DEF CON Forum Site Header Art


No announcement yet.

Hardware encryption based on FPGA - Looking for suggestions and comments

  • Filter
  • Time
  • Show
Clear All
new posts

  • Hardware encryption based on FPGA - Looking for suggestions and comments

    Hi guys, my first post :)
    I am working for a few years in what I strongly believe is a very interesting and promising project: a custom-built encryption chip (based on FPGA). My approach and philosophy has been "don't trust anything and anyone" when it comes to security and encryption. Hence I decided to build hardware encryption based on an FPGA chip (in the future it will become an ASIC). Of course, is no point to reinvent the wheel and create (try) any new encryption algo because there are plenty very safe and open source. So in the beginning, I did extensive research trying to understand what the international crypto community considers safe (I am referring to ECC parameters, etc) and not what a gov or business entity wants you to believe so. The result is an interesting combination of algos: Camellia, ECC25519, Skein and a TRNG. Then we packed them in one small hardware unit and the first version of our "box" was a Linux stick (ARM core) running those algos in SW on top of it. We even built an Android App to test the end2end encryption "Signal style". In fact, we implemented an architecture almost identical to the SilentCircle one to proof the concept. It all worked. Then we moved to make things "safer". The first issue was to better protect the encryption key, can you trust any OS to keep it safe? Let's start to use a Secure Element or HSM to manage the encryption keys and to encrypt the data. However, can we trust an HSM ASIC chip coming from a traditional international company? Well ... ehm ... no. So, the last bit was to build our own and to move everything into an FPGA chip, we did. We built our own HSM entirely running in HW (via Verilog) and being doing so we also remove the Operating System hence reducing the possible surface attack. Now we have an "HSM on a chip" which is the basic building block for any truly secure application, it offers those algos I mentioned together with a nice TRNG (not pseudo) which we can now really have since we run on real hardware. Of course, being an FPGA we can be very transparent and let any third party inspect to be sure there are no backdoors, can you do it with mainstream commercial encryption ASIC? Well, no.
    The last bit: we are now building a new PCB (small form factor and open source) which contains just the FPGA chip and the power circuitry with few interfaces (e.g. SPI, I2C, UART) available for integration. My aim is to allow the makers/tinkers community to use it, test it, experiment it and help me improving under all aspects.
    I need your help and the help of the ones you think might be interested: can you suggest or comment about how would you like to use it? Which kind of interfaces would you prefer e.g. UART/SPI? Which kind fo SW protocol would you like to see to be able to use it? Do you think it is a useful project for this community?
    Thank you for the help and for any feedback.