Riot Systems RS-16

It is possible to build a computer which an educated person can understand – in exactly the same way that a Pashtun blacksmith understands a Kalashnikov.
Loper OS: Of Decaying Urbits.

If you want a secure communication channel that involves computers, smartphones or the internet, and if you are really paranoid (which you should be), you have a problem. The mainstream computers and phones that you can buy today are so complex and full of undocumented and insecure components that you cannot trust them anymore.

Also, installing your system and configuring it so that you absolutely know every inch of it is a nightmare bordering on the impossible unless you are a kernel hacker.

RS-16 is an experiment in trust through minimalism, or "honest computing". The design strategy is to build a minimal viable text workstation from components that are fully documented and whose attack surface is minimized. A secondary goal is to make the system open and broadly available for anyone to construct, even if they have very little financial resources.

Here is a first prototype of RS-16 in action:

Riot Systems RS-16 in action

What you can do with it

In short: Alice and Bob can write and safely exchange encrypted letters using the RS-16 and an untrusted transmitter (e.g. a mainstream computer, smartphone).

When you power the system, it displays a text editor on the VGA output. It accepts your keyboard input. It can read to and write from a FAT formatted SD card.

The system has two modes: Editing mode and command mode. You can switch between the modes by pressing TAB.

The system has two memory buffers: one 4096 byte text buffer and one 32 byte key buffer.

In editing mode, you can edit a buffer of text that can be up to 4096 bytes in size. You can navigate around your text with the cursor keys and delete characters with DEL or backspace.

Command mode allows you to generate or import encryption/decryption keys, encrypt or decrypt your text buffer and manage files on a MicroSD card.

Available Commands

ls

Lists the contents of the SD drive.

save filename

Saves the contents of the memory buffer to the specified filename.

load filename

Loads the contents (up to 4096 bytes) from the specified filename and replaces the memory buffer with it.

key

Loads the first 32 bytes of the memory buffer into the AES-256 key buffer.

enc

Encrypts the text buffer using AES-256 as algorithm and the contents of the key buffer as the key.

dec

Encrypts the text buffer using AES-256 as algorithm and the contents of the key buffer as the key.

rnd

Replaces the text buffer by 32 random bytes. Useful for generating new encryption keys.

put

Send the buffer via UART to an untrusted device for transmission, i.e. over the internet. You should only put encrypted buffers.

get

Receive a buffer (probably encrypted by your communication partner) via UART from an untrusted device.

How it works

RS-16 has a single-tasking "operating system" whose source fits on a few pages of paper and is easily understandable by anyone who speaks C. The operating system only implements the functions that you need for editing text, crypto and transferring files. It lives in ROM and cannot run programs from disk, eliminating a range of attack vectors.

RS-16 has no graphics card. Instead the operating system generates a VGA signal directly on 6 CPU pins (for Red, Green, Blue, Vertical Sync and Horizontal Sync, plus Ground). A VGA cable is soldered to these pins. An output routine that runs at ~60hz generates the bits to display 40x40 8-bit characters.

For keyboard input, a PS2 keyboard's cable is connected directly to 4 pins of the CPU (Data, Clock, Voltage and Ground).

The SD card adapter serves as a poor man's SD slot. 6 pins are soldered to the CPU which reads and writes data via SPI: Chip Select, MISO, MOSI, Clock, Voltage, Ground.

RS-16 communicates to an untrusted system via UART (Universal Asynchronous Receiver/Transmitter), which you can hook up to any serial port, or if you don't want a wire to your untrusted system (or your smartphone), to a bluetooth module. Note that only encrypted data will pass over this channel and no commands will be received from this channel, which is critical to make the system secure.

RS-16 can be powered by any 3.3V-5V source, even by a battery. The Teensy3 should not be directly connected to a computer's USB port once you generated a key on it, because this would allow re-flashing of the operating system and gaining access to your secret keys.

Components

Schematics

Working on them. In the meantime, just wire up these pins and flash the software:

Teensy3 Pin VGA Pin
16 Red
17 Green
18 Blue
8 VBlank
8 HBlank
GND GND
Teensy3 Pin SD Card Pin
13 SCLK (5)
3V VDD (4)
25 CS (1)
11 DI (2)
12 DO (7)
GND GND
Teensy3 Pin PS2 Pin
2 Data
3 Clock
3V Vin
GND GND
Teensy3 Pin UART Pin
9 TX
10 RX

Source Code

Source is here: https://github.com/mntmn/rs16

Note that RS-16 is UNFIT FOR REAL USE right now, but it will hopefully be after scrutiny, feedback and hardening.

Problems, Contact

As joernchen pointed out, ECB mode is not advisable. Don't use RS-16 until this has been resolved.

Randomizer is not yet fit

It's unclear which SD cards are secure.

TODO: collect more problems and weaknesses.

Talk to me about RS-16 on twitter or via email: lukas@mnt.mn

Credits

Riot Systems is a moniker of Lukas F. Hartmann (mntmn).

RS-16 is licensed under AGPLv3 and uses work by:

What's next

Planned features: