Crypto for Makers Primers on Crypto, BeagleBone Black, and Submarines Josh Datko Cryptotronix, LLC January 15, 2014 Josh Datko Crypto for Makers January 15, 2014 1 / 34
Meet Alice and Bob Most cryptography examples uses Alice and Bob as two people who want to communicate securely. Basic Encryption Given a message, m, an encryption algorithm, E, and a key Ke, produce a ciphertext, c, such that: c = E(Ke, m) Meet Eve. Eve is an eavesdropper. If Eve knows only c, she can’t recover m without Ke. Basic Decryption Given a ciphertext, c, decryption algorithm, D, and a key Ke, produce a message, m, such that: m = D(Ke, c) Josh Datko Crypto for Makers January 15, 2014 6 / 34
List of common Symmetric Key Algorithms Data Encryption Standard (DES) 3DES RC4 Twofish Advanced Encryption Standard (AES) Josh Datko Crypto for Makers January 15, 2014 8 / 34
Key Distribution Problems en.wikipedia.org/wiki/File:Kriegsmarine_Enigma.png en.wikipedia.org/wiki/File:Kenngruppenheft.jpg Problem How do you ensure ev- erybody is using the same key??? Josh Datko Crypto for Makers January 15, 2014 9 / 34
Asymmetric Cryptography https://en.wikipedia.org/wiki/File:Public-key-crypto-1.svg RSA is the most popular public key encryption scheme, which is based on the prime-number factorization problem. Josh Datko Crypto for Makers January 15, 2014 10 / 34
Elliptical Curve Cryptography (ECC) http://cdn.arstechnica.net/wp-content/uploads/2013/10/elliptic-curve-crypt-image00.png ECC is generally faster and more efficient than RSA. However, there are a lot important technical details to consider. Josh Datko Crypto for Makers January 15, 2014 11 / 34
Hash Functions A cryptographic hash function has the following properties: One-way. Given a function, h, it’s easy to find h(m), but not possible calculate m given x where h(m) = x. Collision Resistant. For a message m1, it is difficult to find another message m2, such that h(m1) = h(m2) The mapping for all possible inputs to the set of outputs should be random https://en.wikipedia.org/wiki/File:Cryptographic_Hash_Function.svg Josh Datko Crypto for Makers January 15, 2014 12 / 34
How to Build a BBB Cape 1 Add EEPROM over I2C 2 Format EEPROM according to the SRM 3 Determine your pins 4 Build a device tree file Josh Datko Crypto for Makers January 15, 2014 15 / 34
EEPROM Data Fixed 4 byte header EEPROM Revision (A0, A1, etc. . . ) 32 byte board name 4 byte version (up to manufacturer) 16 Byte part number 12 Byte Serial number. WWYY&&&&nnnn An open source EEPROM generator exists: https://github.com/picoflamingo/BBCape_EEPROM Important Board name and version should match your DTS file! Josh Datko Crypto for Makers January 15, 2014 17 / 34
Pick your Pins Credit: BBB SRM and BeagleBoard.org Watch this video! https://www.youtube.com/watch?v=wui_wU1AeQ Josh Datko Crypto for Makers January 15, 2014 18 / 34
Device Tree [email protected] { t a r g e t = ; o v e r l a y { p i n c t r l u a r t 5 : p i n c t r l u a r t 5 p i n s { p i n c t r l −s i n g l e , pins = < 0x070 0x26 /∗ P9 11 = GPIO0 30 = GPMC WAIT0 , MODE6 ∗/ 0x074 0x06 /∗ P9 13 = GPIO0 31 = GPMC WPN, MODE6 ∗/ Where did those numbers come from??? https://github.com/derekmolloy/boneDeviceTree/tree/ master/docs Josh Datko Crypto for Makers January 15, 2014 20 / 34
Load the Overlay Compile the device tree. https: //raw.github.com/RobertCNelson/tools/master/pkgs/dtc.sh Move over to firmware directory. Activate by echoing the name of the Cape to capemgr. Josh Datko Crypto for Makers January 15, 2014 22 / 34
Cryptotronix Things not to do before months before you have your first child: Start talking about Open source Crypto Hardware. Quit Job. Start company. Goal Get open source hardware crypto tools in the hands of makers. Josh Datko Crypto for Makers January 15, 2014 24 / 34
I can haz Crypto? Tor Relay. VPN endpoint. Squid Proxy. Key Store (wallet). If it talks on the Internet: weather station, GPS location, vital signs. AVR projects are harder: IC code is proprietary. NaCl (crypto lib) looks good. Might need two AVRs. . . Josh Datko Crypto for Makers January 15, 2014 26 / 34
Export Controlled Most crypto hardware is export controlled. BBB is ECCN: 5A002A1. (Onboard Crypto Accelerator). Publicly available software generally has an exception Posting encryption source code and corresponding object code on the Internet (e.g., FTP or World Wide Web site) where it may be downloaded by anyone neither establishes “knowledge” of a prohibited export or reexport for purposes of this paragraph, nor triggers any red flags necessitating the affirmative duty to inquire http://www.bis.doc.gov/index.php/policy-guidance/ encryption/identifying-encryption-items Josh Datko Crypto for Makers January 15, 2014 27 / 34
Going Further Hopefully at Hope X! Hardware Bitcoin Wallet @30c3: https://www.youtube.com/watch?v=CgaBKNus1n0 Hardware Attacks, Advanced ARM Exploitation @ 30c3: https://www.youtube.com/watch?v=2fYPtByBY-s Tutorial on BBB Cape EEPROM. https://github.com/jbdatko/eeprom_tutorial Jason Kridner on Device Tree https://github.com/jadonk/validation-scripts/tree/ master/test-capemgr Josh Datko Crypto for Makers January 15, 2014 29 / 34
jbdatko
chitose_snn
hageyahhoo
qx5k_iskw
n0bisuke2
tmiura
runrunsan
mongonta0716
davidbonilla
melix
ppillc
geoffreycrofte
addyosmani
kastner
dotmariusz
sonatard
maggiecrowley
62gerente
holman
destraynor
keithpitt
sferik