Open source hardware security module (HSM) for generating cryptogrphically secure keys designed and built to alpha stage by SUNET and with support from Internet Society. Its very difficult to trust current HSM suppliers who are believed to have been compromised (suggested by Snowden docs).
If you have ever worked with HSMs for you will know how expensive they are and just how bloody awful they are to use. (If its going to be awful, it should at least be cheap so that the pain is a fair trade)
The CrypTech project was formed in response to indications, based on the Snowden revelations, that hardware implementations of key cryptographic algorithms and functions have been systematically targeted in an effort to weaken and subvert their utility. The goal of the project is to create an open source design for Hardware Cryptographic Modules (HSMs) and an associated reference implementation that allows anyone to deploy and audit a secure, low cost cryptographic engine in their environment.
The IETF 96 meeting saw alpha versions demonstrated and ready for more work.
CrypTech High Level Goals
The fundamental goal of the CrypTech project is to create an open reference platform for a hardware security module (HSM). This platform includes:
- Source code for both the hardware and software designs. For hardware, FPGA HDL code, schematics, board layout and BOM are provided.
- Tools, documentation and examples to allow anyone to implement (or have someone implement for them) an HSM that is tested and evaluated to establish trust in the HSM suitable for the users need.
The HSM being developed supports a number of use cases, both in terms of functionality and performance. The HSM also improves security with a well defined trust boundary and support for physical tampering detection and response.