CrypTech Open Hardware Security Module (Alpha Board)
An independent international development effort founded to create a trusted, open source, inexpensive, hardware cryptographic engine.
The CrypTech Alpha is a standalone prototype key-storage and hardware cryptography platform, targeting applications where security is paramount. CrypTech has created a trusted reference design for a hardware security module (HSM) that can be the basis for commercial products.
Internet users seeking to encrypt data and preserve their privacy have a wide variety of open source tools to choose from. But not every tool has open source alternatives, particularly security hardware, which is a small market dominated by a handful of vendors who offer exclusively closed source and proprietary products. That’s where CrypTech comes in.
Hardware Security Modules
A Hardware Security Module (HSM) is a specialized device used to securely store the public/private key pairs used with digital certificates. An HSM provides significant additional security for enterprise PKI and CAs, because it cleanly separates at a hardware level the storage of keys from the machine running the application making use of the keys. In essence, an HSM removes the need – and the risk – of storing keys on disk or in memory of a machine with a large, outward facing attack surface.
The CrypTech Alpha Device
The CrypTech Alpha is a proof-of-concept device that demonstrates much of the functionality of an HSM. It consists of software and configurable hardware (an FPGA) to perform a range of cryptographic operations. The CrypTech Alpha is implemented as a card with an ARM processor and an FPGA. The FPGA can be configured to support a wide range of cryptographic primitives. The first set of primitives is designed to support applications requiring high-assurance signing, such as DNSSEC. Additional cryptographic primitives can be added and configurations developed.
Who Needs The CrypTech HSM Alpha Board?
The CrypTech Alpha is useful for key management operations that HSMs are typically used for. It is also useful for signing operations typical in DNSSEC deployments. It is very much an Alpha board and while it has a useful set of functionalities, not all functionalities in a commercial HSM are yet implemented.
Features and Specifications
- Eurocard form factor
- PKCS#11 over a pair of USB interfaces
- digests (SHA-1, -2, -224, -256, -384, -512)
- ciphers (RSA-1024, -2048; ECDSA P-256, P-384, P-251)
- true random number generator
- packaged software for the Alpha Board and software to interface to it
- all project results available under BSD or Creative Commons licenses
Many more details about this project can be found at CrypTech.is.
The Cryptech Project maintains APT and Homebrew repositories containing packaged software for the Cryptech Alpha board for Debian and Ubuntu Linux and for Mac OS X. The binary packages also include pre-compiled images for the Alpha Board’s Artix-7 FPGA, Cortex M4 ARM CPU, and AVR ATtiny828 MCU.
As the Alpha is currently very much an alpha and hasn’t been optimized for performance (and the feature set doesn’t include what some commercial HSMs include), it is difficult to compare it to other products on the market right now.
Building Open Source Hardware is Expensive
Writing open source software tools requires only a small investment: a personal computer, time, and little else. Building open source hardware is another matter. Developing prototype boards, burning code into specialized chips, and creating special-purpose circuits require a substantial investment.
CrypTech brings the ideas and philosophies of open source software and transparent development to hardware cryptography. CrypTech’s hardware designs are free for everyone to use, including individuals, organizations, and hardware manufacturers. They also may be used as the basis for new cryptographic products. The CrypTech team is geographically diverse; its members reside in Germany, Japan, Russia, Sweden, the United States, and elsewhere. With a proposed budget of nearly USD $1,000,000 a year, CrypTech has laid out a three-year plan to provide tested, open source reference designs for cryptographic hardware, and is protecting these designs with licenses that enable use and reuse.
The goal of this Crowd Supply campaign is to recoup some of the costs of manufacture while at the same time distributing real hardware to developers.
Manufacturing will be carried out in small batches of roughly 25 or 50 units at a time. Batches after the first batch might include changes in the design and functionality based on feedback from previous batches and continued development by the CrypTech team.
The project is hosted by the Swedish University Network (SUNET) in collaboration with its subsidiary NORDUnet A/S that provides financial and administrative support for the project. Hosting for the project is provded by RHnet, the Icelandic Research & Education network.