[Stefan] was nervous about putting the secret key for his Amazon Web Services account in his config file. In the security world, storing passwords in plain text is considered a very bad thing. but luckily there are ways around it. [Stefan]’s solution was to make a hardware security module out of the newest ARM-powered Arduino Due.
The build puts the secret key for [Stefan]’s AWS account right in the firmware of the Arduino Due (with the security bit on the Arduino flipped, of course). A Python web service then receives sign requests and talks to the Due over a serial port. The Due then signs the request and sends it off to another bit of Python code that handles the AWS API.
Hardware security modules are used through three-letter government agencies to manage cryptographic keys and ensure that your data is well encrypted. Instead of a hardware module costing tens of thousands of dollars, [Stefan] only costs the value of an Arduino Due; Not bad for a hardware security module capable of signing more than 2000 requests per second.
Clean.
Ehm, I’m guessing referring to the collisions in MD5. SHA has not yet had a collision/practice/attack.
It’s used for private use and it’s a hell of a lot safer than just leaving the key lying around. . .
Be careful not to ‘break’ the hardware……
A little bit of security? Remove the rosin from the IC (https://berlin. ccc. de/wiki/Experiment:_IC-Entkapselung_mit_Kolophonium) and then repair the fuse (http://www. flylogic. net/blog/?p=176).
Or search eBay for a Chinese company that can do it for you for a few $1000s…
let’s call it an “HSM” to build it, but a single client chip is obviously an HSM.
But security is a trade-off between money and risk, if the protected object is rarely worth the $1,000 needed to break the protection, then it’s safe. . .
Lock the door and don’t side with the FBI. Hyperbole-saturated problems solved.
This only stops the attacker from getting the plaintext password. If someone smuggles a trojan onto his PC, he can sign any requests anyway. (And this is a fundamental problem for which there is no easy solution – real systems usually verify the transaction contents on the HSM.)
I’ve already created grounded ARM, ECDSA, and RSA answers that manage everything in a POP SDRAM and asked a libusb solution to do what I was looking for with signing or encryption/decryption, etc.
The challenge is that you can’t license the ARM cryptographic SDK, and the chips don’t have a secure ROM option for silicon coverage if you’re not the primary vendor. . . It is, at best, a low-end security solution. . .
Drone silicon exhibits “obfuscation” and mesh complexity, and Third World governments complete renewables in a consecutive week. . .
Like I said: even if it’s well implemented, this is low-quality SOHO at best.
You could implement a bytecode VM in firmware and a PHY crypto protocol handler inside that, all on top of ARM domain handling, and I could still scrape data from a userland process dropped by a exploit with proper user…
Couple of answers to what I read above:
Yes, as I said in the blog post, this is by no means the best solution, but it raises the bar a lot. If you need a charging layer on top, you can charge it. Take the source. Please submit a pull request and I will present you with your improvements.
AWS supports both SHA1 and SHA256. I chose SHA1 because I thought SHA256 was too heavy for the Arduino Due. I will actually implement that and see how much the difference is. Also, yes, weaknesses have been found in SHA1. But ‘SHA1 has been cracked’ simply shows a lack of knowledge about this specific domain. Please google that and you can read what ‘cracked’ really means.
Note that the brute force of the HMAC-SHA1 hash to download the AWS secret requires a plain text message. Since all AWS communications are done over SSL, we first want to launch a much more complicated attack on the network infrastructure.
Theoretical hardware attacks are fun. Several other people have talked about corporations that can reset the security bit, but no one has been able to give an indication of a genuine company. I would like to know more about this and if anyone has genuine data about this express chip. , please pass it on.
Also, in the time it takes to physically walk in and borrow that Arduino, open the chip, reset the fuse, I’d probably realize that my cute holiday supply is gone or that the signature internet service fails because something has gone offline.
The wonderful thing about AWS credentials is that you can revoke them and generate new ones in about 15 seconds. Since it’s only used to signal requests, the old keys are now there because I hit the “Revoke” button while you’re still setting up. your electron microscope.
People, this is a weekend hack. Not a commercial grade FIPS compliant product. I had fun doing this and I learned a thing or two about the new ARM based Arduino.
Amen! And it’s great!
Very good homework and great reaction to flame-bait.
Hi Stéphane –
Flylogic Engineering is one company that can decap ICs and reset their fuse bits (full disclosure, I work for IOActive, which bought Flylogic a few months ago). Their blog shows some chip teardowns, highlighting where the fuse bits are located for some CPUs.
However, I agree, it is “excellent in theory”, but in practice it is useless compared to maximum systems. In your case, you would definitely realize that if a bad guy were to steal your hardware device and revoke the key stored on it, they would build a new module with a new key and put a new lock on your 🙂 door.
Key control is a complicated task for most businesses. It’s fantastic to see such an affordable security token become open source. Congratulations on a great project, Stefan, and thanks for posting the main points about it!
Key management: Kerberos(or the like) + signed Certificate Authority * IPSec. Simples. No need for fancy hardware.
I can only agree with you, it’s a great project, I was just reacting to HaD’s article that said it’s a smart choice for professional products that charge “tens of thousands of dollars” while similar responses at most are very safe and charge tens. dollars. . .
Thanks for sharing! It’s a very undeniable and well-done evidence of concept and it’s great to see great projects like yours here that I’d like to feature more often.
But don’t be surprised when other people react to generic statements like “It’s questionable that a cure is possible” and the like that are ambitious and unexpected claims, coming especially from a “security equipment engineer at Mozilla. “
Would it be possible to port this to a teensy3?
I think exactly the same. Perhaps an Arduino Nano would also be a better choice. It’s smaller, consumes less power, and is less difficult to hide.
Well done. I’m a little curious as to why this wouldn’t be imaginable with an Arduino or a Picaxe.
As mentioned, the safety of a formula is at the weakest link.
If you can’t accept as true the operating formula for access controls on the platform accessing the HSM, adding an HSM that is accessed through the same formula only adds complexity but provides almost no security.
You should also consider the AWS key control procedure. Using an HSM to purchase the AWS key and only a password to be able to request a new key would also be unbalanced. Therefore, Amazon’s double thing is also mandatory to buy back the balance.
Bottom line: when comparing a conceivable solution to mitigate a given risk, it’s advisable to have a clearer idea of the risks involved (unless, of course, you’re doing it as a hobby ;-)).
These allow you to inject keys and generate key pairs on the device and then use them in the same way as the display.
HAS. . . . Don’t accept it as true with a SafeNet product. They are inflamed by Chinese hackers and refuse to do anything. The IOC closes its eyes and prays. Its source code is preserved over and over again, and its internal security practices are non-existent. They do NOT have internal controls or control over their infrastructure.
. . . . and that as many government agencies use them as possible.
TD: Do you have any resources or methods to determine the validity of your statements above? I would like something else to raise the factor to my CTO.
I know you TD. 🙂 It’s true about the Chinese.
If your “Arduino” code is small enough, or maybe it’s just a Digispark. If you haven’t noticed one, those reasonable “Arduino femto” sets have a built-in USB “A” connector, and the entire unit is slightly larger than a popular USB “A” connector, 0. 69″ x 0. 74″ x 0. 18″. A small and ideal security key in the shape of a “pocket key ring”!
Look for STM32F4DISCOVERY in mouser. com: double the memory and speed of a Due for $15. Bulky yes, super cheap.
You can do this on a smaller chip or arduino but keep in mind that the signing is cpu intensive and that you would need to accept relatively big messages and store those in memory.
The Due with its Cortex-M3 is ideal, it has a lot of strength and memory.
With smart programming, you can probably accomplish this on an ATmega, however, SHA1 didn’t evolve with 8-bit processors, so it would be an attractive challenge.
I love how even the lighthearted reviews are trolling and inflamed here. . . You may have simply pointed out that they don’t fit 1-four of the FIPS they claim and can still be removed via OCD and GPIO. . .
Too many people cutting corners on sensationalized projects, don’t blame the people giving honest opinions…
How can I remove the contents of the chip via OCD and GPIO if the secure bit is configured?Is there a way for the chip to forget about this setting?
Although it’s a neat hack, the premise is a bit moot considering Amazon has a Security Token Service and identity federation so you don’t have to put your secrets in source code.
Be kind and respectful to make the feedback segment great. (Comment Policy)
This is what Akismet uses to reduce spam. Find out how your observational knowledge is processed.