usbHSM - a consumer available, low cost hardware security module

[aron.starnitzke]

Hello!

I am Aron Starnitzke, a 19 years old student from Germany.
Yesterday, I started a crowdfunding campaign for my current project, the "usbHSM".
The "usbHSM" is a high security device, implementing all features of a hardware security module while adding some, that may be quite useful for the consumer market.
These features include:
   - GoogleAuthenticator support
   - Bitcoin Hardware Wallet with advanced features, such as automatic generation of a new address for each new transaction
   - AES encrypted, internal storage
   - Timestamping function, signing the current module time with a previously specified, internal key

It is available in three different versions:
   - "Basic": The least secure device. Its protection is mainly based on software. This device is most suitable for the general user, since his home could be considered a reasonably secure environment. To improve security of the device, it will be potted in epoxy, providing some protection at the physical layer. This device would qualify for FIPS 140-2 Level 2.
   - "Security": ... implements hardware tampering sensors / response circuitry, immediately deleting all keys, once a tamper condition is detected. It features all the security measures deployed in the "Basic" version. This device would qualify for FIPS 140-2 Level 3.
   - "High Security": ... is designed with a later FIPS 140-2 Level 4 rating in mind. Thus all security features of the "Security" version are implemented, as well as monitoring of the devices environment, such as temperature and operating voltage. It is fully EMI shielded.

All devices run on an internal, replaceable LiIon battery pack to provide sufficient energy for RTC operations and - in the "High Security" version - environment monitoring.


The campaign is available at http://igg.me/at/usbHSM.


Thank you very much for your support!

Yours sincerely
Aron Starnitzke

[fluxcapacitor]

Whats the difference between yours and a yubikey .

[Legit-Design]

I spent 5 seconds searching for a picture that simply explains this thing, after that I tried to click on the picture on top of the page to play the video, but it wasn't a video. 
No real pictures or a video about anything. Will the final product have that same display with touchscreen on it?

Maybe a quick cool elevator pitch video about this explaining it and showing it? Then some more technical video for people who are interested? You did read the instructions for crowdfunding about how a video and pictures increase chance of success?

[ctz]

Some miscellaneous questions from someone who wrote firmware for the most popular HSMs on the market (until I quit 18 months ago):

Have you ever made a HSM or security hardware before?

What uC are you using here?

Who is supplying your tamper response envelope/mesh?

(btw, I think your units are off on performance comparison. Most general purpose HSMs do 1500-10000 RSA-1024 private operations per *second*, not minute. Also comparing RSA-1024 private operations and point muls on NISTk192 is a meaningless comparison.)

[aron.starnitzke]

@mojo-chan
Thank you for your response.
I know, that tamper detection/response is quite difficult, so is cryptography.  The devices are built according to the FIPS 140-2 standard, however, I think it would not be feasible to let the "Basic" + "Security" versions be evaluated, since they are intended for customer use only and evaluation is very expensive and time consuming. The "High Security" version however will be considered for evaluation, if the funding exceeds 110000€, since a FIPS 140-2 Level 4 evaluation costs approx. 10000€ (and takes a few months to a few years).
The currently preferred LiIon 1000mAh packs will enable the "Basic" + "Security" modules to run for approx. a month, since the MCU features an own, independent, ultra low power input for RTC only. Since for the "High Security" variant, a second MCU monitors voltage and temperature of the device while running, it has significantly lower battery life. Without a prototype for testing, I can only estimate the power consumption of this circuit. It should be somewhere around 7 days.
I am aware of the shipping restrictions.
The timescale is quite short, since most of the development has been completed. The hardware design is currently under last revisions, especially regarding high volume production optimization and production testing. All cryptographic/crypto-related implementations have been completed, USB communication implementation is nearly finished. The user interface is not finished, however this is not that big of a deal. The hardware design should be finished within the next 2 weeks.
Extensive software security testing will be performed after the full software packet has been completed.
Currently, I am working on my own. I have a very specific schedule to be able to archive sufficient studying whilst completing this project. This is the first time I am developing a complex project for high volume. Third party help may be employed, if a situation should evolve which exceeds my personal skillset.
As mentioned in the project's description, manufacturing of the boards and assembling is done by two German companies.

@fluxcapacitor
The YubiKey is a two-factor authentication device. Although the usbHSM is capable of providing two-factor authentication by use of a GoogleAuthenticator implementation, its main purpose is completely different. This device features secure key management and usage of cryptographic keys. For this, it features AES, ECDSA, HMAC, SHA1/-2 implementations. Additionally, previously mentioned, customer targeted features have been added, that base on the features, the HSM implementation offers.

@Legit-Design
Yes, I did read those. I am currently working on a video. As described, currently no prototype exists, therefore, the provided picture is of a development board. As soon, as the first prototype has been produced, a video about it will be posted. Please be patient!
A simple explanation of what the device can do will be posted on Friday. The display will be a very similar one and yes, it will contain a touchscreen.

@ctz
I have not previously built a HSM before.
An LPC4357, where the M0 is used exclusively for crypto-operations.
Currently, the best company that fit my needs is W. L. Gore & Associates, Inc.
Thank you for informing me about the mistake.

@mojo-chan
Thats why I choose to not implement it, yet. But the problem of the NSA is present in basically all crypto-implementations, since the standards are provided by NIST...

Thank you very, very much for your critical questions. I hope, that I have been able to answer them sufficiently.


Yours sincerely
Aron

[tjb1]

Don't even have a prototype and already trying to get funding...what a joke

[poorchava]

What are the precautions against silicon-level attack (like die probing or backside attack)?

[Legit-Design]

Indeed, how about make a prototype fully enclosed in case that looks just like what you are going to sell. Maybe a pre-production run of a panel fully populated tested and working. Or do you have people who have done this before and know what they are doing? All that using your own money, or borrowing money from people you actually have to answer to eg. parents or relatives. If you still don't qualify for kickstarter, go with IGG, but tell backers the truth about the risks. Even after all that the odds will be against you if you are going to deliver anything, or deliver in time. Don't try to get the money so you can learn this stuff.

EDIT: maybe change Projected Timeline / Project progress from 2014 to 2015 or 2016

[Bud]

Some miscellaneous questions from someone who wrote firmware for the most popular HSMs on the market (until I quit 18

 - im hoping it was not Thales, their Edge USB HSM is utter garbage.

[Bud]

Cm'on people, Aron's project is a consumer grade device. You can not require same level of rigor as for a industrial fips certified one. And by the way, Racal/Thales sold non-fips-certified HSMs for years.

Aron - kudos to you for intelligent answers and level of commitment at your 19 years old age. Though i do have doubts as to your target dollar amount and how you going to educate the consumer to make them buy the device, if you pull it off you going to have a bright future.

[ctz]

- im hoping it was not Thales, their Edge USB HSM is utter garbage.

sorry

to be fair the edge was a compromised design to start with: it's a 2000-ish serial embedded hsm with ftdi usb-serial on the front. then all the usb software support was bodged on (eg, no sensible hotplug support). on the other hand, it was designed as a remote smartcard terminal, not a full HSM, and only released as a HSM after someone said the wrong thing to marketing/PM

[aron.starnitzke]

@Bud
Thank you for your support!

So what happens after 7 days? Keys erased?

Yes, the keys will be deleted at <5% battery level; a warning is issued at <10%. Since the "High Security" version uses a second MCU for voltage/temp. monitoring, these levels can be adjusted (cut-off must be >=2%); for the other versions, they are fixed.

@Those who demanded building a prototype
I did initially consider building a prototype prior starting the campaign, however, I decided not to for the following reasons:

• The device is currently developed on a Keil development board, which gives me the maximum of flexibility in testing all required components, including the tamper sensors.
• Building a prototype would result in considerable costs, since the MCU is under subject of minimum order quantities of 90 devices at a price of 13$ per device. This is no problem for when I am going into production, but investing this sum just for a prototype is anything but economical.
  Why would I invest in a prototype which limits me in my flexibility. The development board partially visible in the project's picture is more than enough.

What are the precautions against silicon-level attack (like die probing or backside attack)?

As mentioned, the "Basic" device does not implement any physical tamper protection other than potting. Versions of "Security" and upwards do employ a tamper sensing mesh and other measures such as light sensors.

Or do you have people who have done this before and know what they are doing?

I think I know very precisely what I am doing...

All that using your own money, or borrowing money from people you actually have to answer to eg. parents or relatives. If you still don't qualify for kickstarter, go with IGG, but tell backers the truth about the risks.

Excuse me, but what exactly do you think I used for purchasing the required development tools for this kind of project? And - correct me if I am wrong - according to my interpretation of the crowdfunding-concept, the campaign initiator is fully responsible for meeting his claims. He has to refund the money that has not yet been spend if the project would fail.
And how would you know, I do not qualify for Kickstarter? I do not qualify for Kickstarter, but for the fact that I do have German citizenship and am no permanent resident in neither of the currently supported countries. Kickstarter would have been my preferred place, but they did deny me the right to use their platform.

To those who seem to be interested in the project to some extend and do reply with constructive criticism/encouragements: Thank you!

[Legit-Design]

Some constructive criticism:
Learn from other peoples mistakes. There is a very good reason why most credible crowdfunding platforms now require a working prototype of the hardware that is going to be sold. Even people who have professionally done product manufacturing first have failed.

And how would you know, I do not qualify for Kickstarter? I do not qualify for Kickstarter, but for the fact that I do have German citizenship and am no permanent resident in neither of the currently supported countries.

My bad,  I thought they allowed major european countries now, but looks like they only allowed Netherlands... 

@Those who demanded building a prototype
I did initially consider building a prototype prior starting the campaign, however, I decided not to for the following reasons:

• The device is currently developed on a Keil development board, which gives me the maximum of flexibility in testing all required components, including the tamper sensors.
• Building a prototype would result in considerable costs, since the MCU is under subject of minimum order quantities of 90 devices at a price of 13$ per device. This is no problem for when I am going into production, but investing this sum just for a prototype is anything but economical.
  Why would I invest in a prototype which limits me in my flexibility. The development board partially visible in the project's picture is more than enough.

Sounds like you did yourself a huge disfavour right there.

Or do you have people who have done this before and know what they are doing?

I think I know very precisely what I am doing...

So you have experience to pull this off without a hitch? Mistakes cost money, mistakes need to be made first to learn from them. You don't just bring someone in and pay them professional salary and expect someone to work some magic and make every problem go away. Some professional people are smart enough to stay away. Some will just take the money and continue taking it, because well why not?

Excuse me, but what exactly do you think I used for purchasing the required development tools for this kind of project? And - correct me if I am wrong - according to my interpretation of the crowdfunding-concept, the campaign initiator is fully responsible for meeting his claims. He has to refund the money that has not yet been spend if the project would fail.

Don't take that road, when would you admit that the project has failed? After 1 year of not delivering anything? After 2 years of not delivering anything? Will the working on spec prototype be always "around the corner and going to be amazing", so people should just sit tight and wait for their money to drain away? Even if some people want to believe in this product and don't want you to refund them, they are just misleading themselves. Few thank you messages and pictures how the rest of the money was used is not going to make it ok.
Development tools don't equal a successful actually on the spec working prototype, you just started, how many times will you change your spec?

[tjb1]

@Those who demanded building a prototype
I did initially consider building a prototype prior starting the campaign, however, I decided not to for the following reasons:

• The device is currently developed on a Keil development board, which gives me the maximum of flexibility in testing all required components, including the tamper sensors.
• Building a prototype would result in considerable costs, since the MCU is under subject of minimum order quantities of 90 devices at a price of 13$ per device. This is no problem for when I am going into production, but investing this sum just for a prototype is anything but economical.
  Why would I invest in a prototype which limits me in my flexibility. The development board partially visible in the project's picture is more than enough.

Uh, because you are trying to raise $113,117.00 with no visible prototype?  Pretty clear cut reason why and easily the reason why you have no supporters.

[Legit-Design]

http://arstechnica.com/gadgets/2014/07/how-one-kickstarter-project-squandered-3-5-million/
Kickstarter project spent $3.5M to finish a working prototype—and ended in disaster
https://www.kickstarter.com/projects/myidkey/myidkey-passwords-at-the-tip-of-your-finger

Isn't this very similar to your project? 3.5M$ gone in the wind just trying to produce a working prototype. There must be alot more into to prototype building than one might at first glance think.

NOTE: I'm not trying to discourage you, it's just that... a hardware project without a prototype...  you can still make a prototype that looks and feels exactly the same as the finished product would look and feel. You don't necessarily need to those expensive chips which only come in quantity. You can prototype your software to full extent on that dev kit, probably. You can make a working prototype in the enclosure you want with everything you need to show it off. Your enclosure will have the display, touchscreen, battery and it's fully enclosed and will look like what you are trying to sell. You can probably use pin compatible version of that microcontroller, it doesn't need to be exactly the same, as long as you have the software working  with that dev board. Not having the chips is just a nice excuse not to do the work first.

[aron.starnitzke]

Uh, because you are trying to raise $113,117.00 with no visible prototype?  Pretty clear cut reason why and easily the reason why you have no supporters.

And the reason would be?

NOTE: I'm not trying to discourage you, it's just that... a hardware project without a prototype...  you can still make a prototype that looks and feels exactly the same as the finished product would look and feel. You don't necessarily need to those expensive chips which only come in quantity. You can prototype your software to full extent on that dev kit, probably. You can make a working prototype in the enclosure you want with everything you need to show it off. Your enclosure will have the display, touchscreen, battery and it's fully enclosed and will look like what you are trying to sell. You can probably use pin compatible version of that microcontroller, it doesn't need to be exactly the same, as long as you have the software working  with that dev board. Not having the chips is just a nice excuse not to do the work first.

Thank you for the helpful advice. I found the chip I am using at Digikey without a MOQ. As soon as I have finished the hardware design, I am going to produce a prototype. I initially hoped, that the development board would suffice, but this does not seem to be the case.
The project you refer to is somewhat similar, but somewhat not. My project does not include WiFi, Fingerprint-Sensors nor any online backup, but I do see what you are trying to say. I accredit that building a prototype may or may not be significantly more difficult than one initially imagined, however, I designed the product with exactly this fact in mind.
Additionally, in contrast to other projects, I did not want to put 3d models of my the product on the project's page, since this would suggest that my progress in development is further than it actually is. This may indeed deter some potential supporters, but I did not want to be dishonest with the people that thrust me far enough to given me their money.

So you have experience to pull this off without a hitch? Mistakes cost money, mistakes need to be made first to learn from them. You don't just bring someone in and pay them professional salary and expect someone to work some magic and make every problem go away. Some professional people are smart enough to stay away. Some will just take the money and continue taking it, because well why not?

Don't take that road, when would you admit that the project has failed? After 1 year of not delivering anything? After 2 years of not delivering anything? Will the working on spec prototype be always "around the corner and going to be amazing", so people should just sit tight and wait for their money to drain away? Even if some people want to believe in this product and don't want you to refund them, they are just misleading themselves. Few thank you messages and pictures how the rest of the money was used is not going to make it ok.
Development tools don't equal a successful actually on the spec working prototype, you just started, how many times will you change your spec?

I do definitively acknowledge the fact that mistakes cost money, that's why I am doing my best not to make them.
I guess this was a misunderstanding. I do always consider any possibilities and although failure is not an option, it is a possibility. I would consider myself an honest and responsible person and I know, that asking for that kind of money means a huge responsibility - successful financing assumed; the people that support me do - of course - demand the completion of this project; that is why I double check everything I am doing.
The fact that I do not have a end-product-like prototype may - for some - suggest, that the project has not been planned well and objectively speaking may indeed seem like I either do try to scam the people or am incapable of delivering the promised product (due to lack of experience/skill). I'd consider that my personal bad. To be honest, marketing has never been one of my personal strengths.

[tjb1]

So why do you need 100k?

[tszaboo]

So why do you need 100k?

Exactly, I have no clue what this thing does. It is very cryptic (pun intended).

[aron.starnitzke]

So why do you need 100k?

Exactly, I have no clue what this thing does. It is very cryptic (pun intended).

I personally would say that the description is quite clear about what the device does. If however your demand a very short description:
The usbHSM implements - as the name suggests - a hardware security module. A hardware security module is capable of performing cryptographic operations using a internally stored key on the device. Thereby, the keys are held within the protected environment of the device; they never leave the unit. In the case of the usbHSM, the currently supported algorithms are AES, ECDSA, HMAC, SHA, RIPEMD-160, PBKDF2. With those capabilities in mind, it adds additional features, such as real time encryption of data stored into the internal storage card, a one time password engine (GoogleAuthenticator implementation), and timestamp functions.

100k€ are required for the production of the first 1000 units (plus some margin for problems pre- or during manufacture) and to address some of the development costs of the device.

[tjb1]

This gets fishier every time you post.

[tszaboo]

So why do you need 100k?

Exactly, I have no clue what this thing does. It is very cryptic (pun intended).

I personally would say that the description is quite clear about what the device does. If however your demand a very short description:
The usbHSM implements - as the name suggests - a hardware security module. A hardware security module is capable of performing cryptographic operations using a internally stored key on the device. Thereby, the keys are held within the protected environment of the device; they never leave the unit. In the case of the usbHSM, the currently supported algorithms are AES, ECDSA, HMAC, SHA, RIPEMD-160, PBKDF2. With those capabilities in mind, it adds additional features, such as real time encryption of data stored into the internal storage card, a one time password engine (GoogleAuthenticator implementation), and timestamp functions.

100k€ are required for the production of the first 1000 units (plus some margin for problems pre- or during manufacture) and to address some of the development costs of the device.

Ok. I'm trying to help here. You are probably a brilliant programmer, maybe even have great engineering skills. But that is not enough to be successful. You need to pick up some people skills. I've seen so many engineer lead company fail, because they lacked managing skills, they didnt hire a salesman, or a layer, to actually get the money after the expensive installation was made.
You need to pick up some salesman traits. It should be clear by now, you sold 0 of the 1000 units. That is 0% sucess.

I understand that this is a USB stuff. And lets you generate keys. But:
What does it do?
Explain this to me. What can I do with this. Explain it to me, like I'm a secretary in a lawfirm. Make a video. Put both of it on the Indie page.

[Bud]

That is what i said before - the biggest problem here is not in technicalities or certification etc, the biggest problem is in educating the customer. Very little people know what HSM is, and those who does are 99.99% from industrial world and they do not shop on crowdsourcing sites to buy one for their companies. The rest of the crowd simply does not know what it is.

[Codemonkey]

I suggest the OP reads up on the Wassenaar Arrangement as well unless he wants to find himself locked up for selling export restricted items without a licence.

[Legit-Design]

Mid-End August 2014:
Building of the first prototypes

The prototype seems to be well on it's way, are there any updates?

[aron.starnitzke]

The prototype seems to be well on it's way

Funny...
You do realise, that the projected timeline was with successful funding in mind?
Building a prototype for me at this stage is just a question of possible RoI. Since the response from most of the people who participated in the discussion regarding this project have given quite negative feedback, I highly doubt building a prototype would increase the chance of successful funding to an acceptable level. I've got neither the time nor do I find any pleasure in pushing a project that seems to be doomed to fail.
As a consequence, I am cancelling this project until further notice.