isolated processing hardware and network overview

General abtus overview

http://www.image-share.com/upload/2651/274.jpg

Security layers overview (to provide isolated processing and guarantee full privacy execution).

Layer 0: Faraday stainless-steel spherical cage to provide basic physical isolation.
Layer 1: Crypto-physic key storage for anti-tamper and integrity validation
Layer 2: Classic multi-layer mesh enclosure
Layer 3: Crypto-physic operation (physic property that cannot be cloned or reproduced in real world, at least from the universal public physics knowledge available) provide additional support to outer and inner layers. Additional info will be released at device launch.
Layer 4: MCU and critical components manufacturers isolation security layer. additional Info will be released at device launch.
Layer 5: Secure mechanism to trigger MCU self destruction if some of the outer layers fail.
Layer 6: Multi MCU EAL4+ / TGC compliant with secure processing and memory protection.
Layer 7: True hardware random private keys generator

http://www.image-share.com/upload/2652/260.png

The layer 1 (attached to the internal wall of the Layer 0) has the responsibility to guarantee the first level of devices integrity. The amount of Crypto-keys stored in this layer is almost infinite from a practical perspective. The crypt-physic keys works as a crypt function; each input produces a different and unique result on each abtus device with very large entropy.

Before delivery to final operator, multiple sections representing a tiny portion of the layer 1 capacity are read and temporarily stored in an isolated media. Read the full layer (a brute force attack) on one device will take over a year, considering the large amount of combinatorial parameters values and reading/processing speed (an intrinsic physical limitation). This information will be used to authenticate the device after final operator delivery and to initiate the start-up.
Once the device's integrity is validated, the device broadcast their existence in the network and starts accepting requests to send small portions of layer 1 to other abtus nodes with random generated parameters. Further device integrity validation will be performed entirely by the abtus network consensus.

http://www.image-share.com/upload/2652/259.png

The layer 0 & 1 provide the first barrier to authenticate the device (integrity validation) but is not related with the crypto operation. The crypto communication keys and the operational keys are generated at the start-up by the true random MCU generator (Layer 7) once the device is fully validated. The keys are stored permanently in a special isolated flash memory only accessible for the encrypt/decrypt processor (ARM secure MCU). The outer secure layers, including the operator or the network does not have access to the isolate keys (physically disconnected from API interface by a secure mechanism provided by the secure MCU).

Any physical intrusion like a micro-hole, deformation, visible and non visible light, excessive heat or radiation, pressure or other common hack techniques will modify the crypto-physic function and invalidate the device for trust operation. A confirmed intrusion will physically destroy the most internal layer that holds the operational crypto-keys.

Software updates

Because the software interface with the system is open source, anyone can verify and monitor the interaction with the API to access the isolated crypto-physics processor. The software inside the MCU is open source and has a unique signature to validate their integrity.

Software improvements can be easily updated in the main Linux computer platform. Internal software running inside the MCU will require a more complex mechanism and a full network consensus to accept the new signature (the MCU include an internal software/hardware mechanism for limited updates in the future in a secure and trust way). The internal updates are limited to specific values in time, amount and size.