Developing the CryptoCape

Transcript

1. Developing the CryptoCape Primers on Crypto and BeagleBone Black Capes

   Josh Datko Cryptotronix, LLC January 21, 2014 Josh Datko Developing the CryptoCape January 21, 2014 1 / 37

2. 1 Why SparkFun is Awesome 2 Crypto Primer 3 BeagleBone

   Capes 4 CryptoCape 5 Crypto Projects 6 Export Controls 7 Going Further 8 Submarines Josh Datko Developing the CryptoCape January 21, 2014 2 / 37

3. Why SparkFun Rocks Have you seen this video?? https://www.youtube. com/watch?feature=

   player_embedded&v= xGhj_lLNtd0 Hacker-in-Residence Program Super collaborative environment. Kid-in-a-candy-store: Um, I really need digital calipers. Most EAGLE CAD knowledge per capita! Josh Datko Developing the CryptoCape January 21, 2014 3 / 37

4. Security Credit: https://xkcd.com/538/ Josh Datko Developing the CryptoCape January 21,

   2014 4 / 37

5. Code Talkers Credit: https://xkcd.com/257/ Josh Datko Developing the CryptoCape January

   21, 2014 5 / 37

6. PGP Credit: https://xkcd.com/1181/ Josh Datko Developing the CryptoCape January 21,

   2014 6 / 37

7. Meet Alice and Bob Most cryptography examples uses Alice and

   Bob as two people who want to communicate securely. Basic Encryption Given a message, m, an encryption algorithm, E, and a key Ke, produce a ciphertext, c, such that: c = E(Ke, m) Meet Eve. Eve is an eavesdropper. If Eve knows only c, she can’t recover m without Ke. Basic Decryption Given a ciphertext, c, decryption algorithm, D, and a key Ke, produce a message, m, such that: m = D(Ke, c) Josh Datko Developing the CryptoCape January 21, 2014 7 / 37

8. Symmetric Key Algorithms Credit: https://en.wikipedia.org/wiki/File:Crypto.png Josh Datko Developing the CryptoCape

   January 21, 2014 8 / 37

9. List of common Symmetric Key Algorithms Data Encryption Standard (DES)

   3DES RC4 Twofish Advanced Encryption Standard (AES) Josh Datko Developing the CryptoCape January 21, 2014 9 / 37

10. Key Distribution Problems en.wikipedia.org/wiki/File:Kriegsmarine_Enigma.png en.wikipedia.org/wiki/File:Kenngruppenheft.jpg Problem How do you ensure

    ev- erybody is using the same key??? Josh Datko Developing the CryptoCape January 21, 2014 10 / 37

11. Asymmetric Cryptography https://en.wikipedia.org/wiki/File:Public-key-crypto-1.svg RSA is the most popular public key

    encryption scheme, which is based on the prime-number factorization problem. Josh Datko Developing the CryptoCape January 21, 2014 11 / 37

12. Elliptical Curve Cryptography (ECC) http://cdn.arstechnica.net/wp-content/uploads/2013/10/elliptic-curve-crypt-image00.png ECC is generally faster and

    more efficient than RSA. However, there are a lot important technical details to consider. Josh Datko Developing the CryptoCape January 21, 2014 12 / 37

13. Hash Functions A cryptographic hash function has the following properties:

    One-way. Given a function, h, it’s easy to find h(m), but not possible calculate m given x where h(m) = x. Collision Resistant. For a message m1, it is difficult to find another message m2, such that h(m1) = h(m2) The mapping for all possible inputs to the set of outputs should be random https://en.wikipedia.org/wiki/File:Cryptographic_Hash_Function.svg Josh Datko Developing the CryptoCape January 21, 2014 13 / 37

14. Bitcoin Digital cash. Who is Satoshi Nakamoto??? P2P Currency. Bitcoin

    is not anonymous!!! Josh Datko Developing the CryptoCape January 21, 2014 14 / 37

15. BeagleBone Black 1GHz TI Sitara AM3359 ARM Cortex A8 Boots

    without binary blob! 2 GB on-board eMMC, MicroSD GPIO 65 Pins!, PRU, Crypto Accelerator! Uses actual Debian armhf Raspian is not Debian https: //wiki.debian.org/ RaspberryPi 3,000 BBBs a week. Credit: BeagleBoard SRM Josh Datko Developing the CryptoCape January 21, 2014 15 / 37

16. The Best BBB Development environment Things you need: Ethernet cable.

    5 Volt power supply. Small, 4-5 port switch (NetGear FS105) USB to Serial cable. Powered, USB 2.0 Hub (Plugable 7 port hub) SOIC and TSSOP to DIP breakout boards are your friend Breadboard first, but then quickly move to a soldered proto-board. Let me tell you about Emacs... TRAMP mode FTW! Use Emacs Prelude https://github.com/bbatsov/prelude Nice binary calculators Josh Datko Developing the CryptoCape January 21, 2014 16 / 37

17. How to Build a BBB Cape 1 Add EEPROM over

    I2C 2 Format EEPROM according to the SRM 3 Determine your pins 4 Build a device tree file Josh Datko Developing the CryptoCape January 21, 2014 17 / 37

18. EEPROM Schematic Josh Datko Developing the CryptoCape January 21, 2014

    18 / 37

19. EEPROM Data Fixed 4 byte header EEPROM Revision (A0, A1,

    etc. . . ) 32 byte board name 4 byte version (up to manufacturer) 16 Byte part number 12 Byte Serial number. WWYY&&&&nnnn An open source EEPROM generator exists: https://github.com/picoflamingo/BBCape_EEPROM Important Board name and version should match your DTS file! Josh Datko Developing the CryptoCape January 21, 2014 19 / 37

20. Pick your Pins Credit: BBB SRM and BeagleBoard.org Watch this

    video! https://www.youtube.com/watch?v=wui_wU1AeQ Josh Datko Developing the CryptoCape January 21, 2014 20 / 37

21. Watch out for Boot Pins Credit: BBB SRM and BeagleBoard.org

    Josh Datko Developing the CryptoCape January 21, 2014 21 / 37

22. Device Tree fragment@0 { t a r g e t

    = <&am33xx pinmux >; o v e r l a y { p i n c t r l u a r t 5 : p i n c t r l u a r t 5 p i n s { p i n c t r l −s i n g l e , pins = < 0x070 0x26 /∗ P9 11 = GPIO0 30 = GPMC WAIT0 , MODE6 ∗/ 0x074 0x06 /∗ P9 13 = GPIO0 31 = GPMC WPN, MODE6 ∗/ Where did those numbers come from??? https://github.com/derekmolloy/boneDeviceTree/tree/ master/docs Josh Datko Developing the CryptoCape January 21, 2014 22 / 37

23. PIN Addresses Decoding Byte 1 Memory offset from 0x800 for

    the processor Decoding Byte 2 Bit 6: Slew Control: 0 = Fast, 1 = Slow Bit 5: Receiver Active: 0 = Disable, 1 = Enable Bit 4: Pullup / Down: 0 = Pulldown, 1 = Pullup Bit 3: Pull Enable: 0 = Enable, 1 = Disabled Bits 2,1,0: Mux Mode 0x070 0x26 0b0100110 = Fast, Receive, Pulldown, Mode 6 = uart4 rxd mux2 0x074 0x06 0b0000110 = Fast, Transmit, Pulldown, Mode 6 = uart4 txd mux2 Josh Datko Developing the CryptoCape January 21, 2014 23 / 37

24. Load the Overlay Compile the device tree. https: //raw.github.com/RobertCNelson/tools/master/pkgs/dtc.sh Move

    over to firmware directory. Activate by echoing the name of the Cape to capemgr. Josh Datko Developing the CryptoCape January 21, 2014 24 / 37

25. Example: Flashing ATMega328p from BBB http://datko.net/2013/11/11/bbb_atmega328p/ Josh Datko Developing the

    CryptoCape January 21, 2014 25 / 37

26. Cryptotronix Things not to do before months before you have

    your first child: Start talking about Open source Crypto Hardware. Quit Job. Start company. Goal Get open source hardware crypto tools in the hands of makers. Josh Datko Developing the CryptoCape January 21, 2014 26 / 37

27. CryptoCape Crypto ICs (TPM, ECC, SHA256) Secure Boot Hardware protected

    keys Key isolation vs acceleration RTC w/ Battery Device authentication to remote webservice AtMega328P for User Crypto Libs Josh Datko Developing the CryptoCape January 21, 2014 27 / 37

28. I can haz Crypto? Tor Relay. VPN endpoint. Squid Proxy.

    Key Store (wallet). If it talks on the Internet: weather station, GPS location, vital signs. AVR projects are harder: IC code is proprietary. NaCl (crypto lib) looks good. Might need two AVRs. . . Josh Datko Developing the CryptoCape January 21, 2014 28 / 37

29. Export Controlled Most crypto hardware is export controlled. BBB is

    ECCN: 5A002A1. (Onboard Crypto Accelerator). Publicly available software generally has an exception Posting encryption source code and corresponding object code on the Internet (e.g., FTP or World Wide Web site) where it may be downloaded by anyone neither establishes “knowledge” of a prohibited export or reexport for purposes of this paragraph, nor triggers any red flags necessitating the affirmative duty to inquire http://www.bis.doc.gov/index.php/policy-guidance/ encryption/identifying-encryption-items Josh Datko Developing the CryptoCape January 21, 2014 29 / 37

30. Legal Hacks Credit: https://xkcd.com/504/ Josh Datko Developing the CryptoCape January

    21, 2014 30 / 37

31. Going Further Hopefully at Hope X! Hardware Bitcoin Wallet @30c3:

    https://www.youtube.com/watch?v=CgaBKNus1n0 Hardware Attacks, Advanced ARM Exploitation @ 30c3: https://www.youtube.com/watch?v=2fYPtByBY-s Tutorial on BBB Cape EEPROM. https://github.com/jbdatko/eeprom_tutorial Jason Kridner on Device Tree https://github.com/jadonk/validation-scripts/tree/ master/test-capemgr Josh Datko Developing the CryptoCape January 21, 2014 31 / 37

32. Submarines Credit: Official U.S. Navy Photo Josh Datko Developing the

    CryptoCape January 21, 2014 32 / 37

33. Submarines Credit: Official U.S. Navy Photo Josh Datko Developing the

    CryptoCape January 21, 2014 33 / 37

34. Submarines Credit: Official U.S. Navy Photo Josh Datko Developing the

    CryptoCape January 21, 2014 34 / 37

35. Submarines Credit: Official U.S. Navy Photo Josh Datko Developing the

    CryptoCape January 21, 2014 35 / 37

36. Submarines Credit: Official U.S. Navy Photo Josh Datko Developing the

    CryptoCape January 21, 2014 36 / 37

37. Submarines Credit: Official U.S. Navy Photo Josh Datko Developing the

    CryptoCape January 21, 2014 37 / 37