Achtung!
Most versions of this story are vaguely correct:
http://www.signonsandiego.com/news/education/20060620-9999-1m20whizkid.html or http://securitypronews.com/news/securitynews/spn-45-20060620YoungProgrammerDevelopsSecuritySolutions.html
But don’t you hate when you get crap like this?: http://www.theinquirer.net/?article=32543
“Already, a manufacturer has created a working prototype based on Sergeev’s design and he is trolling around the tech fairs flogging his ideas.” Yeah, I love those juicy insults.
There was one (rather big) mistake in the original article: there is no hardware manufacturer “producing my device”. In fact, I designed the pcb schematic and board entirely in CadSoft EAGLE Lite. The pcb got printed/etched by Advanced Circuits ($83 with 1 day turn around for 3 prototype boards), and I assembled the boards myself with parts either sampled from the companies (Microchip, Philips, etc.) or from Mouser and Digikey. As for specifics: the board is based on a Philips LPC2148 ARM microcontroller, and two Microchip ENC28J60 ethernet controllers. RJ-45 jacks are actually Magjacks with integrated magnetics. Other goodies include a serial port, JTAG header, and of course basic voltage regulation.
You know what I loved the most, though? This: “where it probably beat off opposition from another kid’s ant farm and the display ‘My dad’s a scientist’.” As for my dad, well, he’s actually a high-level database programmer (FoxPro), so his expertise does not apply and could not have applied to the science fair project what-so-ever. Writing firmware for a microcontroller (an ARM one by Philips, in my case) is usually low-level C or assembly (mostly C in my case), and includes driving interfaces like UART or SPI (which I do in my project), not query and select statements to a db. Not to mention the whole other side of the project: digital electronics and pcb board design. So yes, I did well in science fair… why? because I honestly built, wrote, and conceived my project by myself, and the judges obviously judged the way they did after they got to know me well enough to realize that this was true. What explains my experience in these subjects? Take it or leave it, but it’s all self-taught. Also, GSDSEF (Greater San Diego Science and Engineering Fair) is hardly your ant-farm project fair. The senior divison projects, particularly, go through some pretty extensive screening sessions to keep the bullshit projects out. A good handful of the projects progress into bigger fairs, patents, or even to the market.
“Sergeev’s big idea is a method of sticking cryptography on inexpensive hardware so that it does not have to end up as software on the operating system where it can be attacked.”
This is a poor attempt at vaguely downplaying the philosophy of the project. Sticking cryptography on inexpensive hardware is usually done with the classic cheap approach all over the market today: running it over a stripped down linux distro or over a simple RTOS- which is entirely against the project ethic. the project is a 100% system-on-chip design, utilizing no underlying operating system, and instead is only raw firmware, which will drive the ethernet controllers directly and have a TCP/IP stack. As for the network security solution, the project will implement either IPSec (layer 3) or maybe something higher like SSL/TLS (layer 3-4). It is an on-going project, but I have a provisional patent on the overall theory and operation of the device, and am considering the patenting process.
One last thing: “Embedded Secure Network Bridge he designed a couple of years ago.”
It wasn’t really a couple of years ago, in fact this project idea actually started late 2005, but was a continuation of a simpler project that benchmarked several encryption algorithms on the AVR (2004/2005).
Yeah, I know I’m usually supposed to ignore this kind of stuff, but since I’m not used to any publicity I figured I might as well attack back, at least on my own blog.
So eat that, Nick Farrell. And for everyone else– think twice about “The Inquirer.”
btw, to some of those diggers (http://digg.com/security/Encryption_project_has_teen_feeling_pretty_secure): the article was pretty vague (it wasn’t supposed to be indepth in the first place, as one digger mentioned, the article wans’t meant for a technical audience), so those that are actually curious about the project (and why it’s not a copy of something that has been done before), email me and I would be happy to explain more indepth. Many of the assumptions/inferences made from the [vague] article text have been very inaccurate 
Thanks,
Ivan (Vanya) Sergeev.
