By: Karen O’Donoghue
Date: November 1, 2015
Most people think of the IETF as software and protocols, but at IETF 93, a CrypTech workshop gave participants the opportunity to work together on open source hardware: cryptographic engines developed by a multinational team designed to restore the public’s trust in cryptography.
What Is the CrypTech Project?
The CrypTech project was motivated by the loss of trust in cryptographic algorithms and products resulting from revelations of pervasive monitoring and potentially compromised algorithms and products. It evolved out of discussions within the IETF and Internet Architecture Board (IAB) community.
CrypTech was founded as an independent international development effort to create trusted, open source designs and prototypes of an inexpensive hardware cryptographic engine. The first output from CrypTech will be a trusted reference design for a Hardware Security Module (HSM, a specialized device used to securely store the public/private key pairs used with digital certificates, most commonly used in Secure Sockets Layer/ Transport Layer Security (SSL/TLS). CrypTech’s open source HSM can be used as the basis for commercial products; CrypTech supports the Internet community by providing an open and auditable alternative to existing crypto devices. CrypTech’s first use case is for HSMs. However, there are other applications for this type of technology. The CrypTech development model is based on a composable system that lets the designer select the bare minimum of components needed, thereby further reducing the risk and attack surface of a CrypTech-based device.
CrypTech is starting from the bottom up by implementing a wide variety of cryptographic algorithms to be loaded into a specialized Field Programmable Gate Array (FPGA), designing the hardware required for a true random number generator (TRNG), building high-assurance auditing and management tools for key and cryptographic operations, and writing the necessary support software to link the CrypTech HSM to existing public key infrastructure (PKI) applications such as DNSSEC and RPKI.
By moving the research and development (R&D) associated with hardware PKI to the Internet community, CrypTech can dramatically reduce costs. This gives enterprises the opportunity to make much greater use of cryptographic hardware, thus increasing overall security compared to software-based key management.
CrypTech’s goal of designing a hardware cryptographic device is significantly more complicated than writing open source software. Because the project must integrate both hardware and software components, there are also real materials costs that most open source projects don’t incur. For example, CrypTech has to build a tamper-proof system, so that if the hardware falls into the wrong hands or under physical attack, the device won’t release the keying material.
CrypTech is also building a true random number generator that requires some specialized hardware components to be a source of “randomness.” Cryptographers have always been critical of algorithmic methods of generating random numbers; poorly written random number algorithms have been critical factors in security failures. A true random number generator is an important building block in a secure cryptography infrastructure. CrypTech’s initial TRNG has been tested by a number of reputable sources and the reports are amazingly positive.
The most significant hardware component in the CrypTech project is the use of an FPGA for crucial cryptographic functions. When an encryption or hash algorithm is written in software and built into a general-purpose central processing unit (CPU), or loaded into a general-purpose computer, such as a Windows or Linux system, it remains very vulnerable to attack. Software can be changed, often very subtly. Memory contents can be read during operations. Even the length of time to perform operations can be measured and reveal information. However, when the cryptography is performed in a dedicated hardware device, completely inaccessible to the normal operating system, these weaknesses are reduced significantly.
The CrypTech Workshop at IETF 93
From its very beginnings, the motto of the IETF has been “rough consensus and running code.” The weekend preceding IETF 93 was filled with activities that highlight the development of open source running code including the Code Sprint, the Hackathon (page 14), and finally the CrypTech (www.cryptech.is) workshop. All of these activities involved open source software, but CrypTech also included open-source security hardware.
During this workshop, participants were able to configure their own prototype hardware based on CrypTech designs and software. Participants were able to bootstrap the cryptographic services on the prototype hardware, configure it to use PKCS11 for communications to a server, configure OpenDNSSEC to get its keys from the CrypTech prototype, and finally use the system to perform DNSSEC zone signing.
An overview of CrypTech, including results from the workshop, was discussed in the IETF Security Area Advisory Group (SAAG) and IRTF Crypto Forum Research Group (CFRG) sessions. Detailed questions about the status of implementation, including specific algorithm support, illustrated the interest in and relevance of the effort.
In addition, George Michaelson summarized his workshop experience and posted photos in a detailed blog post at https://blog.apnic.net/2015/07/21/its-alive-blinkenlights-in-cryptech-ietf93/.
Community Support for CrypTech
Open source has been one of the major success stories of the Internet, and open source software is part of every piece of hardware and software produced today. The CrypTech project is no different: by bringing an open source philosophy to cryptographic software and hardware, the plan is to increase trust and transparency, offer alternatives to commercial products, and reduce costs. To learn more about CrypTech, including how you can help support this important effort, visit https://cryptech.is.
What Is a Hardware Security Module?
A hardware security module (HSM) is a specialized device designed to securely store the public/private key pairs used with digital certificates. An HSM provides significant additional security for enterprise PKI and CAs because it removes the need—and the risk—of storing keys on disks or in memory.
When an HSM safeguards a private key, it must also be able to perform cryptographic operations with those keys. For example, when a CA needs to sign a digital certificate, it sends the information to the HSM and requests that the HSM create the digital signature. The HSM signs the certificate, and sends back the result.
Storing keys out of reach of any application ensures that they are never exposed outside of the HSM and cannot be stolen, as they cannot be retrieved from the HSM.
HSMs implement a combination of storage, cryptographic, and auditing functions, including:
- •Key storage, backup, and management, including hardware tamper resistance.
- •Accelerated cryptographic processing, including common hash and encryption algorithms.
- •A true random number generator.
- •System management and integrity, including logging, authentication, and auditing.