The Making of a Secure Open Source Password Keeper from the - - PowerPoint PPT Presentation

the making of a secure open source password keeper
SMART_READER_LITE
LIVE PREVIEW

The Making of a Secure Open Source Password Keeper from the - - PowerPoint PPT Presentation

Sep 07, 2023 389 likes •918 views

The Making of a Secure Open Source Password Keeper from the electronics to the high-level software Mathieu Stephan Hello! I am Mathieu Stephan - Embedded systems engineer - Former writer for Hackaday - www.limpkin.fr - Mooltipass

slide-1
SLIDE 1

The Making of a Secure Open Source Password Keeper

… from the electronics to the high-level software

Mathieu Stephan

slide-2
SLIDE 2

Hello!

I am Mathieu Stephan

  • Embedded systems engineer
  • Former writer for Hackaday
  • www.limpkin.fr
  • Mooltipass project founder
slide-3
SLIDE 3

What is the Mooltipass?

  • Secure credential & file storage
  • Native browser integration
  • Recognized as a keyboard
  • Multiple users
  • Cross platform
  • Open software & hardware
slide-4
SLIDE 4

The Internals

USB HID Microcontroller OLED screen Flash memory Clickable wheel Mooltipass Mini

PIN-locked smart card, containing the user’s AES-256 key

slide-5
SLIDE 5

Usage Example

slide-6
SLIDE 6

Usage Example

slide-7
SLIDE 7

Presentation Outline

Here’s how... … this adventure started … 20 people collaborated without meeting each other … we produced two devices from the ground up … we created the Mooltipass security model … the Mooltipass hard-, firm- and software was designed ...and what’s next!

slide-8
SLIDE 8

1.

Starting The Project

Getting contributors and setting up the project infrastructure

slide-9
SLIDE 9

Beginning The Mooltipass Adventure

First call for contributors was in December 2013

  • First article on hackaday.com describing the concept
  • “Developed on Hackaday” but not associated with it
  • Received 30 applications!

Work was assigned based on the applicants’... 1) Preferences 2) Available spare time 3) Area of expertise

slide-10
SLIDE 10

Globally Distributed Contributors

me

slide-11
SLIDE 11

The Ground Rules

  • Implement features as determined by consensus
  • Use GitHub for code versioning and source control
  • Document the produced code (doxygen)
  • Work in a dedicated file or folder
  • Follow the chosen coding convention
slide-12
SLIDE 12

Group Communications

Constraint: people have different availabilities!

  • Separate general and development discussion groups
  • Direct contact via IM service (sparingly)

Challenge: keep the momentum going!

  • Show off contributors’ progress
  • Ensure the community feels involved
slide-13
SLIDE 13

Management Infrastructure

Trello - a free online Kanban board

slide-14
SLIDE 14

Management Infrastructure

Based on the Japanese kanban process

  • Respect the roles, responsibilities and titles
  • Leadership at all levels
  • Document & encourage evolutions
  • Maintain a community atmosphere
  • Obtain & manage ETAs without contributors feeling

pressured

slide-15
SLIDE 15

2.

The Mooltipass Hardware

slide-16
SLIDE 16

Functional Prototype

Hand soldered and shipped to contributors

slide-17
SLIDE 17

Mooltipass - Case Choice

Designs made by the community

slide-18
SLIDE 18

Mooltipass - Final Design

110% funded in Dec. 2014

slide-19
SLIDE 19

Mooltipass Mini

300% funded in Oct. 2016

slide-20
SLIDE 20

Mooltipass Mini - Tests

Testing the adhesive strength

slide-21
SLIDE 21

Mooltipass Mini - Tests

...but some people double checked!

slide-22
SLIDE 22

Mooltipass Mass Production

Chinese assembly lines

slide-23
SLIDE 23

Mooltipass Mass Production

CNC shops

slide-24
SLIDE 24

Mooltipass Mass Production

Video instructions for the assembler

slide-25
SLIDE 25

Mooltipass Mass Production

… and a lengthy quality control document

slide-26
SLIDE 26

3.

The Mooltipass Firmware

slide-27
SLIDE 27

Firmware - AES Encryption

  • Using AVR-Cryptolib, CTR mode
  • Checked against NESSIE vector sets
slide-28
SLIDE 28

Firmware - Encrypted Storage

  • Dedicated flash memory used for storage
  • 2 types of data
  • Credentials
  • Encrypted blobs
  • Sorted linked list data structure
slide-29
SLIDE 29

Firmware - Data Structure

Service A Service B ... Login 1 Login 2 Login 3 Login 4

Encryption key stored inside the smart card

slide-30
SLIDE 30

Firmware - Smartcard Use

  • Ubiquitous form of read-protected memory
  • 16-bit PIN access (“0000” to “FFFF”)
  • Permanently locked after 4 incorrect PINs
  • Cheap (<$1) in volume
slide-31
SLIDE 31

Firmware - RNG

  • Uses watchdog timer’s natural jitter
  • Generate 8 bytes per second (!)
slide-32
SLIDE 32

Firmware - USB

  • USB composite: HID keyboard and ‘proprietary’
  • Proprietary channel for integration plugins
  • Keyboard channel for manual password recall
  • USB Keyboards are natively supported by all OSes...
  • ...but LUTs needed for different locales
slide-33
SLIDE 33

Firmware - LUT Generation Tool

… basically bruteforcing a given layout

slide-34
SLIDE 34

Firmware - Graphics Library

  • Designed from the ground up
  • Optimized for speed
  • Features:
  • RLE compression for bitmaps
  • Bitmaps, fonts stored inside the external flash
  • Python scripts to generate the graphics bundle
  • Can be securely updated
slide-35
SLIDE 35

Firmware - Update File Format

graphics bundle (bitmaps, fonts, strings…) padding new firmware version number AES key update flag new firmware padding (new AES key, encrypted) CBC MAC

Fixed size to mitigate CBC MAC weakness

slide-36
SLIDE 36

Firmware - Bootloader

  • Checks signed firmware updates
  • Stored on the device:
  • One unique AES key for firmware signing
  • One unique AES key for hash generation
  • Read-protected UID for device non-tamper check
slide-37
SLIDE 37

Firmware - Security Model

Relies on the fact that :

  • Physical tampering with the device leaves traces
  • Microcontroller programming first requires chip erase

Firmware integrity is therefore checked by:

  • Reading the read-protected UID at device reception
  • Reading user card-dependent hashes
slide-38
SLIDE 38

Firmware - Static Analyses

  • Performed by security groups, researchers...
  • We had access to some of them...
slide-39
SLIDE 39

Flashing the Firmware

Custom-made programming jig

slide-40
SLIDE 40

4.

The Mooltipass Software

slide-41
SLIDE 41

Python Tool - MooltiPy

Created by one contributor:

  • Can use all Mooltipass features
  • Can be called from other apps
  • Pure command line interface
  • Store / recall small files
slide-42
SLIDE 42

Chrome App & Extension

  • Cross-platform
  • Unfortunately Chrome-only
  • Two-click installation:
slide-43
SLIDE 43

Chrome App - MooltiApp

...converted into a standalone App using Electron

slide-44
SLIDE 44

Cross Platform Tool - Moolticute

Daemon Mooltipass HW

Chrome Safari Firefox SSH agent

Moolticute App Moolticute CLI

slide-45
SLIDE 45

Cross Platform Tool - Moolticute

Qt & C++ - Created by a contributor

slide-46
SLIDE 46

Cross Platform Tool - Moolticute

… and now being developed by the Mooltipass team

slide-47
SLIDE 47

4.

The Next Mooltipass Device!

slide-48
SLIDE 48

Next Generation Mini

“Unsafe” MCU U S B ATBTLC1000 Secure MCU OLED Data Flash DB Flash UART LIS2HH12TR SMARTCARD

Secure Domain

May be disabled

slide-49
SLIDE 49

Contributors Wanted!

Firmware:

  • New database model implementation
  • Unicode support implementation
  • Bootloader implementation
  • User interface design
  • U2F implementation
  • < your idea[s] here >
slide-50
SLIDE 50

Contributors Wanted!

  • C++ & QT: frontend for the new firmware features
  • Web: implement a user space on mooltipass.com
  • Python: security implementation checks
  • GIMP: create Mooltipass graphics
  • Android & iOS: App development
slide-51
SLIDE 51

Thanks!

Questions?

You can find me at: limpkin on freenode.net mathieu@themooltipass.com