Arno Wagner: Can you recommend any decent books on the subject of physical tampering resistance and secure cryptographic hardware design? Thanks. On 10/29/14, Arno Wagner <arno@xxxxxxxxxxx> wrote: > On Wed, Oct 29, 2014 at 11:33:24 CET, Ralf Ramsauer wrote: >> On 29.10.2014 11:24, Cpp wrote: >> > The thing is I planned to use a microcontroller to store an encryption >> > key in its RAM, and I see the device uses SRAM, so this might be a >> > problem? >> > http://www.atmel.com/Images/Atmel-8271-8-bit-AVR-Microcontroller-ATmega48A-48PA-88A-88PA-168A-168PA-328-328P_datasheet_Summary.pdf >> >> Yes, comments :-) >> >> First of all: are you going to store the Masterkey or the Passphrase / >> Keyfile which is used for key derivation? >> If you're going to store the master key, you don't need Luks at all, >> this would also be a solution for your detached-header problem. >> >> But.... >> >> How do you want to realize the communication between the µC and you >> Linux Box? Over Uart? (Uart communication can _easily_ be sniffed, so be >> aware of that....) > > If an attacker has access on that level, they can probaly just do > a memory-freeze attack or a fire-wire attack. Remember that > disk encryption does not protect data while the system is running > and has the data decrypted. > >> Also don't forget to deactivate the JTAG interface. Otherwise the µC >> could get debugged... And don't forget to set the correct FUSE bits >> (disallow reading / writing from / to flash / EPROM memory, ....) >> And did you know, that CPU operations can be reconstructed by small >> fluctuations in current[1]? How do you want to solve this issue? >> >> How does the key get to the µC? >> >> Aah, almost forgot to mention: you talked about to use a RNG on your AVR >> to move the key around. RNG on AVR? From where do you get your entropy? >> I don't know much about this project, but maybe this helps you [2]. >> >> There are *so* many traps... Do you really think this is a good idea? > > I think this is mostly intended as a project to learn. As such > it should do well. But do not expet this to be secure against a > competent attacker. > > Arno > >> [1] http://en.wikipedia.org/wiki/Power_analysis >> [2] http://www.das-labor.org/wiki/AVR-Crypto-Lib // >> http://www.das-labor.org/wiki/AVR-Crypto-Lib#PRNGs >> >> Regards >> Ralf >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@xxxxxxxx >> http://www.saout.de/mailman/listinfo/dm-crypt > > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx > GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 > ---- > A good decision is based on knowledge and not on numbers. -- Plato > > If it's in the news, don't worry about it. The very definition of > "news" is "something that hardly ever happens." -- Bruce Schneier > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
