Cifradopro: A baremetal Hardware Security Module using the STM32L4S5 Cortex-M4 MCU

-

What is CifradoPro?

Cifradopro is a baremetal Hardware Security Module based on the STM32L4S5ZI microcontroller. It is capable of generating Random Keys in various sizes, Encrypting plaintext, and Decrypting ciphertext using the Advanced Encryption Standard. Additionally, it can create One-Time Pads of different lengths and generate a Hash of input data using the Secure Hashing Algorithm. The module can store the generated cryptographic keys in an external memory device. As a safeguard against physical tampering, the device is designed to erase the contents of the external memory if the enclosure is breached.
The device leverages the Random Number Generator, AES Hardware Accelerator, and HASH Processor of the STM32L4S5ZI for cryptographic operations. It employs the built-in UART peripheral for device control via a serial terminal application such as PuTTY. The external memory, a  256kBit EEPROM from Microchip, is interfaced using the STM32L4's onboard I2C Peripheral. A GPIO pin is configured as an external interrupt, linked to a Magnetic Reed switch, to erase the EEPROM in case of an enclosure breach.

Application Features

Random Number Generation 

The device can generate random keys of sizes such as 128, 192, and 256 bits, utilizing the built-in Random Number Generator. The entropy source of the RNG peripheral is based on two analog noise sources, derived from three XORed Free-Running Ring Oscillator outputs. The generated keys are then outputted to the serial terminal in ASCII character format. Refer to the Random Number Generator Peripheral Driver for the STM32L4S5ZI microcontroller for further details.

AES Encryption and Decryption 

The device utilizes the embedded AES Hardware Accelerator for encrypting plaintext and decrypting ciphertext in Cipher Block Chaining Mode. It supports both the 128-bit and 256-bit key variants. This mode helps prevent similar ciphertext blocks for similar plaintext data. The device outputs the encrypted and decrypted blocks to the serial terminal in ASCII character format. Refer to the AES Hardware Accelerator peripheral driver for the STM32L4S5ZI microcontroller for more information.

Hash Processing

The device can create the hash of input data using the built-in HASH Processor on the STM32L4S5ZI, which complies with FIPS-PUB and IETF-RFC standards. Although the processor supports various Secure Hash Algorithms, the device exclusively uses SHA-256 for hashing. For applications needing message authentication, it can compute an HMAC based on SHA-256. The device outputs the Hash in ASCII Character format to the serial terminal. Refer to the HASH Processor peripheral driver for more details.

One-Time Pad Generation

The RNG peripheral on the STM32L4S5ZI can produce random numbers of variable lengths, serving as One Time Pads for XORing with messages during encryption. It can generate OTPs ranging from 128 bits to 2048 bits. The device outputs the generated One Time Pads in binary format to the serial terminal.

Secure Key Storage and Physical Tampering Protection

[Under Development]

Each cryptographic key generated by the device is securely stored in plaintext on an EEPROM. A serial number is assigned to each stored cryptographic key. Users can request to view the cryptographic key database. The device maintains an internal lookup table that maps the serial number to the location of the key in the external memory device, which is interfaced via I2C. The device can generate keys up to 256 bits (32 bytes) in size and allocates 32 bytes for each key entry for alignment purposes. Therefore, a 256kbit Serial EEPROM from Microchip can store just over 1000 keys. The lookup table includes entries for the serial number and memory location, with the memory location pointing to the stored key.

The device is engineered to prevent unauthorized access to the external memory storing the cryptographic keys. A magnetic reed switch is positioned on the enclosure's top and walls. If the enclosure is opened, the magnetic reed switch triggers an interrupt to the microcontroller, prompting it to erase all cryptographic keys stored in the EEPROM, rendering them unusable.

Powering the device and Battery Backup

The tamper protection for the device remains effective as long as the device is powered on. To achieve this, I've implemented a setup using a 3.3V 1000mAh Lithium-ion battery and a TP4056 Battery Charger Module to power the HSM inside the enclosure. This setup allows the HSM to monitor if the enclosure is breached. The battery is recharged using a USB cable connected to the USB Port exposed by the TP4056 charger module. Communication with the serial terminal is facilitated by a USB TTL Adapter attached to the UART port of the device. Notably, the USB cable used for powering the device is isolated from the HSM's USB PHY, ensuring it cannot be used for communication with the HSM.

Firmware Design 

This Hardware Security Module uses a layered software architecture. The peripheral drivers, namely the AES Hardware Accelerator, Random Number Generator and the HASH Processor are written on top of the CMSIS Abstraction. The I2C peripheral driver and the EEPROM library for the 24LC256 Serial EEPROM is written on top of the STM32 HAL. The custom HSM Application library is written on top of the aforementioned drivers. The HSM Library and the other custom peripheral drivers use the UART Peripheral Driver to print Error and Log messages to the Serial Terminal.

The HSM Library is written such that when the User opts for, for example, the Encryption Service, the HSM Library will call the AES_CBC_Encrypt() function in the AES driver file. Similarly, when the Key Generation Service is opted, the HSM Library will call the RNG_GetRandom() function in the RNG driver file. Moreover, the HSM Library will call the EEPROM_Write() function in the EEPROM library which in turn invokes the HAL_I2C_Write() function in the STM32 HAL I2C Driver file. 

Upgradations

Currently, the device is using the UART2 Peripheral at a Baud Rate of 115200 bps. Since the STM32L4R5ZI embeds a USB FS PHY, we can configure the HSM to act as a USB Device to work with multiple devices. 
More on this later.

References

Popular posts from this blog

SignGlove: Bridging the Communication Gap for Paralyzed Patients

-
Image
SignGlove What is SignGlove ??? SignGlove is an innovative wearable glove designed to bridge the communication gap for paralyzed patients, enabling them to express their wants and needs through hand signals. It enables caretakers to understand and respond to the needs of individuals with limited mobility.  Over a Wi-Fi network, SignGlove allows users to transmit their hand signals directly to a caregiver's device. One of the key features of SignGlove is its configurability, which allows it to adapt to each user's unique abilities and hand gestures. By customizing the device to match the specific range of motions and signals that a user can comfortably make, SignGlove ensures a highly personalized and tailored communication experience.  With SignGlove, paralyzed patients no longer rely solely on non-verbal cues or guesswork to convey their needs. The SignGlove concept ...... The concept of SignGlove was inspired by the work of Navid Azodi and Thomas Pryor from the Univer
Read more

AESecureIO: Embedded Data Encryption and Decryption System

-
Image
What is AESecureIO? AESecureIO is an embedded system application developed on an STM32F401RET6 Nucleo-64 Development Board. It encrypts user-input data using AES-128 in Cipher Block Chain (CBC) Mode and stores it securely on an SD Card using the SDIO Interface. The application also supports the retrieval and decryption of data from the SD Card. This device utilizes the STM32F401 Microcontroller's SDIO (Secure Digital Input/Output) interface and the USART (Universal Synchronous/Asynchronous Receiver/Transmitter) peripheral. The SDIO interface manages data transfer between the microcontroller and the SD Card, while the USART peripheral enables data input and output through a serial monitor, such as PuTTY. The advantage of this device lies in the centralized approach to data encryption and decryption. By using a single point of encryption and decryption with a predefined 128-bit key , the device ensures that data retrieval can only be performed through it. This method grants the use
Read more