* A Communications Terminal Doing One Thing Well, Like Jabber w/o X11 -* HSM for Pond, OTR identity keys, ssh private keys, etc. (i.e. key gen, store, import/export non X.509 packages) -* Password management - - - - -## Basic Functions of Crypto Chip - -* Key Generation -* Key Storage -* Key Wrap -* Key Unwrap -* Hash -* Sign -* M of N Sign -* Verify Signature -* Encrypt -* Decrypt -* KDFs, e.g. Password Stretching (a la PBKDF2) -* Random (RO + noisy diode?) - - -## Key wrapping -We need to support key wrapping. Some pointers: - - -- https://en.wikipedia.org/wiki/Key_Wrap -- http://tools.ietf.org/html/rfc5297 -- http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf -- https://tools.ietf.org/html/rfc3394 -- https://tools.ietf.org/html/rfc5649 - - - -## Things we Should Try To Do, Even if we Can't Do Them Perfectly - -* Tamper Protection (wipe on signal, suggest detectors, suggest potting features) -* Side Channel Attack Reduction - - - - -# Rough Cut at v0.01 Proof of Concept Feature Set -As a proof of concept, to validate as much as possible the assurance of the tools and methods, and as a demonstration of the project tools, team, and architecture, we have a [proposed version 0.01 product]({filename}RoughV1.md) as a proof of concept and a demonstration of the project tools, team, and architecture -<br/> -<br/> -# Ongoing Decisions and Research - -* Security Target Description -* Performance Target(s) -* Tool-Chain Investigation -* Prototype Design -* Testing / Assurance Methods for all Components -* Verilog/RTL assurance, with open source and with proprietary -* Prototyping Platform(s) -* Documentation, Decision History, & Transparency - -<br/> -<br/> - -# Ongoing Development - -* [SUNET is sponsoring the first two development steps]({filename}SunetInitialDevelopment.md) currently being done. -* [ Investigation and planning of a TRNG with entropy sources]({filename}TRNGDevelopment.md) -* [Investigation of possible EDA tools and ways to do open and assured HW development"]({filename}EDAToolchainSurvey.md) -* [Collection about side-channel attacks and detection, mitigation methods]({filename}SideChannel.md) - - -# v0.1 Major Sub-Projects - -## Security Goals and Documentation - -* Agreement -* Specification - - -## Development Platform - -* The Bunnie laptop Novena. Includes a Xilinx Spartan 6 LX45 FPGHA. The specs, drivers, source for Novena can be found here: http://www.kosagi.com/w/index.php?title=Novena_Main_Page - - - -* TerasIC C5G Cyclone 5 GX Starter Kit. Includes an Altera C5GX FPGA. This board is used for core, subsystem development and verification. Info, documentation and ordering of the TerasIC board can be found here: http://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=167&No=830 - - -Here is a writeup on how to [setup and run coretest_hashes on the C5G board]({filename}CoretestHashesC5G.md). - - -* TerasIC DE0-Nano board. This tiny, USB powered board is used for core development and verification. Info, documentation, resources, ordering of the TerasIC board can be found here: http://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=139&No=593 - - - -## Hardware Development Tools - - -## Component Libraries - -* Research -* Select -* [On-chip Interconnect Standards]({filename}InterconnectStandards.md) to use. - - -## Methods and Validation - -* Overall Strategy -* Following the Tool-Chain - - -## Detailed Specification - -* Feature Set - - -## QA & Documentation - -## Green/Yellow Software Support - -* Spec / ABI -* Development -* Documentationa and Testing - - -## Assured Linux Platform - -* DDC Compiler -* System Build -* Minimal Component Set - - -# v0.1 Project Timeline - -## February 2014 - -* Specification of v0.1 Goals and Feature Set -* Security Goals & Documentation Outline - - -## July 2014 - -* SHA & AES - - -## September 2014 - -* TRNG -* Assured Linux Platform - Initial Report - - -## November 2014 - -* Security Goals & Documentation Overall and v0.1 -* RSA Signing on Bunnie Board -* Assured Linux Platform - Compiler - - -## March 2015 - -* v0.1 Protoype - - -# Future Development -The v0.1 version of CrypTech is not the last version nor the only possible version. The project for example consider possible [ASIC Implementations]({filename}ASICImplementations.md). |