# Cryptowarez

# A survey of Hardware Crypto Devices BSidesPDX

Updated: 17 September 2016



- 1. Introduction
- 2. Classical
- 3. Big Iron
- 4. Embedded

#### INTRODUCTION



- Owner of Cryptotronix
- Went around-the-world on a submarine
- $\bigcirc$  I get sea sick.

So, why do we want crypto hardware?

- Crypto offloading (algorithm acceleration).
- Key Protection.

THOSE TWO ITEMS ARE THE FOUNDATION

From those, more advanced security features are built.

Of course, if you undermine those ....

## CLASSICAL

# Modern Crypto Hardware



- First wide-spread modern dedicated crypto hardware
- Performs encipherment and decipherment in human time.
- Key management was a bit of a challenge
- Not recommended for new designs!!

## **BIG IRON**

# Hardware Security Modules





Source: https://www.thales-esecurity.com

- O Up to FIPS 140-2 Level 3
- PKCS#11 Interface,
  OpenSSL Engine, Java JCE,
  Microsoft CAPI and CNG.
- Uses: PKI management, code signing, payment processing, file encryption.
- Expensive.
- Cloud providers have some integration now: Azure & AWS.
- Heavily proprietary.

# Cryptech: HSMs for the people!



Source: https://www.crowdsupply.com/cryptech/ open-hardware-security-module

- PKCS#11 over USB
- SHA-1 and 2, RSA and ECDSA (NIST)
- TRNG
- Contains an Artix-7 FPGA, ARM Cortex-M4 and ATtiny828 (for tamper detect)
- Heavily Open: Everything under BSD or CC license

## **Cryptech: Architecture**



#### Digilent Zybo Zynq-7000

| IP Core               | LUTs | FF   |
|-----------------------|------|------|
| CHACHA2O <sup>1</sup> | 3585 | 3727 |
| SHA1 <sup>2</sup>     | 1717 | 1563 |
| SHA256 <sup>3</sup>   | 2296 | 1856 |
| SHA512 <sup>4</sup>   | 5310 | 3735 |

<sup>1</sup>50MHz core clock and 250MHz AXI bus (1 round of encryption per core clock) For salsa20, its 20 rounds per block

<sup>2</sup>100MHz core clock and 100MHz AXI bus (1 round of encryption per core clock)

<sup>3</sup>70MHz core clock and 70MHz AXI bus (1 round of encryption per core clock) <sup>4</sup>60MHz core clock and 60MHz AXI bus(1 round of encryption per core clock)

#### Embedded

| Vendor          | Product     | Proc   | Notes                 |  |
|-----------------|-------------|--------|-----------------------|--|
| Freescale (NXP) | К8О         | M4     | HRNG, AES, MPU, en-   |  |
|                 |             |        | crypted flash         |  |
| STMicro         | ST33G1M2A   | M3     | HRNG, AES, NESCRYPT   |  |
| Infineon        | P SLJ 52ACA | 16-bit | AES,ECC,RSA,EAL5+     |  |
| Microchip       | CEC1302     | M4     | ECC,RSA,SHA,AES,HWRNG |  |
|                 |             |        | No flash              |  |
| Maxim           | MAX32550    | M3     | AES,SHA,HWRNG,Secure  |  |
|                 |             |        | Boot                  |  |

| Vendor | Product     | Notes                                |  |  |
|--------|-------------|--------------------------------------|--|--|
| Atmel  | ATSHA2O4A   | SHA256, HMAC, Open Datasheet         |  |  |
| Atmel  | ATAES132A   | Encrypted 32K EEPROM, Open Datasheet |  |  |
| Atmel  | ATECC508A   | ECDSA, ECDH, P-256                   |  |  |
| ST     | STSAFE-A100 | EAL5+, AES256 KW, ECDSA/ECDH         |  |  |

○ 204/508 kernel driver:

https://github.com/cryptotronix/atsha204-i2c

- 204 cli: https://github.com/cryptotronix/hashlet
- 204/508 lib cli:

https://github.com/cryptotronix/libcrypti2c

○ **508 cli**: https://github.com/cryptotronix/EClet

# CryptoThings







Lots of other hardware crypto areas, but you know, 20 minutes :(

- 1. Smart Cards
- 2. Secure Elements and NFC Controllers
- 3. PKI USB Tokens
- 4. U2F Tokens
- 5. Bitcoin Hardware Wallets
- 6. A smart card that runs BASIC and ECDSA
- 7. Crypto IP in most radio MCUs

#### **GROWTH OF HARDWARE CRYPTO**

Hardware crypto is growing with IoT. Silicon vendors are expanding the IP which is trickling down to custom ASICs and COTS ICs.

- 1. Dedicated crypto hardware may reduce software exploits, but it may *increase* hardware attack vectors.
- 2. Hardware is well, hard to change.
- 3. Few vendors providing non-NDA and open-distributor access.
- 4. A2: Analog Malicious Hardware

#### SECURITY ENGINEERING STILL REQUIRED

Hardware crypto does not alleviate proper threat modeling and risk mitigation.

#### WE NEED MORE OPEN CRYPTO!

Vendors have their part in adding security, but tools, knowledge, and application are what will turn the ship.

#### Das Ende



- www.cryptotronix.com
- $\, \odot \,$  Just ask for Josh ;)