Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Crypto For Makers

Josh
January 15, 2014

Crypto For Makers

Presentation given to SparkFun Electronics on crypto, the BeagleBone Black and Submarines.

Josh

January 15, 2014
Tweet

More Decks by Josh

Other Decks in How-to & DIY

Transcript

  1. Crypto for Makers
    Primers on Crypto, BeagleBone Black, and Submarines
    Josh Datko
    Cryptotronix, LLC
    January 15, 2014
    Josh Datko Crypto for Makers January 15, 2014 1 / 34

    View full-size slide

  2. 1 Crypto Primer
    2 BeagleBone Capes
    3 CryptoCape
    4 Crypto Projects
    5 Export Controls
    6 Going Further
    7 Submarines
    Josh Datko Crypto for Makers January 15, 2014 2 / 34

    View full-size slide

  3. Security
    Credit: https://xkcd.com/538/
    Josh Datko Crypto for Makers January 15, 2014 3 / 34

    View full-size slide

  4. Code Talkers
    Credit: https://xkcd.com/257/
    Josh Datko Crypto for Makers January 15, 2014 4 / 34

    View full-size slide

  5. PGP
    Credit: https://xkcd.com/1181/
    Josh Datko Crypto for Makers January 15, 2014 5 / 34

    View full-size slide

  6. Meet Alice and Bob
    Most cryptography examples uses Alice and Bob as two people who want
    to communicate securely.
    Basic Encryption
    Given a message, m, an encryption algorithm, E, and a key Ke,
    produce a ciphertext, c, such that: c = E(Ke, m)
    Meet Eve. Eve is an eavesdropper. If Eve knows only c, she can’t recover
    m without Ke.
    Basic Decryption
    Given a ciphertext, c, decryption algorithm, D, and a key Ke, produce
    a message, m, such that: m = D(Ke, c)
    Josh Datko Crypto for Makers January 15, 2014 6 / 34

    View full-size slide

  7. Symmetric Key Algorithms
    Credit: https://en.wikipedia.org/wiki/File:Crypto.png
    Josh Datko Crypto for Makers January 15, 2014 7 / 34

    View full-size slide

  8. List of common Symmetric Key Algorithms
    Data Encryption Standard (DES)
    3DES
    RC4
    Twofish
    Advanced Encryption Standard (AES)
    Josh Datko Crypto for Makers January 15, 2014 8 / 34

    View full-size slide

  9. Key Distribution Problems
    en.wikipedia.org/wiki/File:Kriegsmarine_Enigma.png
    en.wikipedia.org/wiki/File:Kenngruppenheft.jpg
    Problem
    How do you ensure ev-
    erybody is using the
    same key???
    Josh Datko Crypto for Makers January 15, 2014 9 / 34

    View full-size slide

  10. Asymmetric Cryptography
    https://en.wikipedia.org/wiki/File:Public-key-crypto-1.svg
    RSA is the most popular public key encryption scheme, which is based on
    the prime-number factorization problem.
    Josh Datko Crypto for Makers January 15, 2014 10 / 34

    View full-size slide

  11. Elliptical Curve Cryptography (ECC)
    http://cdn.arstechnica.net/wp-content/uploads/2013/10/elliptic-curve-crypt-image00.png
    ECC is generally faster and more efficient than RSA. However, there are a
    lot important technical details to consider.
    Josh Datko Crypto for Makers January 15, 2014 11 / 34

    View full-size slide

  12. Hash Functions
    A cryptographic hash function has the following properties:
    One-way. Given a function, h, it’s easy to find h(m), but not possible
    calculate m given x where h(m) = x.
    Collision Resistant. For a message m1, it is difficult to find another
    message m2, such that h(m1) = h(m2)
    The mapping for all possible inputs to the set of outputs should be
    random
    https://en.wikipedia.org/wiki/File:Cryptographic_Hash_Function.svg
    Josh Datko Crypto for Makers January 15, 2014 12 / 34

    View full-size slide

  13. Bitcoin
    Digital cash.
    Who is Satoshi Nakamoto???
    P2P Currency.
    Bitcoin is not anonymous!!!
    Josh Datko Crypto for Makers January 15, 2014 13 / 34

    View full-size slide

  14. BeagleBone Black
    1GHz TI Sitara AM3359
    ARM Cortex A8
    512 MB DDR3L @ 400
    MHz
    2 GB on-board eMMC,
    MicroSD
    GPIO 65 Pins!, PRU,
    Crypto Accelerator!
    Uses actual Debian armhf
    Raspian is not Debian
    https:
    //wiki.debian.org/
    RaspberryPi
    3,000 BBBs a week. Credit: BeagleBoard SRM
    Josh Datko Crypto for Makers January 15, 2014 14 / 34

    View full-size slide

  15. How to Build a BBB Cape
    1 Add EEPROM over I2C
    2 Format EEPROM according to the SRM
    3 Determine your pins
    4 Build a device tree file
    Josh Datko Crypto for Makers January 15, 2014 15 / 34

    View full-size slide

  16. EEPROM Schematic
    Josh Datko Crypto for Makers January 15, 2014 16 / 34

    View full-size slide

  17. EEPROM Data
    Fixed 4 byte header
    EEPROM Revision (A0, A1, etc. . . )
    32 byte board name
    4 byte version (up to manufacturer)
    16 Byte part number
    12 Byte Serial number. WWYY&&&&nnnn
    An open source EEPROM generator exists:
    https://github.com/picoflamingo/BBCape_EEPROM
    Important
    Board name and version should match your DTS file!
    Josh Datko Crypto for Makers January 15, 2014 17 / 34

    View full-size slide

  18. Pick your Pins
    Credit: BBB SRM and BeagleBoard.org
    Watch this video!
    https://www.youtube.com/watch?v=wui_wU1AeQ
    Josh Datko Crypto for Makers January 15, 2014 18 / 34

    View full-size slide

  19. Watch out for Boot Pins
    Credit: BBB SRM and BeagleBoard.org
    Josh Datko Crypto for Makers January 15, 2014 19 / 34

    View full-size slide

  20. Device Tree
    fragment@0 {
    t a r g e t = <&am33xx pinmux >;
    o v e r l a y {
    p i n c t r l u a r t 5 : p i n c t r l u a r t 5 p i n s {
    p i n c t r l −s i n g l e , pins = <
    0x070 0x26 /∗ P9 11 = GPIO0 30 =
    GPMC WAIT0 , MODE6 ∗/
    0x074 0x06 /∗ P9 13 = GPIO0 31 =
    GPMC WPN, MODE6 ∗/
    Where did those numbers come from???
    https://github.com/derekmolloy/boneDeviceTree/tree/
    master/docs
    Josh Datko Crypto for Makers January 15, 2014 20 / 34

    View full-size slide

  21. PIN Addresses
    Decoding Byte 1
    Memory offset from 0x800 for the processor
    Decoding Byte 2
    Bit 6: Slew Control: 0 = Fast, 1 = Slow
    Bit 5: Receiver Active: 0 = Disable, 1 = Enable
    Bit 4: Pullup / Down: 0 = Pulldown, 1 = Pullup
    Bit 3: Pull Enable: 0 = Enable, 1 = Disabled
    Bits 2,1,0: Mux Mode
    0x070 0x26
    0b0100110 = Fast, Receive, Pulldown, Mode 6 = uart4 rxd mux2
    0x074 0x06
    0b0000110 = Fast, Transmit, Pulldown, Mode 6 = uart4 txd mux2
    Josh Datko Crypto for Makers January 15, 2014 21 / 34

    View full-size slide

  22. Load the Overlay
    Compile the device tree. https:
    //raw.github.com/RobertCNelson/tools/master/pkgs/dtc.sh
    Move over to firmware directory.
    Activate by echoing the name of the Cape to capemgr.
    Josh Datko Crypto for Makers January 15, 2014 22 / 34

    View full-size slide

  23. Example: Flashing ATMega328p from BBB
    http://datko.net/2013/11/11/bbb_atmega328p/
    Josh Datko Crypto for Makers January 15, 2014 23 / 34

    View full-size slide

  24. Cryptotronix
    Things not to do before months before you have your first child:
    Start talking about Open source Crypto Hardware.
    Quit Job.
    Start company.
    Goal
    Get open source hardware crypto tools in the hands of makers.
    Josh Datko Crypto for Makers January 15, 2014 24 / 34

    View full-size slide

  25. CryptoCape
    Crypto ICs (TPM, ECC,
    SHA256)
    Secure Boot
    Hardware protected
    keys
    Key isolation vs
    acceleration
    RTC w/ Battery
    AtMega328P for User
    Crypto Libs
    Josh Datko Crypto for Makers January 15, 2014 25 / 34

    View full-size slide

  26. I can haz Crypto?
    Tor Relay.
    VPN endpoint.
    Squid Proxy.
    Key Store (wallet).
    If it talks on the Internet:
    weather station, GPS
    location, vital signs.
    AVR projects are harder:
    IC code is proprietary.
    NaCl (crypto lib) looks
    good.
    Might need two AVRs. . .
    Josh Datko Crypto for Makers January 15, 2014 26 / 34

    View full-size slide

  27. Export Controlled
    Most crypto hardware is export controlled.
    BBB is ECCN: 5A002A1. (Onboard Crypto Accelerator).
    Publicly available software generally has an exception
    Posting encryption source code and corresponding object code on the
    Internet (e.g., FTP or World Wide Web site) where it may be downloaded
    by anyone neither establishes “knowledge” of a prohibited export or
    reexport for purposes of this paragraph, nor triggers any red flags
    necessitating the affirmative duty to inquire
    http://www.bis.doc.gov/index.php/policy-guidance/
    encryption/identifying-encryption-items
    Josh Datko Crypto for Makers January 15, 2014 27 / 34

    View full-size slide

  28. Legal Hacks
    Credit: https://xkcd.com/504/
    Josh Datko Crypto for Makers January 15, 2014 28 / 34

    View full-size slide

  29. Going Further
    Hopefully at Hope X!
    Hardware Bitcoin Wallet @30c3:
    https://www.youtube.com/watch?v=CgaBKNus1n0
    Hardware Attacks, Advanced ARM Exploitation @ 30c3:
    https://www.youtube.com/watch?v=2fYPtByBY-s
    Tutorial on BBB Cape EEPROM.
    https://github.com/jbdatko/eeprom_tutorial
    Jason Kridner on Device Tree
    https://github.com/jadonk/validation-scripts/tree/
    master/test-capemgr
    Josh Datko Crypto for Makers January 15, 2014 29 / 34

    View full-size slide

  30. Submarines
    Credit: Official U.S. Navy Photo
    Josh Datko Crypto for Makers January 15, 2014 30 / 34

    View full-size slide

  31. Submarines
    Credit: Official U.S. Navy Photo
    Josh Datko Crypto for Makers January 15, 2014 31 / 34

    View full-size slide

  32. Submarines
    Credit: Official U.S. Navy Photo
    Josh Datko Crypto for Makers January 15, 2014 32 / 34

    View full-size slide

  33. Submarines
    Credit: Official U.S. Navy Photo
    Josh Datko Crypto for Makers January 15, 2014 33 / 34

    View full-size slide

  34. Submarines
    Credit: Official U.S. Navy Photo
    Josh Datko Crypto for Makers January 15, 2014 34 / 34

    View full-size slide

  35. Submarines
    Credit: Official U.S. Navy Photo
    Josh Datko Crypto for Makers January 15, 2014 35 / 34

    View full-size slide