BBB CryptoCape

I’ve moved most of the updates to a new site. The rest of this page I’m leaving up for history purposes.

For the latest status, follow along at the CryptoCape Google Group.


The CryptoCape extends the hardware cryptographic abilities of the BeagleBone Black (BBB).  The BBB’s AM335x processor already has a powerful cryptographic hardware for AES, SHA, and MD5 as well as a hardware random number generator.  With additional hardware, the BBB with the CryptoCape can be an attractive solution for devices with increased security demands.

Design and source (eventually) are hosted at GitHub.

Motivation

The explosion of the Maker movement and DIY hardware has been incredible, however as a security engineer, I’d like to see better tools and options for those trying to secure their embedded devices.  I’d like to build a module that provides a system’s engineer with some security options.

Also, I run a Tor relay on my BBB, and after seeing some success with the crypto acceleration on the BBB, I’m eager to expand its capabilities.

Goal

To provide an open, peer-reviewed, cryptographic module that enhances the capabilities of the BeagleBone Black.

Features

The project is still in early conceptual design.  My current thoughts for features are:

  1. Hardware implemented algorithms: Elliptical Curve Cryptography (ECC), RSA, and SHA-2.
  2. Additional hardware random number generators.
  3. Real Time Clock.
  4. Electrically Erasable Programmable Read-Only Memory Chips (EEPROMs) for authentication keys (if desired).
  5. Ideally, a Trusted Platform Module (TPM).

Potential Uses

  1. Increase performance of networked applications that perform cryptographic operations. For example, an RSA-based TLS handshake could benefit from hardware RSA signature support. If the session negotiated an AES cipher, the AES hardware would perform the encryption / decryption and save CPU cycles.
  2. Create an air-gapped cryptographic embedded system.  Imagine a smart-card like device where you can keep your GPG/PGP keys in a secure memory module.  Attach a keyboard, a small LCD screen, and install Emacs to compose your messages.  Encrypt and sneaker-net the message over to another computer for transmission.
  3. Run a Tor relay and contribute bandwidth to a privacy enhancing network.

Timeline

  1. Research and evaluate various cryptographic Integrated Circuits (ICs).
  2. Learn to Solder. 🙂
  3. Breadboard various components (in progress 12NOV13)
  4. Design the cape (in progress 1JAN14).
  5. Solicit peer review on the cryptographic design. Done at SparkFun in January.
  6. Visit local hackerspaces for help designing PCBs.Thanks [Loveland Cratorspace!](http://www.lovelandcreatorspace.com)
  7. Make and test.

Components

  1. Atmel ECC CryptoAuthentication.
  2. Atmel I2C TPM.
  3. Real Time Clock – DS3231.  With onboard battery compartment.
  4. Atmel SHA CryptoAuthentication.
  5. Atmel AES CryptoAuthentication.
  6. ATmega328Pflashable from the BBB, for DIY crypto.  Although, I recommend NaCl.

Research Links

  1. TPM Hardware.

Contact

Feel free to contact me (on the right sidebar for various ways) or leave a comment with suggestions, recommendations, or critique of the design.

Updates

I promise to use this page as the main point of information.  I will post updates to my blog as I make progress, so feel free to subscribe.  I also blog about books and various other things, but hang in there; it’ll make you more well-rounded. :p

Advertisements

14 thoughts on “BBB CryptoCape

  1. Pretty good Idea. I probably would have started the same if I had the time.
    For a hardware TRNG check out http://www.jtxp.org/tech/xr232usb_en.htm. I would only use the noise source. The ATmega and the USB interface are not needed IMHO. And the de-biasing can be solved more efficient and secure. BCH Codes seem to be a good choice (see http://www1.spms.ntu.edu.sg/~kkhoongm/Entropy.pdf)
    After all I’ve read about TPM I don’t see the use of it in this context. As I understand you can not change the root key and I won’t trust the manufacturer to keep it secret. SmartCards look like a better choice for securely generating and storing keys. Maybe integrating a interface / reader for those?

    Best Regards,

    Chris

    1. Thanks for leaving the comment; that is a great recommendation on the TRNG. While some of these ICs have HRNG, even the BBB, they do not mention their implementation… I’ll have to study that design in more detail.

      re TPM: I was looking at for two reasons: 1. trusted boot and 2. isolated key storage of RSA keys for use in PKI. Trusted boot is a bit difficult on the BBB since the first bootloader is ROM that boots the second stage bootloader (MLO) at a fixed address without verification. On the keys, it’s my understanding, and I’m still learning about this [1], that if you buy a TPM directly from the manufacturer it first has to be personalized. The personalization process will put a root key, storage root key or SRK, on the TPM. A lot of people jump up and down about the DRM aspects of the TPM, I’m more interested in it being able to generate and store a RSA private key and perform sign / verify operations.

      re SmartCard: A smart card reader would be interesting. I had looked briefly into this and I don’t think I could determine what I needed to make the reader and would it be better than just plugging in the smart card reader to the BBB? Assuming that the CryptoCape is “trusted,” it may be useful to have an USB receptacle and plug in the reader just to the cape (maybe with an ATmega behind it?).

      At the moment, I’m working on the ATSHA204 which is an authentication only device but allows users to store symmetric keys, used for HMAC. I’m slowly building up to the entire cape.

      Once the design and code are a bit more “mature” (at least alpha quality 😉 ) than I’ll be posting the code, CAD files, on github

      Josh

      [1] Currently studying this book

      1. re safe boot:

        Booting from a hardware write protected memory would do the trick for me. When I update the FW I do not mind opening the case. And when the bad guys enter my home I have other problems. I found that a lot of SPI flash / eeprom have a “write protect” pin but most implement it as software override able. One exception I found is the microchip 25AA101A. And the BBB should be able to boot from SPI

        Chris

      2. If one holds down the BOOT button on the BBB, the boot order would be : SPI -> SD_CARD. It looks like a BBB cape, can force the boot order into this configuration and then if there was a SD card connector on the SPI bus, it should be able to boot from that (while holding the WP pin).

        With WP SPI Flash, how would one initially program the Flash? I could put a DIP switch on the WP line 🙂

  2. Yes, a jumper or (DIP) switch on the WP line would be the solution.

    TPM vs. SmartCards: I’ve read that you can not exchange the root key of the TPM. It is written by the manufacturer who hods the TCG certification. This would be a problem as the private root key might be known to other parties. If it can be externally generated and overwritten it’s all good. SmartCards are a bit more work on the Hard- and Sofware side but there I know for sure that you can write your own root key. ST Micro uses the same processor (ARM kernel) for TPM and SmartCard, just the FW and the package is different.

    USB vs. SmartCard reader: USB adds to much complexity IMHO. If you want the community to peer-review your Cape then you should keep it as simple as possible and without propritary software. I am not sure if this can accomplished with USB. ST Micro offers SmarCard versions with an SPI interface, so connecting them would be as complex as the TPM. But again, if the TPM module allows all keys to be externally generated and written it would be my first choice, too.

    Chris

  3. Pingback: Cryptotronix, LLC
  4. Josh,

    I think the CryptoCape is a neat idea.
    Which model of Atmel TPM are you planning to use?
    Let me know if you need any extra help with steps 4, 5, 6 or 7!

    Pete

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s