|63||Hardware Security Module (With ability to persist symmetric keys)
|Problem: The Trusted Platform Module is an onboard cryptoprocessor/hardware security module on most machines and it offers a cheap way to persist asymmetric keys and do other cryptographic operations on board with a FIPS 140-2 Level 2 security. The problem is that if we want to store symmetric keys (such as AES-256 keys) we cannot store them longterm with the given windows API (CNG: Cryptography Next Generation).
Solution Overview: My group plans to create our own small-scale and affordable hardware security module with an API that allows for persisting symmetric keys on Windows machines that satisfies the conditions for FIPS 140-2 Level 2 (or 3) security. We can then use the keys to encrypt bytes sent to the board. We plan to have a few subsystems working together which includes memory for our key storage, an encryption system, a decryption system, and interfaces with a computer.
[Memory Unit] - A large memory unit which provides the ability to store multiple AES-256 keys. It will allow you to load a key into it with an offset and then also allow you to select that key to be used for encryption/decryption. This will be a separate memory unit that just stores one key which is the one used in the cipher.
[AES Encryption Unit] - Encrypts a message using the selected stored key which is currently loaded. Will implement AES-256 encryption using logic gates.
[AES Decryption Unit] - Decrypts a message using the selected stored key which is currently loaded. Same as Encryption Unit.
[USB Connector] - This allows us to connect our device to a computer and comes loaded with an API which allows the user to send keys to the device and messages to be encrypted/decrypted.
[Tamper Evident Detector] - In order to protect the keys being stored up to FIPS 140-2 Level 2+ standards we will have a subsystem solely based on detecting tampering with the device. In the case that tampering is detected all of the keys stored must be wiped. Likely we will solve this with a pressure sensor in which the only way that less pressure is applied is when the box is being opened. There are a few other pieces to this that we still are looking to add so that there is absolutely no way to open the box and see the hardware without wiping the keys.
In order to be effective we must implement the key storage system, the ability to load keys, and the tamper evident detectors. These are the most basic requirements for a hardware security module. We have hopes to add in more functionalities, more specifically the ability to encrypt/decrypt a message and an effective random number generator all in hardware. The tamper evidence detectors are the most important piece because otherwise our module is no more secure than software.