AYKIT
association supporting really big titles

FAST TRACK:

  • These slides as pdf
  • Collected manuals linked in repository
  • RFC 4226 - HOTP
  • RFC 6238 - TOTP
  • RFC 2104 - HMAC

    • Press "m" to navigate faster.

    AYKIT LIKES SHTFY

    AYKIT LIKES AYD

    AYKIT LIKES OWNCLOUD

    Manage owncloud notes with “My Own Notes”.

    My Own Notes - Android
    My Own Notes - IOS

    ... and at the ios/android stores if you want to support us (and evil companies, sad but true)

    AYKIT LIKES

    THE YESMACHINE

    Designing an open hardware cryptographic device

    THE YESMACHINE
    1. Our goals
    2. HOTP or TOTP?
    3. What Hardware do we use?
    4. What does the software toolchain look like?
    5. How's the future?

    AYKIT LIKES GOALS (sometimes)

    • Open Hardware/Software security token
    • Support HOTP, or even better, TOTP
    • Most of all: generating and sharing knowledge

    AYKIT LIKES GOALS (sometimes)

    • Popular architecture: ARM Cortex-M
    • Fast enough to do RSA 4096 bit signatures
    • Size of stick: as small as possible
    • Size of board: self-solderable, 48 pins max.
    • Security: Restrict access to keys, MPU

    AYKIT LIKES GOALS (sometimes)

    And getting rid of those:

    AYKIT LIKES HOTP

    HOTP

    An HMAC-Based One-Time Password Algorithm

    HOTP(K,C) = Truncate(HMAC-SHA-1(K,C))

    AYKIT LIKES HOTP: MAC

    Message Authentication Code

    Simultaneously verify both the data integrity and the authentication of a message.

    MAC = f(message, secret key)

    AYKIT LIKES HOTP: HMAC

    HMAC: A specific algorithm for MAC generation

    HMAC = hash(key+hash(key+message))

    Sample implementation in Python

    AYKIT LIKES HOTP

    HOTP
    An HMAC-Based One-Time Password Algorithm

    HOTP(K,C) = Truncate(HMAC-SHA-1(K,C))

    AYKIT LOVES TOTP

    TOTP
    Time-Based One-Time Password Algorithm

    HOTP(K,T) = Truncate(HMAC-SHA-1(K,T))

    Allows SHA-512!

    AYKIT LIKES HARDWARE

    Olimex SAM3-P256

    AYKIT LIKES HARDWARE

    FTDI C232HM-EDHSL-0

    AYKIT LIKES HARDWARE

    Early HOTP Board Schematic (current state)

    AYKIT LIKES HARDWARE

    Early TOTP Board Schematic (current state)

    AYKIT LOVES Software

    GNU Tools for ARM Embedded Processors

    GNU Toolchain for ARM Cortex-M / -R

    Dev: ARM

    AYKIT LOVES Software

    Atmel Software Framework

    MCU software library for SAM3

    Dev: Atmel

    AYKIT LOVES Software

    Cortex Microcontroller Software Interface Standard

    Hardware Abstraction Layer

    Dev: ARM

    AYKIT LOVES Software

    BOSSA

    Flashing SAM3 devices

    Dev: Shumatech

    AYKIT LOVES Software

    SCONS

    Software Construction Tool, substitutes make

    Dev: The SCons Foundation

    AYKIT LOVES Software

    OpenOCD

    On-Chip Debugging (in conjunction with GDB)

    Dev: Dominic Rath

    AYKIT LOVES Software

    GDB

    The GNU Project Debugger

    Dev: Free Software Foundation

    AYKIT LOVES Software

    Eclipse

    The most used and slowest starting IDE available

    Dev: The Eclipse Foundation

    Checkout pixhawk.org for more information about debugging using Eclipse and gdb.

    AYKIT HATES CAVEATS

    JTAG via FTDI C232HM-EDHSL-0

    See repository for OpenOCD config.

    AYKIT HATES CAVEATS

    Carefully read your specifications and avoid having a bad time.

    E.g. what interface supported for flashing device?

    AYKIT LIKES FUTURE

    Say yes to:

    • HOTP
    • TOTP
    • Passwords
    • Private SSH Key
    • PKCS#11
    • OpenPGP
    • OCRA (OATH Challenge-Response Algorithm)

    AYKIT LIKES VISITORS

    AYKIT @ Github

    theyesmachine on Github

    AYKIT

    mailto:us

    AYKIT
    association supporting all things great

    /