[ell-i-developers] Re: FYI: Security protocols in constrained environments
- From: Pekka Nikander <pekka.nikander@xxxxxx>
- To: ell-i-developers@xxxxxxxxxxxxx
- Date: Fri, 21 Feb 2014 09:38:07 +0200
> I’ve had the gut feeling that we just _may_ be able to fit in the lowest end
> (STM32F03/F05) something that is able to sign messages but that most kinds of
> complicated stuff like stateful sessions with per session asymmetrical keys
> and all that.
Real signatures or any asymmetric crypto most probably not. Symmetric crypto,
especially hash chains, definitely yes. Symmetric crypto requires quite some
flash, so it may not be doable on the smallest flash chips, but with 16k or 32k
of flash it would be easy. The RAM requirements are tiny. Asymmetric requires
also lots of RAM and big keys or we need to do elliptic curves which are hard
from the IPR point of view.
The biggest problem is bootstrapping of the security context and storing of the
keys while the devices are powered off. Most probably we need to preserve one
flash page for that.
With hash chains we can do online signatures, i.e. signatures that require both
communication parties to be online at the same time. Asymmetric crypto allows
offline signatures and therefore also certificates.
I presume that we will see these kinds of developments in the CoAP space.
> I’m in my mind targeting a world where every communications is encrypted or
> signed, and all nodes in a network can somehow be verified to be trustable.
If you mean "encrypted or signed" as a high-level catch-all phrase, then I
agree. IMHO, at the lowest level some simple integrity protocol e.g. a la hash
chains is completely acceptable. That is, a hash-chains based integrity
protocol does not encrypt anything, and nothing is signed either. But the
integrity of the data exchanged is protected, as well as the integrity of the
transactions.
> Mr Moore might make this happen soon enough so that we can use the F4 series
> for even the lowliest nodes of a single pushbutton but I’m not betting on it.
> In the lowest cost nodes we’re basically aiming at our BOM be comparable to a
> PSU without any processor at all, having a special power supply controller
> chip.
+1
> This is very challenging and interesting.
Well, to me this is moderately challenging and so-so interesting. :-) I did
those things for almost 11 years as my main job. So, the real organisational
challenge here is to find people who want to learn and do the things so that I
don't need to do something almost boring (to me) :-)
In general, doing security in that level is somewhat challenging and pretty
interesting. It takes 3-4 years to learn it properly, and then another 1-2
years to get to bleeding edge research. But then keeping there is relatively
easy, the progress is slow compared to e.g. software engineering. I guess it
will take me 2-4 months to get really up-to-date once we are organisationally
ready to go back to the bleeding edge.
Overall, you need to know some basic number theory (if you understand Euler's
theorem you are fine) so that you'll learn basic crypto, medium-level formal
logic (if you understand Gödel's incompleteness theorem you are fine) so that
you'll be able to argue about cryptographic protocols, and then study a little
bit more, 3-4 books. After that you'll be all set and able to start the real
work.
> We’re already doing things commonly thought undoable or at least middle depth
> black magick. Our software controlled power supply is usually perceived as a
> serious WOW thing by people knowing median hobbyist level of electronics. We
> know that in reality a switch mode power supply just requires the designer to
> think in one more dimension but this is already nothing special for any radio
> hobbyist. We’re basically just pushing energy into storage and releasing it
> from there. I’m hoping we eventually run into somebody who can generate a
> nice 3D representation of the U/t and I/t graphs that would illustrate the
> operations.
OTOH, we have to remember that 90% of what we do is just normal engineering.
People have done that before. Some 9.9% is putting things together in a new
way. The Internet-connected PSU view is part of that, as well is our way of
initialising an MCU. Only some 0.1% is genuinely new. At the moment the only
genuinely new thing that we've came to is the so-called fat ELL-i, which as you
know is on the ice at the moment since we don't have cycles to even think about
it.
So, most of we do is just hard work, to me. We just need enough of people who
are motivated enough to do it. All of what we do is easily doable by anyone
who can get a Master's degree at a technical university and is able to pass the
math and physics courses there with good understanding. Most of what we do is
doable by with a college-level education in electronics and computer science.
To me, the really hard part is to communicate the vision (as to me it is too
self-evident) and find enough of motivated people to create a community.
--Pekka
Other related posts:
