@mojo-chan
Thank you for your response.
I know, that tamper detection/response is quite difficult, so is cryptography. The devices are built according to the FIPS 140-2 standard, however, I think it would not be feasible to let the "Basic" + "Security" versions be evaluated, since they are intended for customer use only and evaluation is very expensive and time consuming. The "High Security" version however will be considered for evaluation, if the funding exceeds 110000€, since a FIPS 140-2 Level 4 evaluation costs approx. 10000€ (and takes a few months to a few years).
The currently preferred LiIon 1000mAh packs will enable the "Basic" + "Security" modules to run for approx. a month, since the MCU features an own, independent, ultra low power input for RTC only. Since for the "High Security" variant, a second MCU monitors voltage and temperature of the device while running, it has significantly lower battery life. Without a prototype for testing, I can only estimate the power consumption of this circuit. It should be somewhere around 7 days.
I am aware of the shipping restrictions.
The timescale is quite short, since most of the development has been completed. The hardware design is currently under last revisions, especially regarding high volume production optimization and production testing. All cryptographic/crypto-related implementations have been completed, USB communication implementation is nearly finished. The user interface is not finished, however this is not that big of a deal. The hardware design should be finished within the next 2 weeks.
Extensive software security testing will be performed after the full software packet has been completed.
Currently, I am working on my own. I have a very specific schedule to be able to archive sufficient studying whilst completing this project. This is the first time I am developing a complex project for high volume. Third party help may be employed, if a situation should evolve which exceeds my personal skillset.
As mentioned in the project's description, manufacturing of the boards and assembling is done by two German companies.
@fluxcapacitor
The YubiKey is a two-factor authentication device. Although the usbHSM is capable of providing two-factor authentication by use of a GoogleAuthenticator implementation, its main purpose is completely different. This device features secure key management and usage of cryptographic keys. For this, it features AES, ECDSA, HMAC, SHA1/-2 implementations. Additionally, previously mentioned, customer targeted features have been added, that base on the features, the HSM implementation offers.
@Legit-Design
Yes, I did read those. I am currently working on a video. As described, currently no prototype exists, therefore, the provided picture is of a development board. As soon, as the first prototype has been produced, a video about it will be posted. Please be patient!
A simple explanation of what the device can do will be posted on Friday. The display will be a very similar one and yes, it will contain a touchscreen.
@ctz
I have not previously built a HSM before.
An LPC4357, where the M0 is used exclusively for crypto-operations.
Currently, the best company that fit my needs is W. L. Gore & Associates, Inc.
Thank you for informing me about the mistake.
@mojo-chan
Thats why I choose to not implement it, yet. But the problem of the NSA is present in basically all crypto-implementations, since the standards are provided by NIST...
Thank you very, very much for your critical questions. I hope, that I have been able to answer them sufficiently.
Yours sincerely
Aron