For a few years now, the CrypTech project has been working on designing an open source hardware cryptographic engine that could be used to secure core Internet infrastructure.
They have created two prototype platforms, and one of them – CrypTech Alpha, a small alpha version of a custom CrypTech board – is effectively being sold for $800.
“A Hardware Security Module (HSM) is a specialized device used to securely store the public/private key pairs used with digital certificates. An HSM provides significant additional security for enterprise PKI and CAs, because it cleanly separates at a hardware level the storage of keys from the machine running the application making use of the keys. In essence, an HSM removes the need – and the risk – of storing keys on disk or in memory of a machine with a large, outward facing attack surface,” the creators explained.
“The CrypTech Alpha is a proof-of-concept device that demonstrates much of the functionality of an HSM. It consists of software and configurable hardware (an FPGA) to perform a range of cryptographic operations. The CrypTech Alpha is implemented as a card with an ARM processor and an FPGA. The FPGA can be configured to support a wide range of cryptographic primitives. The first set of primitives is designed to support applications requiring high-assurance signing, such as DNSSEC. Additional cryptographic primitives can be added and configurations developed.”
The designs of the board are open source, and so is the firmware. The goal of the project is to create something that can be then used by anyone to build marketable and relatively cheap HSM solutions.
As the name says, the board is currently in the alpha stage, and not all functionalities that will eventually be available are available at the moment.
The first small batch of the boards is scheduled to be shipped in September 2016. Developers are hoping for quality input from the initial testers in order to implement design and functionality changes, and subsequent batched of boards might include some of the proposed changes.
“The goal of this Crowd Supply campaign is to recoup some of the costs of manufacture while at the same time distributing real hardware to developers,” the creators say, pointing out that “developing prototype boards, burning code into specialized chips, and creating special-purpose circuits require a substantial investment.”
The project is also financed by various donors: Google, Cisco, DuckDuckGo, AFNIK (the non-profit corporation that operates a number of French country code TLDs), Internetstiftelsen i Sverige (The Internet Foundation, which operates the ccTLD for Sweden), and others. More details about why the latter two are interested in the project can be found here.