Making the Internet a bit safer

Research and education networks are not only about fibres, routers and switches. They also try to contribute to the common good of Internet users. Enter CrypTech, hosted by NORDUnet and making the Internet a little bit safer for everybody.

Software developers and electronics designers from around the world are uniting their efforts in the CrypTech project, designing open source hardware securing the authenticity of digital content transmitted through the internet. NORDUnet plays a key role in the project.

To increase trust, geographical and cultural diversity lies at the very heart of CrypTech. In addition to CrypTech being open source, the diversity principle also applies to the funding of the project, allowing a maximum of 100k USD per donor per year; trying to avoid any one sponsor having too much influence over the project.

Fear of backdoors

All this is for a reason: CrypTech was initiated as a reaction to revelations from Edward Snowden and other security experts regarding massive surveillance by NSA and other surveillance agencies. Experts have questioned the integrity of some of the implementations of basic cryptographic functions and devices used to secure communications on the Internet. This has lead to a widespread fear of backdoors, being open to not only surveillance agencies from different countries but also to cyber criminals.

In particular there is a great need for open, verifiable, implementations of cryptographic algorithms in hardware. Even more so, as the majority of Hardware Security Modules are manufactured by worrysome nation states, giving rise to suspicions that national surveillance agencies could compromise these devices. Hardware Security Modules are machines creating cryptographic keys and storing them safely. The keys are used to authenticate digital content and to assure, that the content you’ve sent hasn’t been tampered on the way to its destination.

Open source crypto-hardware

Now CrypTech is developing an open source hardware cryptographic engine that meets the needs of high assurance Internet infrastructure systems that use cryptography.

In general, cryptography built on software alone, has weaknesses. When an encryption or hash algorithm is written in software and built into a general purpose CPU, or loaded into a general-purpose computer, it remains vulnerable to attack. However, when the cryptography is performed in a dedicated hardware device, inaccessible to the normal operating system, these weaknesses are reduced significantly.

Fredrik Thulin, one of the developers working on CrypTech, explains:

"The financial sector has been using Hardware Security Modules for many years, together with some of the really big tech companies. But apart from that, these modules are not widely spread, partly because they are very expensive. CrypTech aims to provide a much cheaper solution, thus spreading the use of HSMs to the broad Internet community, covering needs such as secure email, web, domain name systems and public key infrastructure."

Around for a long time
The Nordic research and education networks Sunet and RHnet - together with NORDUnet - play a key role in CrypTech, providing both staff and administrative support.
NORDUnet has been around for a long time. Actually, nordu.net is one of the oldest domain name in existence. Trust is important in the CrypTech project, so when people were looking around for an organisation to host the project, NORDUnet was the obvious choice.

Berlin in July
According to Fredrik Thulin, the upcoming Internet Engineering Task Force, IETF, meeting in July in Berlin is an important date for CrypTech:

"The aim is to build a Hardware Security Module from the ground up, and my job in the project is mostly hardware related. I’m working on hardware prototypes, and we hope to have some Alpha boards ready for the IETF meeting in Berlin. This will then be the first really useable board, built based on the CrypTech blueprints."

Hopefully, provided adequate funding, the CrypTech engine will be up and running by 2017. The intent is that it can be built by anyone from public hardware specifications and open source firmware. Anyone can then operate it without fees of any kind.

For more information, please visit the CrypTech website.