aboutsummaryrefslogtreecommitdiff
path: root/raw-wiki-dump/Joachim%20Str%C3%B6mbergson
diff options
context:
space:
mode:
Diffstat (limited to 'raw-wiki-dump/Joachim%20Str%C3%B6mbergson')
-rw-r--r--raw-wiki-dump/Joachim%20Str%C3%B6mbergson253
1 files changed, 253 insertions, 0 deletions
diff --git a/raw-wiki-dump/Joachim%20Str%C3%B6mbergson b/raw-wiki-dump/Joachim%20Str%C3%B6mbergson
new file mode 100644
index 0000000..151b814
--- /dev/null
+++ b/raw-wiki-dump/Joachim%20Str%C3%B6mbergson
@@ -0,0 +1,253 @@
+= Joachim Strömbergson =
+== Bio ==
+
+
+== Current activities ==
+* Developing coretest - a core testing framework for FPGAs.
+* Implementation of UART
+* Verification of SHA-256
+* Verification of SHA-1
+* Implementation of AES-128
+* Design proposal for TRNG
+* Design proposal for Curve25519 accelerator
+
+
+== Work Notes ==
+=== Presentations from meeting 2014-03-10 (updated and extended):
+* [browser:/doc/presentations/Cryptech_HW_status_2014-03-10.pdf "Cryptech HW status 2014-03-10"]
+* [browser:/doc/presentations/Cryptech_TRNG_Ideas_2014-03-17.pdf "Cryptech TRNG Ideas 2014-03-17"]
+
+=== Open EDA Tools ===
+* http://torc-isi.sourceforge.net/index.php - Torc is an open-source C++ infrastructure and tool set for reconfigurable computing
+
+
+=== Curve25519 ===
+We need to create an accelerator or possibly a complete implementation of the Curve25519 EC based DH-excgange. We should be able to look at some previous work:
+
+* http://eprint.iacr.org/2013/375 - NaCl on 8-Bit AVR Microcontrollers. Includes an iterative implementation of Curve25519
+* http://cryptojedi.org/crypto/index.shtml - The code to the implementation
+* http://nacl.cr.yp.to/ - The main NaCl library by DJB.
+* http://cr.yp.to/ecdh/curve25519-20060209.pdf - The Curve25519 paper by DJB.
+
+
+== Pre meeting notes ==
+
+=== Stockholm 2013-12-05 - 2012-12-06 ===
+Preparation notes for the OpenHSM meeting 2013-12-05 --
+2013-12-06. The notes contains topics, questions and ideas
+I want to bring up, check and discuss on the meeting.
+
+Philosophy
+----------
+- How to build trust in the project?
+ - Total openess and transparency
+ - Traceability of decisions
+ - Focus on simple third party validation
+ - Partitioning of security functions
+
+
+Project goal
+------------
+- Low cost vs high performance
+
+- Scalability
+ - Functionality
+ - Performance
+ - Security
+
+- Target system
+ - Performance
+
+ - Self contained, external
+ - USB,
+ - Ethernet
+
+ - Integrated
+ - PCIe
+ - Mem module
+ - SD card
+
+- Target users
+ - Single user
+ - Enterprise
+
+- Roadmap and development plan
+ - Prototyp - första målplattform
+ - Establish first Use cases
+
+- Deliveries
+ - Proof of concept, prototype
+ - Self assembly and/or finished product
+ - Source code for SW, HW
+ - PCB
+ - Enclosures
+ - Development environment
+ - Test, validation environment
+ - Tool development
+
+ - Time plan
+ - Start when
+ - Proto when
+ - v 1.0 when
+
+
+
+Project management
+------------------
+- Status financing
+
+- Ownership
+
+- Oveerseeing board
+ - IETF, ISOC,... ?
+
+- Advisory board
+ - Reviewers, external experts
+ - FPGA key extract dude
+ - DJB
+
+- Team
+ - Addtiona competency needed?
+
+- Project security
+ - Communication
+ - ...
+
+
+Development general
+-------------------
+- License(s)
+ - GPLv2, v3
+ - BSD
+
+- Methodology
+ - Agile
+ - Minimal functionality in PoC
+ - Clear increments
+
+- Repository
+ - Github
+
+
+Technology
+----------
+- Target technologies
+ - FPGA (+ internal, external CPUs)
+ - ASIC
+ - Pure CPU based
+
+- Target PoC board
+ - Select one early
+
+- Toolchains and languages
+ - SW
+ - HW
+ - Verilog 2001, 2005, SystemVerilog
+ - Icarus, gplcver
+ - Vendor specific
+ - Validation of bitstream
+ - Edge of trust, dowm the Rabbit hole
+
+- Security support in design
+ - JTAG
+ - BIST for functionality
+ - BIST for security
+ - KATS
+
+ - On-line self check
+ - RNG
+ - Pathological problems
+ - Stuck at fixed values
+ - variance
+ - bias
+
+- Reuse of existing design, code?
+ - Cores - OpenCores
+ - OpenRISC
+ - AES, SHA, RSA
+ - SoftHSM - DNSSEC PKCS#11
+ - Nettle
+ - ...
+
+- On chip 32-bit or 64 bit CPU core
+ - OpenRISC
+ - LGPL
+ - http://openrisc.net/
+ - http://opencores.org/or1k/Main_Page
+ - https://en.wikipedia.org/wiki/OpenRISC
+
+- RNG
+ - More than one entropy source
+ - Just external sources
+ - User/vendor/implemented supplied
+ - One external, one internal
+ - YubiHSM entropy source: https://www.yubico.com/products/yubihsm/
+ - Haveged: http://www.issihosts.com/haveged/
+ - DakaRand: http://dankaminsky.com/2012/08/15/dakarand/
+ - Jytter a userspace RNG: http://www.chronox.de/
+ - CPU Jitter RNG: http://www.chronox.de/
+ - CSPRNG based on Linux, OpenBSD, Fortuna, NIST etc.
+ - NIST SP 800-90. CTR_DRBG
+ - Fortuna https://en.wikipedia.org/wiki/Fortuna_PRNG
+ - Schneier, Ferguson. No estimator needed.
+ - OpenBSD arc4random: http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3
+ - Raw read access in test mode to collected entropy pre whitening
+ - Write access in test mode to CSPRNG
+ - No key generation etc allowed during test mode.
+
+
+Technical requirements
+----------------------
+- Functional requirements
+ - TLS 1.x
+ - Need roadmap for functions
+ - AES, SHA-256, DH, RSA first iteration
+ - Why GOST?
+ - Why MD5?
+ - Curves supported?
+ - Curve25519
+ - NIST, IEEE, RFC 4xxx
+
+- HW/SW partitioning
+ - Modularity
+
+- API
+ - DMA, buffering, formats
+ - PKCS#11
+ - Observability and control
+
+- Security requirements
+ - Common Criteria - EAL
+ - FIPS 140-2 level 3-4
+
+- Performance
+ - Operations/s
+ - Packets per second
+ - Latency
+
+
+Validaiton
+----------
+- Methodology
+ - Unit tests, KATs
+
+- Documentation
+ - What to document
+ - How
+
+- Reviews
+ - Plan for them
+ - Who to ask
+
+- Tools
+ - Valgrind, Purify, linters
+
+
+Documentation
+-------------
+- Meetings
+ - Discussions, MoMs
+ - Decisiona - motivation
+
+ - Design
+ - Test and validation