Project :: ECE 445 - Senior Design Laboratory

Project

#	Title	Team Members	TA	Documents	Sponsor
63	Hardware Security Module (With ability to persist symmetric keys)	Calvin Fisher Francis Papa Nicholas Schiesl	Evan Widloski	design_document1.pdf design_document2.pdf design_document3.pdf final_paper1.pdf other1.pdf proposal1.pdf
	Problem: The Trusted Platform Module is an onboard cryptoprocessor/hardware security module on most machines and it offers a cheap way to persist asymmetric keys and do other cryptographic operations on board with a FIPS 140-2 Level 2 security. The problem is that if we want to store symmetric keys (such as AES-256 keys) we cannot store them longterm with the given windows API (CNG: Cryptography Next Generation). Solution Overview: My group plans to create our own small-scale and affordable hardware security module with an API that allows for persisting symmetric keys on Windows machines that satisfies the conditions for FIPS 140-2 Level 2 (or 3) security. We can then use the keys to encrypt bytes sent to the board. We plan to have a few subsystems working together which includes memory for our key storage, an encryption system, a decryption system, and interfaces with a computer. Solution Components: [Memory Unit] - A large memory unit which provides the ability to store multiple AES-256 keys. It will allow you to load a key into it with an offset and then also allow you to select that key to be used for encryption/decryption. This will be a separate memory unit that just stores one key which is the one used in the cipher. [AES Encryption Unit] - Encrypts a message using the selected stored key which is currently loaded. Will implement AES-256 encryption using logic gates. [AES Decryption Unit] - Decrypts a message using the selected stored key which is currently loaded. Same as Encryption Unit. [USB Connector] - This allows us to connect our device to a computer and comes loaded with an API which allows the user to send keys to the device and messages to be encrypted/decrypted. [Tamper Evident Detector] - In order to protect the keys being stored up to FIPS 140-2 Level 2+ standards we will have a subsystem solely based on detecting tampering with the device. In the case that tampering is detected all of the keys stored must be wiped. Likely we will solve this with a pressure sensor in which the only way that less pressure is applied is when the box is being opened. There are a few other pieces to this that we still are looking to add so that there is absolutely no way to open the box and see the hardware without wiping the keys. In order to be effective we must implement the key storage system, the ability to load keys, and the tamper evident detectors. These are the most basic requirements for a hardware security module. We have hopes to add in more functionalities, more specifically the ability to encrypt/decrypt a message and an effective random number generator all in hardware. The tamper evidence detectors are the most important piece because otherwise our module is no more secure than software.

Title

Team Members

Documents

Sponsor

Hardware Security Module (With ability to persist symmetric keys)

Calvin Fisher
Francis Papa
Nicholas Schiesl

Evan Widloski

design_document1.pdf
design_document2.pdf
design_document3.pdf
final_paper1.pdf
other1.pdf
proposal1.pdf

Problem: The Trusted Platform Module is an onboard cryptoprocessor/hardware security module on most machines and it offers a cheap way to persist asymmetric keys and do other cryptographic operations on board with a FIPS 140-2 Level 2 security. The problem is that if we want to store symmetric keys (such as AES-256 keys) we cannot store them longterm with the given windows API (CNG: Cryptography Next Generation).

Solution Overview: My group plans to create our own small-scale and affordable hardware security module with an API that allows for persisting symmetric keys on Windows machines that satisfies the conditions for FIPS 140-2 Level 2 (or 3) security. We can then use the keys to encrypt bytes sent to the board. We plan to have a few subsystems working together which includes memory for our key storage, an encryption system, a decryption system, and interfaces with a computer.

Solution Components:

[Memory Unit] - A large memory unit which provides the ability to store multiple AES-256 keys. It will allow you to load a key into it with an offset and then also allow you to select that key to be used for encryption/decryption. This will be a separate memory unit that just stores one key which is the one used in the cipher.

[AES Encryption Unit] - Encrypts a message using the selected stored key which is currently loaded. Will implement AES-256 encryption using logic gates.

[AES Decryption Unit] - Decrypts a message using the selected stored key which is currently loaded. Same as Encryption Unit.

[USB Connector] - This allows us to connect our device to a computer and comes loaded with an API which allows the user to send keys to the device and messages to be encrypted/decrypted.

[Tamper Evident Detector] - In order to protect the keys being stored up to FIPS 140-2 Level 2+ standards we will have a subsystem solely based on detecting tampering with the device. In the case that tampering is detected all of the keys stored must be wiped. Likely we will solve this with a pressure sensor in which the only way that less pressure is applied is when the box is being opened. There are a few other pieces to this that we still are looking to add so that there is absolutely no way to open the box and see the hardware without wiping the keys.

In order to be effective we must implement the key storage system, the ability to load keys, and the tamper evident detectors. These are the most basic requirements for a hardware security module. We have hopes to add in more functionalities, more specifically the ability to encrypt/decrypt a message and an effective random number generator all in hardware. The tamper evidence detectors are the most important piece because otherwise our module is no more secure than software.

Featured Project

Problem: It can be difficult for a new player to learn chess, especially if they have no one to play with. They would have to resort to online guides which can be distracting when playing with a real board. If they have no one to play with, they would again have to resort to online games which just don't have the same feel as real boards.

Proposal: We plan to create an assistive chess board. The board will have the following features:

-The board will be able to suggest a move by lighting up the square of the move-to space and square under the piece to move.

-The board will light up valid moves when a piece is picked up and flash the placed square if it is invalid.

-We will include a chess clock for timed play with stop buttons for players to signal the end of their turn.

-The player(s) will be able to select different standard time set-ups and preferences for the help displayed by the board.

Implementation Details: The board lights will be an RGB LED under each square of the board. Each chess piece will have a magnetic base which can be detected by a magnetic field sensor under each square. Each piece will have a different strength magnet inside it to ID which piece is what (ie. 6 different magnet sizes for the 6 different types of pieces). Black and white pieces will be distinguished by the polarity of the magnets. The strength and polarity will be read by the same magnetic field sensor under each square. The lights will have different colors for the different piece that it is representing as well as for different signals (ie. An invalid move will flash red).

The chess clock will consist of a 7-segment display in the form of (h:mm:ss) and there will be 2 stop buttons, one for each side, to signal when a player’s turn is over. A third button will be featured near the clock to act as a reset button. The combination of the two stop switches and reset button will be used to select the time mode for the clock. Each side of the board will also have a two toggle-able buttons or switches to control whether move help or suggested moves should be enabled on that side of the board. The state of the decision will be shown by a lit or unlit LED light near the relevant switch.

Project

Assistive Chessboard

Featured Project

Project Videos