Protecting Open-Hardware with the Cryptotronix Hashlet

In this post, I’ll describe an example use of the Cryptotronix Hashlet, a secure authentication device for the BeagleBone Black, to show how Message Authentication Codes (MACs) can distinguish between authentic products and unsupported copies.

Let’s say you have an open-hardware product on the market. It’s open hardware, so people are free to build their own version of your widget, modify it, hack it, and otherwise do whatever-they-want-with-it. You also offer a web-service, to which your device can connect and download updates, communicate in your social network, or upload log or files. How do you distinguish between the devices that you made vs the ones built by your maker-fans?

What you need is a mechanism to authenticate the device. There are few solutions, many of which depend on your specific threat-model and the information you are trying to protect, but one way is to use MACs. Let’s say your server must only accept data from devices that you manufactured. When a device attempts to upload a log file, the log file is hashed with a shared-secret key, that your server knows, to produce a MAC. The MAC is sent with the log file such that when the server receives them, it verifies both the integrity of the message and its authenticity, i.e. that it originated from your device.

How do you do this with the Hashlet? Create keys in your Hashlet prior to shipping the device. During this processes, known as personalization, your keys will be stored in read and write-protected memory on the device and a one-time backup file will be generated. When your device transmits a message, it runs the mac command and sends the result to your server:

hashlet /dev/i2c-1 mac --file log.txt
mac       : C3466ABB8640B50938B260E17D86489D0EBB3F9C8009024683CB225FFFD3B4E4
challenge : 9F0751C90770E6B40E34BA8E06EFE453FAA46B5FB26925FFBD664FAF951D000A
meta      : 08000000000000000000000000

Your server receives log.txt and the output of the command and verifies them:

hashlet /dev/null offline-verify -c 322B3FFC3BE16B4CC5B445F8E666D0BA5C5E676D00FABD2308AD51243FA0B067 -r FB19B1C63161B6C34CA9D291D1CD16F98247BBA9A298775F795161BEB95BB6EF

An exit code of 0 means a successful verification. This means the software is easily scriptable. If the MAC matches, it originated from one of your devices.

The Hashlet is designed for the BeagleBone Black, but if you are building a custom PCB and want to use the security features of the chip in your design, we can help.  The Hashlet is available on Tindie.

The following is additional technical details of how the hash is computed. See Page 54 of the datasheet for more details.

SHA256( Key | SHA256(Input) | 0x08 | Mode Byte | Param 2 | 00000000 | 000 | SN[8] | 0000 | SN[0:1] | SN[2:3] )

In version 0.1.0, only the above MAC calculation is supported. The next version will support nonces, which can improve protection against replay attacks.

One thought on “Protecting Open-Hardware with the Cryptotronix Hashlet

Comments are closed.