Afilias' specialized technology makes Internet addresses more accessible and useful through a wide range of applications, including Internet domain registry services, Managed DNS and award-winning mobile Web services.
Are you ready to help me make the Internet more secure? Here’s your chance to join me in a project to create an open-source hardware device to protect email, files and other data from hackers and government spies.
The CrypTech Project was founded in late 2013 after NSA whistleblower Edward Snowden revealed that the US and other governments were exploiting weak cryptography and loose standards to gain access to citizens’ email, documents, and other files.
A group of engineers – myself among them – decided to create and fund open source hardware engine designs capable of strong and reliable encryption and decryption for email, plus public-private key encryption for digital signatures, DNSSEC, files and other uses.
Snowden’s revelations raised many question whether some of the most basic cryptographic building blocks could be trusted to secure the Internet. How many backdoors exist and who knows how to exploit them? How closely had security vendors been working with the NSA to sell-out their customers?
Our response is to create inexpensive ARM/FPGA-powered Hardware Security Module (HSM) designs that can store crypto keys and act as a signing engine to assure the authenticity of digital content.
The HSM uses USB to communicate with a host computer. The USB connection is terminated at an onboard single-purpose controller chip that connects to the CPU over a serial bus. This design protects the CPU from an attack via the USB. The crypto keys remain safe.
We have implemented a true random number generator, now widely tested, fed with system noise from onboard electronics. The ensures that our random numbers really are random, essential to strong cryptography. In the past, weaknesses in random number generators have been exploited by hackers.
Our team has already implemented SHA-512, SHA-256, AES, ECDSA, and other algorithms necessary for strong encryption/decryption. We have a working prototype and are completing an initial hardware design.
The goal is for a user to be able to construct the CrypTech HSM from off=the-shelf parts and free downloadable firmware. We expect commercial manufacturing as well, both of outboard models and internal designs.
CrypTech is a great open source project, which benefits from a watchful community that makes sure the HSM is not compromised by accident or by hidden backdoors or other intentional weaknesses. Open source has proven its ability to create successful security technology, and CrypTech will be no exception.
Still, we need your help. The project has expenses and we always need more volunteers. We’ve received financial support from Google, Comcast, and other companies. To protect the project from dependence on any donor, we have limited contributions to no more than $100,000 per company.
We also appreciate support from the Internet Society and RIPE, the IP allocation organization. If your organization would like to contribute, we would appreciate your support.
If you’d like to volunteer, we would appreciate that, too. While engineers are most in demand, we use some non-engineers, as well. Eventually, we will need beta testers for hardware and software.
I work with the project as a finance lead and my company, Afilias, is a CrypTech supporter.
To learn more, visit our website at cryptech.is where you will find information and links to our wiki and source code.