Memoryless Peripherals and Secure Notebooks

so first off thanks for coming everyone to my presentation today and uh also for bsides thank you for the opportunity to talk on the project and hopefully there'll be something here that's interesting for everyone um yeah it's it's a been a bit of a labor of love so far and um yeah so this is my secure notebook and feel free to come and inspect it closely at the end if you like uh and let's get into a little bit about what it is um yeah if I was in America I guess I would say that I'm trying to I build the most secure notebook taking device that exists but because we're not in America we're in the UK this is my lovely little

side project which I hope you'll find interesting um yeah so a bit of the secret history um of the world really like how I stumbled upon this project um mostly because the had a large interest in Secrets um more specifically is there a perfect secret um system existing and the Frank Miller reference the S City reference is a little bit irrelevant but there is a Civil War era um General and sorry banker and crypt nerd who invented something called the onetime pad and the onetime pad is a pretty close to perfect secret system uh uh it was later patented at Bell Labs which happens to be the same place that maybe some of you all know Cloud chanon worked

uh is the modern father of information Theory and um these days it's been digitalized and is used in diplomatic channels and by the military mostly um and this is the original uh it's got this nice property that it's information theoretically perfectly secure however it's the caveat is that the passcode for your device has to be as complicated as long as the secret itself so it's it's hard to remember the passcode um and it's and as like the name says it's a onetime pad so it only works once so it's not super ready for user use really um except in these channels so I kind of moved on from this so anyway a bit of an intro to me um I was trained

as a mathematician at University and then spent some time with Wolfram in their data engineering team moved to arm and their GPU team worked there for a while uh spent a while freelancing um for startups and building their MVPs then I was got my security clearance at um a company and worked on a blackbox on radio frequency stuff then I was inducted into the madness of fintech in Canary Warf for a little while and I'm now um here talking to you guys so the problem context uh that I'm that that we're dealing with today it's it's uh it's quite specific so bear with me for a sec um I am a little bit new to the security

space so but I have and I have noticed a trend and which is that we um as on General as a population as a as a people we prefer convenience than security um and there are trade-offs that have been made because of this uh and the tradeoffs um technologically uh uh are that um are are on the CPU they're on something called cache inside the CPU really fast access memory um disclaimer about the project I'm not solving for some threats that do exist out there so there's side Channel threats you know I'm not we're not we're not solving for a you know a drone spying over your shoulder and recording your keystrokes uh we're not solving for the

bug that's been planted in your office and that is giving Telemetry to remote AI models and reconstructing passcodes based on the sound of your keystrokes and we're definitely not solving for Hardware level like manufacturer level implants in chips uh and so this is a graphic that I took from a really good video that I recommend everybody go watch actually if they're interested if you're interested in this kind of stuff called mod chips of the state um by a guy called traml Hudson and it's a Triple C talk um what you're seeing here is um like a two like a a massively electron microscope zooming in on a chip and there is uh that's not meant to be

there that's an that's an that's a AR an arm cortex CPU inside embedded inside of another um CPU uh don't know what that's doing but not something good yeah okay so a bit more into the technical side of the Sol of like the problem uh so these these bugs that have occurred recently first one spotted in 2018 um by some Google developers and more recently there's one that's been spotted in 2021 called Pac-Man uh and what they do is they so Chip Architects to solve to solve for this problem at the time of applications not going fast enough they introduced cash into the architecture of the CPU um and that enabled something called Branch prediction

Branch prediction is a uh you can think about it as if the when a program is running on your computer uh the the CPU will try to execute lots of different potential outcomes of the branches all at once uh but to do this it kind of has to remember um in case it makes a mistake and has to go back back to a state that was known to be true so um so yeah so so cach is introduced to do this you could use Ram but it be hundreds of times slower because it's further away physically uh yeah and so what do attackers do with this they um they do they perform a sign Channel attack they fill they fill the

cach up with data and they measure the time taken for random oper like specific operations to be done on the cache and can infer private data from that methodology uh so yeah when I talk to friends and family about this problem this is how I imagine they see me pretty much um but I think there is a real future where apple or any other of these large companies um who uh manufacturing phones have put a little AI device in your phone and this AI is trained on every single bug that exists on the internet um and who knows maybe when you get your device you um give it access to your phone suddenly there's all these

bugs that can be exploited um at large because the reality is that this speci at the moment this specific problem probably is only affecting people of high value and systems of very high value um so yeah I I think at the moment it's not a big concern for most people but in the future maybe yes uh so with all that in mind I got to building stuff because that's what I like to do um and and landed on a philosophy for Designing this thing um I want a MIM execution environment running on bare metal what that means no operating system um because that has a lot of unnecessary things in it uh each of the components that are building with

are modular and both the software and the hardware so that makes them easily upgradeable some technology that I decided to go against uh so this is CLD up here it's kind of it's it's very nice it solved most of my criteria but actually it contains embedded persistent memory and that fails the minimalism kind of criteria don't need embedded persistent memory for this project I'll explain a bit more about that and why later and this is a kind of a classic microcontroller they're cheap as chips um but they're programmed with c and there are a lot of C vulnerabilities out there so landed on the fpg as a as a technology to build on uh it stands for

field programmable gate array um and why does this s allow for a solution to the speculative execution problem um it's a you're designing Electronics with it so you can design your pro program to uh execute purely sequential operations so no spec no Branch prediction um and then memory can be implemented and reimplemented in any way we choose so it doesn't have to be uh doesn't have to be uh a heap or a stack it could be whatever you want um however it is hard to design these on this Pro on this tech for an end user and they are more expensive than microcontrollers so overall very nice I think and we're going to go with that

one designing with fpg you you are building with on electronics and so um uh especially when you're communicating with devices peripherals around the fpga um um you end up having to deal with waveforms a lot so this is a waveform um that you might see and it implements something called the SPI protocol um there was actually a workshop on this earlier that you might have been at some people but uh what it comes down to is to is to build your solution um with a lab a home lab for instance as you can see here there's a logic analyzer and a probe that's attached to one of the little arms of the chips and you can record the

data that your program well that your software makes that your design outputs uh using this Tech and there's an fpga there that does that creates signals um could be a CPU if you wanted um but not for this project uh and then some two pin buttons and OLED display as well so the lab has evolved originally the well this was V1 I guess uh and it was very cable solidy v0 was even more cable solidy but the isera thing hopefully will end up with a PCB eventually um so the the project has a lot of growth potential like if you want to learn about Material Science it's really possible to do that with this technology

fpj's because you you kind of have to think in terms of the material science of it um there's a lot of stuff that I will never know and usually this is the meme that I come back to when I'm thinking about computers so the design the blueprints kind of it was a top down approach um uh this is the top down approach and uh there's four main components as you can see on the board uh there's the inputs there's the display there's the fbj and the Flash that's the memory persistent memory um and so you can see here is a slightly more in-depth design for the protocol itself uh which is um yeah included all the drivers and the op

codes to get things to work properly uh so how do we write fpga software um fpga software fpga uh is actually you're actually creating HDL so you use software to describe Hardware you comp compile the software into a bitstream and upload it to the fpga and it will essentially run like a um like a program I guess um uh I'm bit outside the scope of this talk if you want to hear more about this I recommend watching Clifford Wolf's Triple C talks um they're really good so uh an fpga um okay one more thing about it is it's best working when every subm module and every module in it is working as a finite State machine again

something a bit outside the scope of this talk but um in practice it's good to remember that every time you're Hardware design reads a clock cycle uh round of logic is executed uh and yeah we're doing it this way um is extremely fast at the nanc time scale actually so you can't really do much better if I'm honest so yeah that's that was my talk um thanks for coming and your time and if you're interested in the project or want to keep updated there's some details here uh QR code I'm realizing after today probably not the best thing to have shared at this conference um people don't seem to trust him so uh yeah give me an

email thanks