back to article For $800 you can buy internet engineers' answer to US government spying

The long-awaited response from internet engineers to Edward Snowden's revelations of mass surveillance by the US government has been launched in Berlin. The CrypTech project launched an alpha prototype of its open-source crypto-vault at the 96th meeting of the Internet Engineering Task Force (IETF), and held a two-day workshop …

  1. Duncan Macdonald

    Hopefully the H/W will shrink

    A production unit (not this early prototype) needs to end up no bigger than a large USB stick for mass acceptance. A unit this size would only be acceptable in a few locations that need extreme security (especially as it needs its own power supply).

    1. This post has been deleted by its author

    2. Lotaresco

      Re: Hopefully the H/W will shrink

      What? I think you have failed to understand the use of an HSM. Reducing it to the size of a USB key isn't really going to help and these aren't end-user devices.

  2. Anonymous C0ward
    Black Helicopters

    And if I'm paranoid enough, or my data is sensitive enough

    to need one of these, how do I know the spooks haven't intercepted it and tampered with it?

    1. Knoydart
      Pirate

      Re: And if I'm paranoid enough, or my data is sensitive enough

      You check against the publicly available hardware (schematics, parts etc) and software to ensure the right bits are in the right place.

      If you wear a multiple layered tin foil hat, you then head off to the silicon foundry and rustle up the devices yourself to populate the board.

      1. Charles 9

        Re: And if I'm paranoid enough, or my data is sensitive enough

        But what's to stop the foundry from being doubled?

  3. G R Goslin

    Isn't this...

    Isn't this the same as the ASUS TPM (Trusted Platform Module) unit that I bought from Amazon.uk, for £14 odd? Which again, I couldn't work out how to integrate it with my Linux system, or what it did, or how it did whatever it did, or didn't do.

    1. stizzleswick

      Re: Isn't this...

      Nope. This is being made not by those interested in knowing where, when and what you buy, but by those interested in others not knowing. It's a rather big difference.

      1. G R Goslin

        Re: Isn't this...

        Strange that you say "those interested in knowing where, when and what you buy,", but the fairly extensive reading I undertook on the matter indicated that it's function was the same as the unit in the article. The only caveat made was that there was a risk that Authority might persuade the manufacturer to include back doors. I tend to agree with this thought, but it equally applies to ANY manufacturer of the unit, open source or no.

        1. Pascal Monett Silver badge

          Re: it's function was the same

          That the function is the same is not, in itself, an issue for me. That it comes from a group of people not supposed to be under the influence of governments or spooks is a very big plus in my book.

          The fact that the NSA could have purchased a board is not a problem either. A proper cryptographic process can be entirely public, it will be no less efficient in keeping data secure because the keys are not public (well, half of them aren't). If the code and hardware of this project are properly thought out and truly secure, there is nothing the NSA can do to it without physical access - and we know the rule on that.

    2. Lotaresco

      Re: Isn't this...

      "Isn't this the same as the ASUS TPM (Trusted Platform Module) unit that I bought from Amazon.uk, for £14 odd?"

      No, it's not. These are designed and used for different purposes.

      A TPM is designed for a limited (but important) range of functions. Firstly every TPM has a unique RSA key burned into the module. This means that the TPM can offer evidence of identity which is important if you have a need to prove that your computer is your computer associated with you. There are occasions when that would be extremely useful such as when ordering Root CA certificates or for transactions where your ID is an important part of the process. TPMs can also protect keys such as full disk encryption keys. It also provides hardware protection against attacks on your passwords. The focus of a TPM is to assure the integrity of your computer and to protect your keys and passwords from attack.

      A HSM is designed for two main functions. To protect high value keys for an enterprise and to offload cryptographic calculations. An HSM can perform many more calculations per second than can a server. This permits the use of (say) Elliptic-Curve cryptography for session keys and also supports the use of long RSA keys in systems processing thousands of transaction per second.

      An important feature of an HSM is that the administrator never needs to see the keys. These are stored in the HSM and accessed using a key-encryption-key (KEK) with the encryption/decryption of data done within the HSM.

      1. JeffyPoooh
        Pint

        Re: Isn't this...

        "Firstly every TPM has a unique RSA key burned into the module. This means that the TPM can offer evidence of identity which is important if you have a need to prove that your computer is your computer associated with you."

        Who says that it's actually unique? How do you know that this key wasn't copied to some three letter agency? How can anyone prove that it wasn't copied? What if the laser or power supply pulses during burning can be detected next door?

        The name is the clue. Is the 'platform module' actually 'trusted'?

        1. Lotaresco

          Re: Isn't this...

          "Firstly every TPM has a unique RSA key burned into the module. ..."

          Who says that it's actually unique?

          ISO/IEC 11889

          The keys are signed by the manufacturer, trust resides with the manufacturer.

          How do you know that this key wasn't copied to some three letter agency?

          I suspect that you're not understanding what the key is used for. The public (EKpub) key is, like all public keys, intended to be handed to anyone. It is used to affirm that an identified entity is associated with a particular key. If someone else has the private and public keys and asserts that they are the entity associated with that key and has a cloned TPM with the same key then at the time of attestation either - the key will already the registered and the entity will have to explain what they are doing with someone else's key or the key will be unregistered and they will be permitted to register. Whoopee they now have a key associated with their (real or forged) ID that identifies them uniquely, or they don't.

          The key does not permit them to access someone else's system or intercept their traffic because the certs created with those keys are also unique. Also when that key is registered the fault condition of a duplicate EK will be detected. Something is clearly wrong and the CA will not issue a certificate.

          If someone has duplicated your key and uses it to make a cert request using your credentials then the cert they pay for will be delivered to you. That would give you a bit of a hint that something is wrong.

          What if the laser or power supply pulses during burning can be detected next door?

          <shrug> The burning is done by the chip manufacturer. You would have to be able to identify which TPM was being burned and follow it through the supply chain to its destination. Pointless and extremely unlikely given how many TPMs will be burned in a session.

          Your questions sound like tinfoil helmet stuff.

          1. Anonymous Coward
            Anonymous Coward

            Re: Isn't this...

            "<shrug> The burning is done by the chip manufacturer. You would have to be able to identify which TPM was being burned and follow it through the supply chain to its destination. Pointless and extremely unlikely given how many TPMs will be burned in a session.

            Your questions sound like tinfoil helmet stuff."

            Unless the chip manufacturer is doubled (or worse, directly controlled by the State). After what Edward Snowden and others like him revealed, NOTHING is taboo, not even hardware exploits and secret cloning. How can you trust the TPM being absolutely unique in a DTA world where nothing is off limits? Not even a secret quantum computer hidden under the huge datacenter in Utah (and if you think American spooks can't keep things secret, how did they keep low-visibility planes secret for decades?).

  4. This post has been deleted by its author

  5. Steve Davies 3 Silver badge

    Well...

    The units will be shipped in September. At the time of writing, just two had been sold.

    Would those customer be the NSA and GCHQ by any chance?

    That leads me to ask, how many have been sold on the 'dark web'?

  6. WibbleMe

    If it is personal do not put it on the internet! Simple.

    Seriously what kind of idiot actually puts their real date of birth on the internet with the full name and address.

    1. Dabooka

      Really?

      I take it you're new to the whole world wide web thing?

    2. P. Lee

      >Seriously what kind of idiot actually puts their real date of birth on the internet with the full name and address.

      Someone who wants to buy something with a credit card and have it delivered?

  7. thunderghast

    Just two had been sold

    This ruins the Alexander Graham Bell joke.

  8. Lotaresco

    Cheap

    Having just ordered and paid for HSMs from a closed-source supplier and having to sign up to a licensing deal that is, quite frankly, daylight robbery I'm looking forward to getting one of these boards. The most important feature for me is that it is free of licence payments. The mainstream suppliers pull some clever strokes that require anyone who needs HSMs (that's anyone who needs to keep certificates and keys safe and to generate them safely and sign them) to buy multiple HSMs that have been deliberately crippled to prevent the user from re-deploying them elsewhere in the business.

    The problem of course is that these devices have not been FIPS 140-2 certified so insurers and regulatory bodies are not going to accept that these devices are good enough to meet their requirements.

    1. Warm Braw

      Re: Cheap

      Also, the docs I saw weren't very explicit, but as far as I can tell although the hardware supports tamper notification, it's down to you to provide the physical security. Depending on your application, that could be the expensive bit.

    2. Phil Koenig

      FIPS 140-2 (Was Re: Cheap)

      Considering that FIPS 140-2, IIRC, includes as part of the standard such ignominious technologies such as DUAL_EC_DRBG, that certification just doesn't have the same 'ol shine it used to, for some people..

      1. Charles 9

        Re: FIPS 140-2 (Was Cheap)

        But can you think of one better?

      2. Lotaresco

        Re: FIPS 140-2 (Was Cheap)

        "Considering that FIPS 140-2, IIRC, includes as part of the standard such ignominious technologies such as DUAL_EC_DRBG, that certification just doesn't have the same 'ol shine it used to, for some people."

        Apart from using an HSM as good practice in securing crypto, HSMs are used as a component in PKI because software-only security is frowned upon in regulated (financial, government) environments. Insurers won't insure and regulators won't approve systems unless they have FIPS 140-2. They also don't listen to argument that an algorithm is flawed as long as it is approved.

        However: " Dual EC_DRBG has been removed, as it is no longer approved"

        DRBG Validation List

    3. Anonymous Coward
      Anonymous Coward

      Re: Cheap

      Of course, the closed source versions (Thales eSecurity by any chance?) have certification and has additional hardware security.

      Most notably by having the key store and processing wrapped in a secure tamper-proof enclosure so that any access causes the keys to be wiped.

      Edit: Looking further, the board has at least one component with a heatsink. When tamper-proofing such a board, heat management is very difficult, especially if you want any sort of decent performance.

  9. Anonymous Coward
    Anonymous Coward

    Is this better than a $5 Raspberry Pi?

    Hmm... a board with a general purpose ARM processor on it. Hard-coded to do HSM work. I guess the other $795 is for the sparkly security sprinkles...

    1. Anonymous Coward
      Anonymous Coward

      Re: Is this better than a $5 Raspberry Pi?

      The rest is presumably mostly for the FPGA, and they can be pricey. (I work with some that cost tens of grand each.)

    2. Jason Bloomberg Silver badge

      Re: Is this better than a $5 Raspberry Pi?

      "Better" probably depends on how thick your tin foil boiler suit and chain mail underpants are.

      The Pi isn't Open Source Hardware and requires Closed Source Software to get it booted, so I guess that's a problem right there. I expect most of the cost comes in achieving desired performance.

  10. Graham Marsden
    Big Brother

    And I bet...

    ... there are already people in government looking to pass laws to make these illegal...

  11. Aodhhan

    Or...

    Necessary if you move a lot of data. If not, the cheaper alternative is to use host-host with certs kept on a USB key. Realistically, if they really want the equations to move faster, they will need more processing and memory put on the device.

    FIPS140-2 protocols and ciphers will likely be the norm on these devices. One thing to remember about FIPS 140-2 encryption, is that they only show what is usable by the US Government for top secret and below. For information above top secret, encryption is governed by a different set of publications.

    Meaning, state sponsored intel agencies can likely crack the encryption within several months.

    When it comes down to it, the easiest way to get past encryption is to get on the box itself. You can put millions of dollars into encryption, but if you click the wrong thing on the Internet... it doesn't matter.

    So as an individual, if you really can't wait to shell out the money for this device... you likely haven't done a proper risk assessment, or you have more pride than brains.

  12. Anonymous Coward
    Anonymous Coward

    Don't Worry

    As the director of the CIA stated, "if it ain't US, it ain't sh*t" (paraphrasing).

    Seeing as non-American's were involved on the project too, I'm sure their backwards understanding of cryptography has hindered this device far worse than any government back door ever could have.

    </sarcasm>

  13. John Sturdy
    Black Helicopters

    Checking back to the underlying maths?

    So which parts of the maths could be based on things the NSA have helped to bring to prominence? (I hope that "many eyes" will have helped to check this.)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like