Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

[Ben Laurie]

On 14 April 2016 at 00:16, Jerry Leichter  wrote:
>>> Yes, make it significantly smaller than the current form factor.
>>
>> Ah.  OK, well, that is certainly doable, though how small you can make it is 
>> ultimately limited by the size of the display.  How small do you want it, 
>> and how much are you willing to pay?
> I wonder if one could get rid of the display per se and add some kind of MEMS 
> steerable laser to it.  The output would be projected onto some nearby 
> surface.  This could be physically much smaller.
>
> People have built "virtual keyboards" using this idea- here's a random one:  
> http://www.amazon.com/AGS-Wireless-Projection-Bluetooth-Smartphone/dp/B00MR26TUO/ref=sr_1_1?ie=UTF8=1460589277=8-1=laser+projector+keyboard

Oh no they haven't - that's simply projecting a static image, its not steerable.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

[Ron Garret]

On Apr 14, 2016, at 2:36 AM, stef  wrote:

> On Tue, Apr 12, 2016 at 08:12:52PM -0700, Tony Arcieri wrote:
>> On Tue, Apr 12, 2016 at 7:26 PM, Ron Garret  wrote:
>> Well, that's true, but it's also hundreds of times bigger than a token in
>> the Yubikey "nano" form factor, which is actually convenient to keep
>> permanently in the USB slot of a laptop. Your physical design seems pretty
>> unwieldy for laptops (see also Yubico's keychain designs).
>> 
>> Yubikey "nano" factor tokens like the NEO-n have also supported more
>> general purposes than a U2F token (e.g. CCID interface, OpenPGP applets,
>> see also PIV)
>> 
>> I swear I'm not a paid shill for Yubico, but I'm a fan of small
>> display-free hardware tokens. While a token like what you've built might
>> provide Maximum Security under pessimistic threat models, its large size
>> makes it look rather inconvenient to me.
> 
> coincidentally i'm hacking on a similar device for quite some time. and while
> one of my design goals was to have my keys always on me, even in the sauna.

As long as you don’t actually want to *use* it in the sauna you could take the 
SC4-HSM with you, but you’d probably want to put it in a ziploc bag.

> there's another hard requirement, which is kinda conflicting with having a
> device so small to always keep it in the usb plugged. this requirement is to
> have the unlocking of the key material depend only on the usb device not on
> the usb host.

If you were to implement a pass phrase to lock the SC4-HSM (the current 
firmware doesn’t support this but it’s easy to add this feature), that pass 
phrase would not depend on the host.  You’d use it (via a KDF) to 
encrypt/decrypt the secret keys stored on the device.

> if i have to enter my password to unlock the keys on the pc, any
> finfisher/hackingteam malware can duplicate my password and use it itself.

That’s true.  But your attacker would *also* need to get *physical* access for 
the password to do them any good.

Also, if you were being super-duper paranoid, you could always dedicate a host 
device for this purpose and keep it air-gapped.

> so the i need some kind of passphrase entry on the device. and with this
> requirement the UX actually favors bigger designs, with displays.

The display is actually not the limiting factor on size as much as the input 
device is.  I don’t know of any way to add a high-bit-width input device to a 
device this size.  The SC4-HSM has two push-buttons, and if you really wanted 
to you *could* use those to enter a PIN of some kind, but it would be a UI/UX 
nightmare so I wouldn’t advocate it.

> i also understand that a small device in a usb slot is nice, but it also
> encourages continuous contact between the keystore and an untrusted device. i
> rather unplug my keystore when it's not needed.

I’m not sure I understand this.  It’s easy to unplug any USB device when it’s 
not in use.  What would be the alternative?

> as a shameless plug, my designs are already in production, and will available
> in small quantities this summer.

Cool!  What is it called?  How can I get one?

rg

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

[stef]

On Tue, Apr 12, 2016 at 08:12:52PM -0700, Tony Arcieri wrote:
> On Tue, Apr 12, 2016 at 7:26 PM, Ron Garret  wrote:
> Well, that's true, but it's also hundreds of times bigger than a token in
> the Yubikey "nano" form factor, which is actually convenient to keep
> permanently in the USB slot of a laptop. Your physical design seems pretty
> unwieldy for laptops (see also Yubico's keychain designs).
> 
> Yubikey "nano" factor tokens like the NEO-n have also supported more
> general purposes than a U2F token (e.g. CCID interface, OpenPGP applets,
> see also PIV)
> 
> I swear I'm not a paid shill for Yubico, but I'm a fan of small
> display-free hardware tokens. While a token like what you've built might
> provide Maximum Security under pessimistic threat models, its large size
> makes it look rather inconvenient to me.

coincidentally i'm hacking on a similar device for quite some time. and while
one of my design goals was to have my keys always on me, even in the sauna.
there's another hard requirement, which is kinda conflicting with having a
device so small to always keep it in the usb plugged. this requirement is to
have the unlocking of the key material depend only on the usb device not on
the usb host. if i have to enter my password to unlock the keys on the pc, any
finfisher/hackingteam malware can duplicate my password and use it itself. so
the i need some kind of passphrase entry on the device. and with this
requirement the UX actually favors bigger designs, with displays. my two
approaches are 1/ using chording a la guitar hero, you learn your passphrase
using muscle memory and play the hex digits of it on 4 buttons. this device is
about 3x7cm big. 2/ i have the board in the exact format of a nokia 3310, and
can switch the original board with my and use the nokias display and keyboard
with 16 keys for entry of passphrases. however latter design is not suitable
for saunas. the smaller design however could be enclosed like this:
http://cryptomuseum.com/crypto/philips/aroflex2/img/301412/005/full.jpg
http://cryptomuseum.com/crypto/philips/aroflex2/img/301411/003/full.jpg
http://cryptomuseum.com/crypto/philips/aroflex2/img/301412/000/full.jpg
http://cryptomuseum.com/crypto/philips/aroflex2/img/301412/009/full.jpg

i also understand that a small device in a usb slot is nice, but it also
encourages continuous contact between the keystore and an untrusted device. i
rather unplug my keystore when it's not needed.

as a shameless plug, my designs are already in production, and will available
in small quantities this summer.

-- 
otr fp: https://www.ctrlc.hu/~stef/otr.txt
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

[Ron Garret]

On Apr 13, 2016, at 4:16 PM, Jerry Leichter  wrote:

>>> Yes, make it significantly smaller than the current form factor.
>> 
>> Ah.  OK, well, that is certainly doable, though how small you can make it is 
>> ultimately limited by the size of the display.  How small do you want it, 
>> and how much are you willing to pay?
> I wonder if one could get rid of the display per se and add some kind of MEMS 
> steerable laser to it.  The output would be projected onto some nearby 
> surface.  This could be physically much smaller.

Hm, that is an interesting idea.  But I think it’s a little more than I want to 
bite off for version 1.

> In another message, you suggested using a passphrase to unlock the thing, so 
> even decapping wouldn't reveal the secrets.  That requires a secure input 
> device.

Only if you have an adversary that pwns your client machine *and* then obtains 
physical control of the device.  For either of these attacks in isolation, a 
non-secure input suffices.

> Going all the way to a virtual keyboard might do the trick.  The keyboard 
> doesn't have to be very good, just functional for this one purpose.
> 
> Of course, this would add significantly to cost, though the one I listed 
> above only costs $40.   What size you could end up with isn't clear.

I’m not trying to protect against every conceivable attack, I’m just trying to 
design an 80/20 solution (actually I think what I have is closer to a 99/1 
solution, but it’s early yet).  One must always keep Munroe’s law in mind:

https://xkcd.com/538/

rg

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

[Ron Garret]

On Apr 13, 2016, at 2:22 PM, Bill Frantz  wrote:

> On 4/13/16 at 10:14 AM, r...@flownet.com (Ron Garret) wrote:
> 
>> Here’s a photo of an earlier version of the HSM using a seven-segment 
>> display instead of the current 128x32 pixel OLED, next to the current 
>> version for size comparison:
> 
> I normally carry a USB flash drive in my pocket. With the connector 
> retracted, it is a bit less than 3 US nickels (2.25 inches, 58mm) long. I 
> would have no problem with either of the pictured devices.

The prototype SC4-HSM case is 57x21x9 mm.  The USB connector extends out 14mm 
beyond the edge of the case.  It’s bigger than some portable USB devices, 
smaller than others.  It’s almost exactly the same size as e.g. the MobileMate 
SD+ card reader:

http://www.amazon.com/Sandisk-Mobilemate-Plus-Memory-Reader/dp/B002PX99D4/ref=pd_sim_147_5

The case is 3-D printed plastic so a production version could probably shave a 
couple of mm off of that.  There is also quite a bit of extra length on the 
board to support the debug connector that will be be taken of in the final 
design.

I abandoned the smaller design because the seven-segment display turned out to 
be inadequate for security.  4x7 segments gives you 28 bits of output at most 
(and realistically only 16 bits under non-geek UI constraints), and that’s not 
enough.

rg

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

[Tony Arcieri]

On Wed, Apr 13, 2016 at 10:14 AM, Ron Garret  wrote:

> Is that small enough for you?
>

Yes, that's significantly better. Sorry if I was overly negative before.

-- 
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

[Ron Garret]

On Apr 13, 2016, at 8:27 AM, John Ioannidis  wrote:

> On Tue, Apr 12, 2016 at 11:28 AM, Ron Garret  wrote:
>> One of the biggest challenges in crypto is protecting your keys against an 
>> attacker who pwns your machine.  The fundamental problem is that such an 
>> attacker can do anything you can do, including access hardware tokens that 
>> are connected to the machine.  Some hardware tokens have an input device 
>> built in (usually a push button, sometimes a fingerprint sensor) which needs 
>> to be activated before the token will operate, but these are still subject 
>> to phishing attacks.  In order to really be secure, a hardware token must 
>> have not just an input device, but a display as well so that information 
>> about the operation being authorized can be shown to the user in a way that 
>> is guaranteed to be out of the control of an attacker who pwns the host 
>> machine.
>> 
> 
> You are addressing crypto professionals here. Don't you think we
> already know this?

I didn’t want to assume that *everyone* on this list was a professional 
cryptographer.  And it certainly does not appear to be common knowledge that a 
USB token needs to have built-in I/O in order to be secure against ownership of 
the client device.  In fact, it seems to be a rather controversial claim.  But 
if you thought my original post was inappropriate I apologize.

>> I did a market survey and could not find a device that met these 
>> requirements.  The closest thing I could find was the Trezor bitcoin wallet, 
>> but at $99 it seemed a bit pricey so I decided to roll my own.  The result 
>> is the SC4-HSM, a USB dongle with an STM32F405 processor (32-bit ARM cortex 
>> M4 with a built-in hardware RNG, 1MB flash, 192k RAM) and a 128-32 pixel 
>> monochrome Adafruit display.  It also has two user pushbuttons and two LEDs 
>> (though I’m going to be changing that to a single tri-color LED).  It 
>> currently runs TweetNaCl, but there’s a lot of headroom for more complex 
>> crypto.  It’s also possible to swap the F405 for an F415, which has built-in 
>> crypto operations (AES, 3DES, various SHA hashes).  Both processors have 
>> hardware support for freezing a firmware load so that it cannot be 
>> overwritten, and so the contents of the flash cannot be read out even with 
>> physical access to the device.  The target market for these chips is medical 
>> devices and process controllers, and one of the requirements is to keep the 
>> firmware out of the hands of Chinese industrial espionage agents.
>> 
> 
> If the secret you are protecting is valuable enough, there are lots of
> ways to uncover it. Read up about decapping chips with nitric acid,
> micromanipulators, and other such fun stuff. If you want to get a bit
> fancier, read up on FIBs. If your secret is worth more than $100, you
> should really spend at least that much protecting it.

You can make the SC4-HSM secure against decapping by encrypting the keys with a 
pass-phrase.

> The part about freezing the firmware is valid, but even then, you have
> to balance that against the need to do firmware upgrades for when bugs
> are discovered.

In that case you’d need to obtain a new HSM.  But the SC4-HSM is ridiculously 
cheap, only about $20 in parts in single quantities, so replacing it is a 
viable solution.

> The most valuable part of medical devices is not the code. It's the
> process of getting them approved for medical use.

That may well be, but I don’t understand why you think it’s relevant.  
Preventing firmware from being copied is a feature of sufficient value that 
hardware manufacturers are building it into their chips, and that’s all that 
matters for this application.

> 
>> Photos of the prototype are attached.  I’m about to do a small production 
>> run (O(10) units) which will cost about $50 each.  If anyone here is 
>> interested in obtaining one of these please contact me privately.
>> 
>> I’m also actively recruiting a consultant to help with firmware development 
>> and auditing.
> 
> You just got some free consulting. Here is some more: do not hire
> anyone who would not bring these points up right away.

Thank you for your feedback.

rg

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

[Tony Arcieri]

On Wed, Apr 13, 2016 at 9:40 AM, Ron Garret  wrote:

> Tony: I really don’t mind negative feedback when it’s constructive.  In
> fact, I very much appreciate it.  But I’m really having a hard time
> discerning a constructive purpose in your critique.  What exactly do you
> think that I should be doing differently?  Change the design?
>

Yes, make it significantly smaller than the current form factor.

-- 
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

[Ron Garret]

On Apr 13, 2016, at 8:56 AM, Tony Arcieri  wrote:

> On Wed, Apr 13, 2016 at 2:06 AM, Thierry Moreau 
>  wrote:
> Who wants to be optimistic with respect to threat models in the current IT 
> landscape?
> 
> I prefer to be realistic about threats, especially when UX tradeoffs are 
> involved 

Everyone needs to choose their own risk posture, and different applications 
have different needs.  There are certainly people out there for whom Yubikeys 
are adequate, and for whom the SC4-HSM won’t make sense.  But I believe that 
there are applications and not-entirely-unreasonable risk postures for which a 
Yubikey might not be adequate.  If nothing else, having a programmable USB 
dongle with a display makes kind of a cool toy to noodle around with.

Tony: I really don’t mind negative feedback when it’s constructive.  In fact, I 
very much appreciate it.  But I’m really having a hard time discerning a 
constructive purpose in your critique.  What exactly do you think that I should 
be doing differently?  Change the design?  Give up and join you in being an 
evangelist for Yubikeys?  Something else?  I really don’t get it.

rg

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

[Tony Arcieri]

On Wed, Apr 13, 2016 at 2:06 AM, Thierry Moreau <
thierry.mor...@connotech.com> wrote:

> Who wants to be optimistic with respect to threat models in the current IT
> landscape?


I prefer to be realistic about threats, especially when UX tradeoffs are
involved

-- 
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

[Thierry Moreau]

On 13/04/16 03:12 AM, Tony Arcieri wrote:

On Tue, Apr 12, 2016 at 7:26 PM, Ron Garret > wrote:

This HSM is much more general-purpose than a U2F token.


Well, that's true, but it's also hundreds of times bigger than a token
in the Yubikey "nano" form factor, which is actually convenient to keep
permanently in the USB slot of a laptop. Your physical design seems
pretty unwieldy for laptops (see also Yubico's keychain designs).

Yubikey "nano" factor tokens like the NEO-n have also supported more
general purposes than a U2F token (e.g. CCID interface, OpenPGP applets,
see also PIV)

I swear I'm not a paid shill for Yubico, but I'm a fan of small
display-free hardware tokens. While a token like what you've built might
provide Maximum Security under pessimistic threat models, its large size

 =

Who wants to be optimistic with respect to threat models in the current 
IT landscape?


Do you?

(I much liked what I glimpsed from the original post.)

- Thierry Moreau


makes it look rather inconvenient to me.

--
Tony Arcieri


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography



___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

[Tony Arcieri]

On Tue, Apr 12, 2016 at 7:26 PM, Ron Garret  wrote:

> This HSM is much more general-purpose than a U2F token.
>

Well, that's true, but it's also hundreds of times bigger than a token in
the Yubikey "nano" form factor, which is actually convenient to keep
permanently in the USB slot of a laptop. Your physical design seems pretty
unwieldy for laptops (see also Yubico's keychain designs).

Yubikey "nano" factor tokens like the NEO-n have also supported more
general purposes than a U2F token (e.g. CCID interface, OpenPGP applets,
see also PIV)

I swear I'm not a paid shill for Yubico, but I'm a fan of small
display-free hardware tokens. While a token like what you've built might
provide Maximum Security under pessimistic threat models, its large size
makes it look rather inconvenient to me.

-- 
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

[Ron Garret]

On Apr 12, 2016, at 5:39 PM, Tony Arcieri  wrote:

> On Tue, Apr 12, 2016 at 8:28 AM, Ron Garret  wrote:
> Some hardware tokens have an input device built in (usually a push button, 
> sometimes a fingerprint sensor) which needs to be activated before the token 
> will operate, but these are still subject to phishing attacks
> 
> Not to rain on your parade, but if you're talking about authentication 
> contexts, U2F solves the phishability problem by deriving domain-separated 
> keys per origin, so it's not possible for an attacker to leverage it for 
> phishing purposes.

This HSM is much more general-purpose than a U2F token.  It could be used as a 
standalone bitcoin wallet a la Trezor.  It can be used to decrypt messages and 
display them on the built-in display so that even an adversary with root 
accesss to your laptop couldn’t read the cleartext.  The firmware doesn’t 
support this yet, but it’s a mere matter of programming :-)

But even U2F tokens can be phished for some value of “phished”.  It’s true that 
you can’t extract the keys, but if an attacker owns your machine and you have a 
U2F token installed, the attacker can log into any site you can log into.  Even 
if the token has a button you need to push to activate it, it’s probably not 
hard to fool most users into pushing the button to authorize an authentication 
for an attacker.

With a display, the token can say, “You are about to authorize…” and describe 
exactly what it is that it is being asked to do so that you know what you’re 
authorizing in a way that an attacker cannot control even with a completely 
compromised client.

rg

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

[Tony Arcieri]

On Tue, Apr 12, 2016 at 8:28 AM, Ron Garret  wrote:

> Some hardware tokens have an input device built in (usually a push button,
> sometimes a fingerprint sensor) which needs to be activated before the
> token will operate, but these are still subject to phishing attacks


Not to rain on your parade, but if you're talking about authentication
contexts, U2F solves the phishability problem by deriving domain-separated
keys per origin, so it's not possible for an attacker to leverage it for
phishing purposes.

-- 
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography