My book, BeagleBone for Secret Agents, is now available. The title is slightly misleading as you need not be a secret agent to enjoy this book. 😉 There are five self-contained projects involving electronics, cryptography, and various software packages but I wanted to write a book that was more than just a collection of projects. In BBfSa, I tried to motivate the social and individual importance of using software like Tor, GPG, and OTR. While the projects are cool, IMHO, I’m hoping that readers will appreciate the need for and difficulty of developing privacy enhancing technologies.
I picked projects that were explicitly more detailed than one could describe in a blog post. Most of them combine hardware and software and I would describe the projects as challenging, but attainable. If you decide to buy it hopefully you not only enjoy it, but learn something as well.
The book is available as a DRM free eBook and as a bound collection of printed dead-trees. I’ve stopped reading with eBooks readers, but there are just over 100 references, most with URLs, and I can appreciate the convenience of using one. You can visit my BBfSa page to see its availability or buy it direct from Packt Publishing.
Thanks to the many people at Packt who helped with the direction, editing, and layout. I was lucky to have very talented reviewers. Lastly, thank you Nate for writing an incredibly insightful forward and to SparkFun, without whom the projects in this book would not have been possible.
After months of work, the CryptoCape is now available at SparkFun Electronics. This cape adds a bunch of security features to the BeagleBone Black. There are seven independent ICs on that board that are connected over I2C. Each IC has a range of features as such, there’s a lot one can do with this hardware. For those who like to read, check out the hookup guide for examples and a walk-through. If you want to listen and watch an off-the-cuff screencast of me performing at demo, check out these screencasts.
I’m very grateful to SparkFun for supporting this idea. I approached them with this idea and applied for their Hacker-in-Residence program. Back then, SparkFun was still calling “capes” “shields”. Now they have a slick BeagleBone Proto Cape in addition to mine, so I’d like to think I helped them get more into the BeagleBone 🙂
I’ve been having a lot of fun with this cape. Of course, I like the security ICs and written a fewdrivers for them. Even if you are not into security, the onboard ATmega is really fun. It can be flashed from the BeagleBone so you can combine Arduino projects with the Beagle!
I have a few boards on Tindie, that I hand assemble, but this is the first device that’s being professionally manufactured. This is the first, of hopefully more, open source hardware security devices from Cryptotronix. I have a few projects spinning now, but if you support open source hardware, and want to add some hardware security, feel free to contact me.
I’ll be talking more about the CryptoCape, how I got into this, and some project ideas at HOPE X in NYC this summer.
For those with a darker color hat, my DEF CON 22 talk was recently accepted. Once the abstract is posted on the speaker page I’ll announce that here. <evil grin>
I’m about to start my second week at SparkFun Electronics as a hacker-in-residence and I’ve made some great progress. I have an initial draft design of the CryptoCape, which will be scrutinized this week by the awesome SparkFun engineers. Also, I’m working on a BeagleBone Black Cape tutorial which should help anyone looking to get started with Capes and setting up the EEPROM. On Wednesday, my last day, I’ll be giving a lunch-and-learn entitled “Crypto for Makers.” There’ll be a short primer on cryptography and then I’ll dive into project ideas involving crypto. I’m planning on ending with a short talk on submarine life, just for fun.
If you are in the Northern Colorado area, I’ll be hosting a talk at Loveland CreatorSpace on Tuesday, January 21st where I will describe the hacker-in-residence experience and go into some more details about the CryptoCape and building for the BeagleBone Black. Space is limited, so RSVP on Meetup.
At Cryptotronix, I’ve made my first international sale! I’ve expanded shipping to Canada and Europe. Check out the Cryptotronix store on Tindie for more details.
I’ve started a company: Cryptotronix, LLC. I figured it was the most responsible thing I could do before my daughter is born in about two months… For those that have been following with my BeagleBone posts, I’m focusing on the CryptoCape and making other circuit boards containing crypto chips. The first board, which I’m calling the “Hashlet,” performs SHA-256 and can store keys on the device for use in keyed-hashes. It’s specifically made for the BeagleBone Black (although one could also use a Raspberry Pi).
Tinkering with these devices has been a lot of fun and I am committed to seeing the CryptoCape come to fruition. However, it’s very easy to get security and cryptography wrong (and not even know it!). Therefore, the key (ha!) is to be as open as possible, especially in the early design stages. I’m making open-hardware and where applicable, writing GPL’d software to go with the device, which should allow plenty of room for feedback.
I’m trying to keep a zen “Beginner’s Mind” about this and focus on making accessible, embedded crypto boards with the hope that others will use them as building blocks for awesome open-projects.
First of all, I’ve created a Google Group for those that want to be in the discussion.
I want to take a step back and think about the CryptoCape goals, because I’m too far in the weeds playing with hardware at the moment (although that’s been fun). The BeagleBone Black (BBB) is already a pretty capable device and has some support for acceleration, although my experiments haven’t turned out that well. Since it can run Debian or something similar, there are great software libraries that will do pretty much everything.
So what’s it really missing? In my mind: isolation of the key. Let’s say you are running a web server on the BBB with HTTPS. In some TLS suites, the server will sign the handshake messages with its private key. Well, all this is happening in userspace and is just one buffer overflow away from leaking the key (Note to self: check if ASLR is turned on in the 3.8 BBB Kernel).