Use not hacked MCU / Shedding too much Light

[no111u3]

The current STM32 mcu's have easy to reproduce hack metodology - https://www.aisec.fraunhofer.de/en/FirmwareProtection.html.

I think stm32 mcu's are dangerous for key storage.

[jans23]

Nitrokey Storage doesn't contain a STM32. Instead it contains a certified smart card to store cryptographic keys.

[szszszsz]

Edit: this is about this paper: Shedding too much Light on a Microcontroller's Firmware Protection

@no111u3 to add:

• in the paper, STM32F0 was investigated, which is a different chip than we use in our products;
• possibility to use the same techniques over other STM32 families are mentioned, but not confirmed by the researchers;
• by design we have assumed flash can be read by adversary - user data are encrypted at rest (besides OTP data, about which we warn users in the Nitrokey App);
• one would argue, that using UV and chemicals to decap the MCU is easy to do (for RDP level decrease; which still might result in losing secret data anyway), while installing malware on the PC and fooling user would be much more feasible;
• finally, by the rule, the device you have lost physical access to is not your device anymore - it can have replaced MCU, modified firmware, have additional MCU in the middle for recording or modifying communication, or even sending data wirelessly to other device/PC.

Additionally, Nitrokey Pro and Storage products contain smart cards, which keep the actual secrets - OpenPGP keys, user custom data, and internal data encryption key.

Edit: Nitrokey Storage uses AVR32. Edit: Other than that, this is a great paper, and it is perfectly fine to have doubts about used MCUs. It increases the awareness about the potential hardware attacks, which I appreciate. One should assume models of other producers are prone too to similar attacks, unless it was specifically designed to avoid it. Thank you for reporting!