I'm syncing up with the informal progress that I've been documenting on the discord server I was putting this in. Everything is cut and pasted, and not necessarily curated for hackaday-style documentation.
U2F (Universal Second Factor) is a protocol developed by the FIDO Alliance for two-factor authentication that eliminates the effectiveness of phishing attacks by having a separate device confirm a domain name before authenticating, solving a problem that TOTP (Time based One Time Password) did not. It provides a specification for how physical U2F "tokens" can interact with browsers and web servers in order to provide a cryptographic ECDSA proof in response to a challenge provided by the server. A well known brand of U2F devices a "YubiKey", a quick google search for "U2F", "FIDO" or "YubiKey" will provide additional background information
To build a U2F device that is as cheap as possible. Instead of using an (expensive) secure element (SE) Project U2F will use a low cost micro controller and hardened software. This will result in a device that, if stolen temporarily, may be disassembled (components desoldered) and cloned, given a sufficient attack. Since a theif that steals a U2F token already has access to those keys, this slight decrease in security is not a concern, especially for the average user. Since U2F already operates on the premise of physical security, we're using different components in order to decrease the price without making any significant additional demands on the user for physical security
- Reasonable program memory
- Hardware multiplier (for eliptical curve crypto)
- Reasonably clock speed
- USB Device capabilities
- Open source toolchain for linux OR macOS
- Supports languages other than assembly
- At least a couple other projects that have been able to interface with USB module
- Cheap, especially in volume
Cost and MCU selection
Given these requirements, I've decided to use one of WCH's microcontrollers, specifically one in their CH55x lineI've ordered two development boards for a total of ~8$ shipping, one for the CH554 which has both USB Slave and Host, one for the CH552 which has USB Slave only
The CH551 is cheaper than the CH552 which is cheaper than the CH553 (so on until the CH559, which has USB Host, Slave, and HUB capabilities. Overkill!))
Depending on compatibility, I may eventually use the cheaper CH551 after writing code for the 552 target. All of them have Intel 8051-compatible architecture
I plan to depend on the sdcc SDK for ch55x devices. My use of the CH551 will depend on SDK compatibility
The CH554 costs ~60cents in volume ,
The CH552 costs ~30 cents in same volume
The CH551 costs ~20 cents in same volume
Estimated PCB cost is <15cents/pc (bulk)
all other components are passive and should cost less than a couple cents. An LED (or two) will be included to indicate the state of the device. This should cost no more than another couple cents. There will be no physical button, instead there will be a capacitive touch button
All CH55x devices have a capacitive-touch driver
Entropy for use in crypto will be taken from ADC's least signifcant bits. This seems to be a standard practice.
I will post some resourced I found to aid in firmware development (implementations for other platforms that I will use as reference implementations, USB documentation and specification stuff etc.) as well as progress on firmware development very soon.