CrypTech Open Hardware Security Module (Alpha Board)

$13,730 raised

of $4,000 goal

Funded! Order Now

Aug 31

funded on

343%

funded

30

pledges

Product Choices

$10

Support Us


$800

Alpha Board

Details

An independent international development effort founded to create a trusted, open source, inexpensive, hardware cryptographic engine.

The CrypTech Alpha is a standalone prototype key-storage and hardware cryptography platform, targeting applications where security is paramount. CrypTech has created a trusted reference design for a hardware security module (HSM) that can be the basis for commercial products.

Internet users seeking to encrypt data and preserve their privacy have a wide variety of open source tools to choose from. But not every tool has open source alternatives, particularly security hardware, which is a small market dominated by a handful of vendors who offer exclusively closed source and proprietary products. That’s where CrypTech comes in.

Hardware Security Modules

A Hardware Security Module (HSM) is a specialized device used to securely store the public/private key pairs used with digital certificates. An HSM provides significant additional security for enterprise PKI and CAs, because it cleanly separates at a hardware level the storage of keys from the machine running the application making use of the keys. In essence, an HSM removes the need - and the risk - of storing keys on disk or in memory of a machine with a large, outward facing attack surface.

The CrypTech Alpha Device

The CrypTech Alpha is a proof-of-concept device that demonstrates much of the functionality of an HSM. It consists of software and configurable hardware (an FPGA) to perform a range of cryptographic operations. The CrypTech Alpha is implemented as a card with an ARM processor and an FPGA. The FPGA can be configured to support a wide range of cryptographic primitives. The first set of primitives is designed to support applications requiring high-assurance signing, such as DNSSEC. Additional cryptographic primitives can be added and configurations developed.

Who Needs The CrypTech HSM Alpha Board?

The CrypTech Alpha is useful for key management operations that HSMs are typically used for. It is also useful for signing operations typical in DNSSEC deployments. It is very much an Alpha board and while it has a useful set of functionalities, not all functionalities in a commercial HSM are yet implemented.

Features and Specifications

  • Eurocard form factor
  • PKCS#11 over a pair of USB interfaces
  • digests (SHA-1, -2, -224, -256, -384, -512)
  • ciphers (RSA-1024, -2048; ECDSA P-256, P-384, P-251)
  • true random number generator
  • packaged software for the Alpha Board and software to interface to it
  • all project results available under BSD or Creative Commons licenses

Many more details about this project can be found at CrypTech.is.

Development Tools

The Cryptech Project maintains APT and Homebrew repositories containing packaged software for the Cryptech Alpha board for Debian and Ubuntu Linux and for Mac OS X. The binary packages also include pre-compiled images for the Alpha Board’s Artix-7 FPGA, Cortex M4 ARM CPU, and AVR ATtiny828 MCU.

Comparison

As the Alpha is currently very much an alpha and hasn’t been optimized for performance (and the feature set doesn’t include what some commercial HSMs include), it is difficult to compare it to other products on the market right now.

Building Open Source Hardware is Expensive

Writing open source software tools requires only a small investment: a personal computer, time, and little else. Building open source hardware is another matter. Developing prototype boards, burning code into specialized chips, and creating special-purpose circuits require a substantial investment.

CrypTech brings the ideas and philosophies of open source software and transparent development to hardware cryptography. CrypTech’s hardware designs are free for everyone to use, including individuals, organizations, and hardware manufacturers. They also may be used as the basis for new cryptographic products. The CrypTech team is geographically diverse; its members reside in Germany, Japan, Russia, Sweden, the United States, and elsewhere. With a proposed budget of nearly USD $1,000,000 a year, CrypTech has laid out a three-year plan to provide tested, open source reference designs for cryptographic hardware, and is protecting these designs with licenses that enable use and reuse.

The goal of this Crowd Supply campaign is to recoup some of the costs of manufacture while at the same time distributing real hardware to developers.

Manufacturing Plan

Manufacturing will be carried out in small batches of roughly 25 or 50 units at a time. Batches after the first batch might include changes in the design and functionality based on feedback from previous batches and continued development by the CrypTech team.

Team

The project is hosted by the Swedish University Network (SUNET) in collaboration with its subsidiary NORDUnet A/S that provides financial and administrative support for the project. Hosting for the project is provded by RHnet, the Icelandic Research & Education network.

Ask a Question

Have a question not answered in the description above or in the Updates?

Ask CrypTech a Question or Browse the Crowd Supply Knowledge Base

Credits

CrypTech

A loose international collective of engineers trying to improve assurance and privacy on the Internet.


Rob Austein

Dragon Research

Steven Bellovin

Columbia University

Vasili Dolmatov

Moscow State University

Heather Flanagan

Spherical Cow Consulting

Leif Johansson

SUNET.se

Lucy Lynch

Network Startup Resource Center

Ram Mohan

Afilias

Linus Nordberg

NORDU.net

Karen O'Donoghue

Internet Society

Phil Roberts

Internet Society

Jakob Schlyter

Kirei.se

Pavel Shatov

Moscow State Technical University

Joakim Strömbergson

Secworks.se

Peter Stuge

Fredrik Thulin

ispik AB

Patrik Wallström

IIS.se

Subscribe to receive the Crowd Supply weekly newsletter, highlighting the latest creators and projects: