BeagleBone for Secret Agents
This book provides projects for BeagleBone using Tor, GPG, and Off-the-Record. Chapter 3 is devoted to the CryptoCape where you will learn how to combine a fingerprint sensor, the onboard ATmega328p, and the crypto chips to make a biometric authentication system.
Trusted Platform Module
With the Atmel 1.2 TPM, you can:
– Configure ‘secure boot’ on the BeagleBone with libSboot to ensure that the operating system boots in a trusted manner.
– Bind or seal other cryptographic keys on the BeagleBone with the TPM, requiring the TPM to be present to unlock them.
– Create the Storage Root Key (SRK) and create your own chain of keys (up to 2048 bit RSA) using existing open sources software such as TrouSers and tcsd.
With the Atmel ECC108 you can:
– Ensure the authenticity and integrity of data or firmware with ECDSA signatures using the NIST curves P256, B283, or K283.
– Generate an ECDSA private key in the device that could be used in part of a X.509 certificate.
With the Atmel SHA204 you can:
– Create 256 bit keys that can be used in keyed Message Authentication Codes (MACs), or HMAC, to prove the authenticity of the device.
– Implement an anti-counterfeiting system with the exchange of nonces and MACs between other embedded devices.
With the Atmel AES132 you can:
– Store up to 32Kb of encrypted data in the internal EEPROM with the AES-128-CCM algorithm.
– Encrypt up to a 32 byte packet at a time with AES-128-CCM to return to the BeagleBone with an internal key.
RTC with Battery
With the Maxim Integrated DS3231M you can:
– Have a redundant, trusted time source on the BeagleBone for offline operations.
– Provide a dedicated battery to ensure the BeagleBone’s clock is accurate without an external time source.
With the Atmel ATmega328p you can:
– Extend the CryptoCape with your own Arduino compatible (3.3V) projects.
– Upload sketches from the BeagleBone to the ATmega328p without an external programmer.
– As an extra security feature, the sketches can only be uploaded if the program jumpers are installed making it difficulty to change the sketch from a software vulnerability.
The CryptoCape is designed to be the starting point for your security application. We’ve left plenty of perforated board space and broken out most of the ATmega I/O to add your own design.
See the eLinux page for links to the software and board description. You can buy the CryptoCape from SparkFun and be sure to see the hookup guide, which explains how to use the board. I also have a series of screencasts on using the software associated with the CryptoCape.
The following international distributors carry the CryptoCape:
Italy: Robot Italy
Germany: EXP Tech
Singapore: Singapore Robotics