Josh
January 21, 2014
1.7k

# Developing the CryptoCape

Talk given to Loveland Creator Space on build a BeagleBone Black Cape. Also includes an overview of the SparkFun Hacker in Residence Program.

January 21, 2014

## Transcript

1. Developing the CryptoCape
Primers on Crypto and BeagleBone Black Capes
Josh Datko
Cryptotronix, LLC
January 21, 2014
Josh Datko Developing the CryptoCape January 21, 2014 1 / 37

2. 1 Why SparkFun is Awesome
2 Crypto Primer
3 BeagleBone Capes
4 CryptoCape
5 Crypto Projects
6 Export Controls
7 Going Further
8 Submarines
Josh Datko Developing the CryptoCape January 21, 2014 2 / 37

3. Why SparkFun Rocks
Have you seen this
video??
com/watch?feature=
player_embedded&v=
xGhj_lLNtd0
Hacker-in-Residence
Program
Super collaborative
environment.
Kid-in-a-candy-store:
Um, I really need
digital calipers.
knowledge per capita!
Josh Datko Developing the CryptoCape January 21, 2014 3 / 37

4. Security
Credit: https://xkcd.com/538/
Josh Datko Developing the CryptoCape January 21, 2014 4 / 37

5. Code Talkers
Credit: https://xkcd.com/257/
Josh Datko Developing the CryptoCape January 21, 2014 5 / 37

6. PGP
Credit: https://xkcd.com/1181/
Josh Datko Developing the CryptoCape January 21, 2014 6 / 37

7. Meet Alice and Bob
Most cryptography examples uses Alice and Bob as two people who want
to communicate securely.
Basic Encryption
Given a message, m, an encryption algorithm, E, and a key Ke,
produce a ciphertext, c, such that: c = E(Ke, m)
Meet Eve. Eve is an eavesdropper. If Eve knows only c, she can’t recover
m without Ke.
Basic Decryption
Given a ciphertext, c, decryption algorithm, D, and a key Ke, produce
a message, m, such that: m = D(Ke, c)
Josh Datko Developing the CryptoCape January 21, 2014 7 / 37

8. Symmetric Key Algorithms
Credit: https://en.wikipedia.org/wiki/File:Crypto.png
Josh Datko Developing the CryptoCape January 21, 2014 8 / 37

9. List of common Symmetric Key Algorithms
Data Encryption Standard (DES)
3DES
RC4
Twoﬁsh
Advanced Encryption Standard (AES)
Josh Datko Developing the CryptoCape January 21, 2014 9 / 37

10. Key Distribution Problems
en.wikipedia.org/wiki/File:Kriegsmarine_Enigma.png
en.wikipedia.org/wiki/File:Kenngruppenheft.jpg
Problem
How do you ensure ev-
erybody is using the
same key???
Josh Datko Developing the CryptoCape January 21, 2014 10 / 37

11. Asymmetric Cryptography
https://en.wikipedia.org/wiki/File:Public-key-crypto-1.svg
RSA is the most popular public key encryption scheme, which is based on
the prime-number factorization problem.
Josh Datko Developing the CryptoCape January 21, 2014 11 / 37

12. Elliptical Curve Cryptography (ECC)
ECC is generally faster and more eﬃcient than RSA. However, there are a
lot important technical details to consider.
Josh Datko Developing the CryptoCape January 21, 2014 12 / 37

13. Hash Functions
A cryptographic hash function has the following properties:
One-way. Given a function, h, it’s easy to ﬁnd h(m), but not possible
calculate m given x where h(m) = x.
Collision Resistant. For a message m1, it is diﬃcult to ﬁnd another
message m2, such that h(m1) = h(m2)
The mapping for all possible inputs to the set of outputs should be
random
https://en.wikipedia.org/wiki/File:Cryptographic_Hash_Function.svg
Josh Datko Developing the CryptoCape January 21, 2014 13 / 37

14. Bitcoin
Digital cash.
Who is Satoshi Nakamoto???
P2P Currency.
Bitcoin is not anonymous!!!
Josh Datko Developing the CryptoCape January 21, 2014 14 / 37

15. BeagleBone Black
1GHz TI Sitara AM3359
ARM Cortex A8
Boots without binary
blob!
2 GB on-board eMMC,
MicroSD
GPIO 65 Pins!, PRU,
Crypto Accelerator!
Uses actual Debian armhf
Raspian is not Debian
https:
//wiki.debian.org/
RaspberryPi
3,000 BBBs a week. Credit: BeagleBoard SRM
Josh Datko Developing the CryptoCape January 21, 2014 15 / 37

16. The Best BBB Development environment
Things you need:
Ethernet cable.
5 Volt power supply.
Small, 4-5 port switch (NetGear FS105)
USB to Serial cable.
Powered, USB 2.0 Hub (Plugable 7 port hub)
SOIC and TSSOP to DIP breakout boards are your friend
Breadboard ﬁrst, but then quickly move to a soldered proto-board.
Let me tell you about Emacs...
TRAMP mode FTW!
Use Emacs Prelude https://github.com/bbatsov/prelude
Nice binary calculators
Josh Datko Developing the CryptoCape January 21, 2014 16 / 37

17. How to Build a BBB Cape
1 Add EEPROM over I2C
2 Format EEPROM according to the SRM
3 Determine your pins
4 Build a device tree ﬁle
Josh Datko Developing the CryptoCape January 21, 2014 17 / 37

18. EEPROM Schematic
Josh Datko Developing the CryptoCape January 21, 2014 18 / 37

19. EEPROM Data
Fixed 4 byte header
EEPROM Revision (A0, A1, etc. . . )
32 byte board name
4 byte version (up to manufacturer)
16 Byte part number
12 Byte Serial number. WWYY&&&&nnnn
An open source EEPROM generator exists:
https://github.com/picoflamingo/BBCape_EEPROM
Important
Board name and version should match your DTS ﬁle!
Josh Datko Developing the CryptoCape January 21, 2014 19 / 37

20. Pick your Pins
Credit: BBB SRM and BeagleBoard.org
Watch this video!
Josh Datko Developing the CryptoCape January 21, 2014 20 / 37

21. Watch out for Boot Pins
Credit: BBB SRM and BeagleBoard.org
Josh Datko Developing the CryptoCape January 21, 2014 21 / 37

22. Device Tree
[email protected] {
t a r g e t = ;
o v e r l a y {
p i n c t r l u a r t 5 : p i n c t r l u a r t 5 p i n s {
p i n c t r l −s i n g l e , pins = <
0x070 0x26 /∗ P9 11 = GPIO0 30 =
GPMC WAIT0 , MODE6 ∗/
0x074 0x06 /∗ P9 13 = GPIO0 31 =
GPMC WPN, MODE6 ∗/
Where did those numbers come from???
https://github.com/derekmolloy/boneDeviceTree/tree/
master/docs
Josh Datko Developing the CryptoCape January 21, 2014 22 / 37

Decoding Byte 1
Memory oﬀset from 0x800 for the processor
Decoding Byte 2
Bit 6: Slew Control: 0 = Fast, 1 = Slow
Bit 5: Receiver Active: 0 = Disable, 1 = Enable
Bit 4: Pullup / Down: 0 = Pulldown, 1 = Pullup
Bit 3: Pull Enable: 0 = Enable, 1 = Disabled
Bits 2,1,0: Mux Mode
0x070 0x26
0b0100110 = Fast, Receive, Pulldown, Mode 6 = uart4 rxd mux2
0x074 0x06
0b0000110 = Fast, Transmit, Pulldown, Mode 6 = uart4 txd mux2
Josh Datko Developing the CryptoCape January 21, 2014 23 / 37

24. Load the Overlay
Compile the device tree. https:
//raw.github.com/RobertCNelson/tools/master/pkgs/dtc.sh
Move over to ﬁrmware directory.
Activate by echoing the name of the Cape to capemgr.
Josh Datko Developing the CryptoCape January 21, 2014 24 / 37

25. Example: Flashing ATMega328p from BBB
http://datko.net/2013/11/11/bbb_atmega328p/
Josh Datko Developing the CryptoCape January 21, 2014 25 / 37

26. Cryptotronix
Things not to do before months before you have your ﬁrst child:
Start talking about Open source Crypto Hardware.
Quit Job.
Start company.
Goal
Get open source hardware crypto tools in the hands of makers.
Josh Datko Developing the CryptoCape January 21, 2014 26 / 37

27. CryptoCape
Crypto ICs (TPM, ECC,
SHA256)
Secure Boot
Hardware protected
keys
Key isolation vs
acceleration
RTC w/ Battery
Device authentication to
remote webservice
AtMega328P for User
Crypto Libs
Josh Datko Developing the CryptoCape January 21, 2014 27 / 37

28. I can haz Crypto?
Tor Relay.
VPN endpoint.
Squid Proxy.
Key Store (wallet).
If it talks on the Internet:
weather station, GPS
location, vital signs.
AVR projects are harder:
IC code is proprietary.
NaCl (crypto lib) looks
good.
Might need two AVRs. . .
Josh Datko Developing the CryptoCape January 21, 2014 28 / 37

29. Export Controlled
Most crypto hardware is export controlled.
BBB is ECCN: 5A002A1. (Onboard Crypto Accelerator).
Publicly available software generally has an exception
Posting encryption source code and corresponding object code on the
Internet (e.g., FTP or World Wide Web site) where it may be downloaded
by anyone neither establishes “knowledge” of a prohibited export or
reexport for purposes of this paragraph, nor triggers any red ﬂags
necessitating the aﬃrmative duty to inquire
http://www.bis.doc.gov/index.php/policy-guidance/
encryption/identifying-encryption-items
Josh Datko Developing the CryptoCape January 21, 2014 29 / 37

30. Legal Hacks
Credit: https://xkcd.com/504/
Josh Datko Developing the CryptoCape January 21, 2014 30 / 37

31. Going Further
Hopefully at Hope X!
Hardware Bitcoin Wallet @30c3:
Hardware Attacks, Advanced ARM Exploitation @ 30c3:
Tutorial on BBB Cape EEPROM.
https://github.com/jbdatko/eeprom_tutorial
Jason Kridner on Device Tree
master/test-capemgr
Josh Datko Developing the CryptoCape January 21, 2014 31 / 37

32. Submarines
Credit: Oﬃcial U.S. Navy Photo
Josh Datko Developing the CryptoCape January 21, 2014 32 / 37

33. Submarines
Credit: Oﬃcial U.S. Navy Photo
Josh Datko Developing the CryptoCape January 21, 2014 33 / 37

34. Submarines
Credit: Oﬃcial U.S. Navy Photo
Josh Datko Developing the CryptoCape January 21, 2014 34 / 37

35. Submarines
Credit: Oﬃcial U.S. Navy Photo
Josh Datko Developing the CryptoCape January 21, 2014 35 / 37

36. Submarines
Credit: Oﬃcial U.S. Navy Photo
Josh Datko Developing the CryptoCape January 21, 2014 36 / 37

37. Submarines
Credit: Oﬃcial U.S. Navy Photo
Josh Datko Developing the CryptoCape January 21, 2014 37 / 37