Betrusted Storage
Plausably deniable encrypted storage
Betrusted aims to be a secure communications device that is suitable for everyday use by non-technical users of diverse backgrounds. We believe users shouldn’t have to be experts in supply chain or cryptography to gain access to our ultimate goal: privacy and security one can count on. Today’s “private key only” secure enclave chips are vulnerable to I/O manipulation. This means there is no essential correlation between what a user is told, and what is actually going on. Betrusted will build a full technology stack, including silicon, device, OS, and UX that is open for inspection and verification. We've passed the first hurdle of creating an FPGA-based device, which we have spun out into a development platform we call Precursor. We are now advancing deeper into the technology stack to improve FPGA, drivers, OS, and UX elements, all driving toward the common goal of making Betrusted a simple, secure, and strong device that aims to advance Internet freedom.
- The project's own website: https://betrusted.io
Why does this actually matter to end users?
As our lives get more digital every day, we use the internet to have important conversations - both personal and professionally. We also store and share more and more sensitive personal data on devices. On the internet you cannot just close the door to talk privately. So we need digital safe spaces and digital locks and vaults that are just as reliable and easy to use to store our secrets and mediate our communication.
Recently manufacturers have started to build so-called hardware enclaves or secure elements into their devices that function like a digital safe: even if someone is able to get some software installed into your computer, phone or laptop, they should not be able to immediately access what is in the safe.
But of course, creating a secure space or making a digital safe in an environment you don't really control or understand is really hard. All the technical protection no longer matters when someone can invisibly take control or peer over your shoulder. Especially since you as a user can't see yourself what is happening on the inside of your digital house. A safe and a rogue application can and will look completely identical to a user, and there is simply no way to distinguish among them based on their appearance. Users install many unknown games and applications all the time ("install our app to start getting discounts now!"), and forget that this is actually letting more or less random entities run unknown software on the phone that holds some of their most important information. And what if the operating system of your computer or phone itself has an unhealthy interest in your data or metadata, or is weakly protected to that others can just enter - similar to how unsafe it would feel if your landlord or the janitor is a peeping tom or a thief?
Betrusted is a dedicated open hardware project that is pioneering a new class of hardened communication device. It has the goal to create safe and more easily protected private channels for your communication. You can have a frivolous phone to play games, and do all the other things you can use your phone for. A Betrusted device is a complementary device that restricts itself to protecting the things that matter most - like your conversations and phone calls. It will also be able to hold passwords, digital versions of your passport (and other digital credentials and attributes), and whatever sensitive digital information you need to keep completely secure.
The first device spawned by the Betrusted project is aptly called Precursor. Think of it as a Raspberry Pi crossbred with a traditional Blackberry phone form factor, but with strong security features you can verify yourself from top to bottom. Precursor will allow you to be among the first in the world to experience the unique ideas behind the Betrusted project. However, because of its unique form factor, Precursor is more than 'just' a Betrusted device: it is a framework for DIY fans and developers to build upon. It will also diligently serve your own projects as an ultrasecure 2FA device, a portable HSM, an encrypted team pager, a scientific calculator, a mobile VPN hotspot that tunnels your traffic safely across the internet - or whatever else your creativity may come up with.
After NGI Zero funded the initial work on the Betrusted hardware and software design, this project will further develop a number of core components to ultimately create an easy-to-use and thoroughly trustworthy vault for everything you like to keep safe.
This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.