Thank you s7r, Tom,
I'll try to explain what I'm doing - I'm working on something called SIM4Things - it's an Internet of Things project, giving Internet-connected objects a persistent, cryptographically secure identity and a way to reach similar objects. The closest analogy is the SIM card in the GSM / mobile world (hence the name :) ). The identity is actually an RSA keypair, stored in a tamper-resistant microSD form factor secure element (like this one
https://www.swissbit.com/ps-100u/ ).
The project does multiple things - first, it gives the node an identity - the RSA private key inside is used to sign a hidden service descriptor (a la OnionBalance) that is then published. As long as the device has access to the smartcard, it can sign descriptors. Once the card is removed, it can no longer do that.
Second, using hidden services means that the devices become accessible at a single .onion address regardless of how they connect to the Internet and how many firewalls and/or NAT gateways they are behind.
I'm very close to having a fully functional proof of concept on this tiny board
https://labs.mediatek.com/site/global/developer_tools/mediatek_linkit_smart_7688/whatis_7688/index.gsp . It runs OpenWRT. A Python script using STEM connects to Tor and to the internal smartcard, fetches the hidden service descriptor as published by Tor and modifies / re-signs it to point to the address associated with its public key (keeps the introduction points, rewrites everything else). I know this will no longer work with Prop 224 but afaik Prop224 is still 1-2 years away. Once the new descriptor is published, the node can talk to any other similar node over the Tor network.
I want to offer the same guarantees that a regular SIM card inside your phone would offer - as long as you have the SIM, you can join the network and talk to other nodes. Once the SIM is gone, you should no longer be able to do so. It should also be impossible (or very hard) to clone such a SIM card and it should be impossible (or hard) to generate hidden service descriptors in advance (that would allow you to join the network even after the SIM has been removed).
So, to summarize - I'm doing a SIM card for the Internet of Things. The SIM is a microSD tamper-resistant secure element with an RSA key inside. It gives the node an identity (strongly tied to the physical SIM) and a way to talk to similar nodes, with no central server or censorship opportunity.
If you have any questions, feel free to ask.
Thanks,
Razvan
--
Razvan Dragomirescu
Chief Technology Officer
Cayenne Graphics SRL