[ell-i-developers] Re: FYI: Security protocols in constrained environments

  • From: Pekka Nikander <pekka.nikander@xxxxxx>
  • To: ell-i-developers@xxxxxxxxxxxxx
  • Date: Fri, 21 Feb 2014 09:38:07 +0200

> I’ve had the gut feeling that we just _may_ be able to fit in the lowest end 
> (STM32F03/F05) something that is able to sign messages but that most kinds of 
> complicated stuff like stateful sessions with per session asymmetrical keys 
> and all that.

Real signatures or any asymmetric crypto most probably not.  Symmetric crypto, 
especially hash chains, definitely yes.  Symmetric crypto requires quite some 
flash, so it may not be doable on the smallest flash chips, but with 16k or 32k 
of flash it would be easy.  The RAM requirements are tiny.  Asymmetric requires 
also lots of RAM and big keys or we need to do elliptic curves which are hard 
from the IPR point of view.  

The biggest problem is bootstrapping of the security context and storing of the 
keys while the devices are powered off.  Most probably we need to preserve one 
flash page for that.

With hash chains we can do online signatures, i.e. signatures that require both 
communication parties to be online at the same time.  Asymmetric crypto allows 
offline signatures and therefore also certificates.

I presume that we will see these kinds of developments in the CoAP space.  

> I’m in my mind targeting a world where every communications is encrypted or 
> signed, and all nodes in a network can somehow be verified to be trustable.

If you mean "encrypted or signed" as a high-level catch-all phrase, then I 
agree.  IMHO, at the lowest level some simple integrity protocol e.g. a la hash 
chains is completely acceptable.  That is, a hash-chains based integrity 
protocol does not encrypt anything, and nothing is signed either.  But the 
integrity of the data exchanged is protected, as well as the integrity of the 

> Mr Moore might make this happen soon enough so that we can use the F4 series 
> for even the lowliest nodes of a single pushbutton but I’m not betting on it. 
> In the lowest cost nodes we’re basically aiming at our BOM be comparable to a 
> PSU without any processor at all, having a special power supply controller 
> chip.


> This is very challenging and interesting.

Well, to me this is moderately challenging and so-so interesting. :-)  I did 
those things for almost 11 years as my main job.  So, the real organisational 
challenge here is to find people who want to learn and do the things so that I 
don't need to do something almost boring (to me) :-)

In general, doing security in that level is somewhat challenging and pretty 
interesting.  It takes 3-4 years to learn it properly, and then another 1-2 
years to get to bleeding edge research.  But then keeping there is relatively 
easy, the progress is slow compared to e.g. software engineering.  I guess it 
will take me 2-4 months to get really up-to-date once we are organisationally 
ready to go back to the bleeding edge.

Overall, you need to know some basic number theory (if you understand Euler's 
theorem you are fine) so that you'll learn basic crypto, medium-level formal 
logic (if you understand Gödel's incompleteness theorem you are fine) so that 
you'll be able to argue about cryptographic protocols, and then study a little 
bit more, 3-4 books.  After that you'll be all set and able to start the real 

> We’re already doing things commonly thought undoable or at least middle depth 
> black magick. Our software controlled power supply is usually perceived as a 
> serious WOW thing by people knowing median hobbyist level of electronics. We 
> know that in reality a switch mode power supply just requires the designer to 
> think in one more dimension but this is already nothing special for any radio 
> hobbyist. We’re basically just pushing energy into storage and releasing it 
> from there. I’m hoping we eventually run into somebody who can generate a 
> nice 3D representation of the U/t and I/t graphs that would illustrate the 
> operations.

OTOH, we have to remember that 90% of what we do is just normal engineering.  
People have done that before.  Some 9.9% is putting things together in a new 
way.  The Internet-connected PSU view is part of that, as well is our way of 
initialising an MCU.  Only some 0.1% is genuinely new.  At the moment the only 
genuinely new thing that we've came to is the so-called fat ELL-i, which as you 
know is on the ice at the moment since we don't have cycles to even think about 

So, most of we do is just hard work, to me.  We just need enough of people who 
are motivated enough to do it.  All of what we do is easily doable by anyone 
who can get a Master's degree at a technical university and is able to pass the 
math and physics courses there with good understanding.  Most of what we do is 
doable by with a college-level education in electronics and computer science.  

To me, the really hard part is to communicate the vision (as to me it is too 
self-evident) and find enough of motivated people to create a community.


Other related posts: