High quality noise in a FPGA - How the TKey TRNG works
What is a TRNG, what is its purpose, and how does it work? These are the questions we try to answer in this blog post.
Vulnerability in tkey-device-signer & verisigner
A vulnerability has been found in tkey-device-signer and verisigner that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey.
New Firmware Release
On January 15 we received a potential vulnerability report about the TKey firmware through our bug bounty program. The reporter had discovered that code that should erase memory where sensitive data is stored, is optimised away by the compiler. We deem the firmware problem a fairly benign bug because no sensitive data is leaked and the memory is erased and hardware protected anyway.
How the TKey Random Number Generator App works
Introduction The TKey Secure Random Number Generator app allows a user and a client system to get high-quality random numbers from a source separate from the client. A unique feature of the app is that it can also sign the random data delivered, thus allowing the user to verify the integrity of the generator, the integrity of the data, and the origin of the data delivered. But a secure random number generator must also deliver high-quality random numbers. In this blog post, we will look at how the generator works and the measured quality. In a coming blog post will discuss the signing and verifying in more detail.
On Flexibility and Future Proof
On Flexibility and Future Proof What makes TKey flexible? The function of a TKey is defined by software, the TKey Device App, that is uploaded to the TKey from the client, the computer or mobile phone the TKey is attached to, and usually a piece of software running on the client that is loading and then communicating with the TKey device app.
On TKey Key Generation
Digital keys is how information and communication on the Internet is protected. We all use them every day. Hence, generating those keys is crucial aspect of security. This is how it’s done on TKey.
About TKey Memory
About TKey Memory One important aspect, when it comes to security in devices, is how data stored in memory, is protected. Program Storage On the end user TKey, the entire FPGA design together with the firmware ROM is kept in the locked-down configuration memory (NVCM - Non Volatile Configuration Memory) within the FPGA chip. It’s not externally readable and only readable by the FPGA when configuring itself. This means the device secret (UDS) can’t be read, not even with the TKey programming board we provide.
TKey Interaction Points
TKey Interaction points TKey has two LED’s indicating status and one touch area. Power LED illuminates blue, when TKey is powered. Status LED indicates different statuses. There are two basic indications: When TKey has booted up status LED illuminates in white. Red blink means something is wrong, restart TKey by removing it from USB port and re-insert. Green blink means user has to assert presence. This behaviour depends on the TKey device app.
On Open Source
On Open Source Our name, Tillitis, is a play with words on the Swedish word “tillit”, which means trust. One way to be trustworthy is to be transparent. We strongly believe that security products are better and even more secure when they are open. That way everyone can inspect the hardware and software design before choosing to use it.