The goal of the USB-Crypt project is to develop and integrate a powerful, but easily portable crypto module with an USB interface as a secure single chip IC. This IC module will contain all of the standard crypto algorithms like AES, DES, Hashing, RSA and ECC. It can then be mounted into an USB dongle like housing for universal use with an I&C equipment fitted out with an USB interface. Specific firmware in the controller part of the module will provide the elementary crypto functions and also low level operating system routines. A generic API will offer easy interfacing to host systems. The practical usability together with the system features will be tested by different security applications like: e-commerce, network security, data encryption and digital security. The overall security quality will be analysed and certified by a Common Criteria evaluation.
For realising high security electronic commerce and other information and communication security applications a high level security module is necessary: This should be inexpensive, fast and flexible enough to plug it in every critical IT equipment and protected against manipulations.
The objective of this proposal is to develop and test with some applications:
A hardware security module as a single chip integrated circuit (IC) with all necessary cryptographic functions (symmetrical, asymmetrical and hash algorithms), secure internal memory parts for storing keys and variables and an in module control processor for trusted control of the security functions.
An USB-interface to the applications world allows the use with every modern I&C equipment like PC's and other communication or data processing equipment. The implicit crypto control firmware and the host API supports the necessary crypto primitives and the elementary security operating system. The module/system will be tested with different applications like e-commerce, network security, data encryption and digital signatures. A CC analysis and certification will show the achieved quality.
For reaching a high security level, we will use an advanced smartcard processor kernel (32Bit) as the basic element. This includes already the proved implicit smartcard security mechanisms for enhanced physical protection.
Fast and secure cryptographic hardware coprocessors will be added to this kernel:
.The new AES together with the traditional DES
.Fast universal hashing algorithm processor
.Asymmetric cryptographic coprocessor for ECC or up to RSA-2048A fast USB interface will allow the interfacing to all modern type of I&C equipment.
For controlling and programming the module we will integrate a minimal operating system kernel together with the necessary crypto primitives. This allows an easy integration of the modules functionality by the system developers. For an easy access from the host system we will provide a generic API. This allows also a platform independent operation by JAVA and similar techniques. For the testing of the performance and developing to the practical requirements we will also realise within this project some practical security applications (internet access, electronic signature, data encryption, e-commerce, etc.). For the use in real high level security applications we will show the quality of our system by formal certifying the hardware and the OS kernel according to the Common Criteria level EAL5.
M1: Requirements phase finished
M2: Finished specification phase
M3: Product Implementation/Development finished
M4: Crypto Coprocessors developed
M5: USB-Host driver API developed
M6: Integration and test of Hardware Firmware and host software
M7: Application Security Framework
M8: User Documentation
M9: Dissemination, Implementation
M10: Assessment and Evaluation
M11: Common Criteria Certification
Funding SchemeCSC - Cost-sharing contracts
24048 Treviolo Bg
TW20 0EX Egham, Surrey
28760 Tres Cantos - Madrid