Timeline for ECDH/ECDSA key exchange on embedded devices
Current License: CC BY-SA 4.0
18 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jan 27, 2021 at 14:39 | comment | added | earthling | Haha thanks :) It's not like I have a choice - the crypto chip only supports ECDH ;) | |
| Jan 27, 2021 at 14:25 | comment | added | Dan | @earthling -- oh wow -- 32K total is really tight!! That is a difficult task. It's good that you're not using RSA for the key exchange, there have been attacks and vulnerabilities that are specific to RSA. You are on the right track. Best of luck! | |
| Jan 27, 2021 at 7:58 | comment | added | earthling | @Dan Thanks for your input! I will read into the history. I am still learning and know, how difficult and especially tricky encryption is. 30k flash sounds great, however, (sadly,) in my case, it's too much. I only have 32k in total :| (I can't change that). BR | |
| Jan 26, 2021 at 12:59 | comment | added | Dan | I realize this question has been answered, so just a comment here... it sounds like you're trying to largely re-create what TLS provides. TLS prevents MiTM, but also replay attacks and many other classes of attacks (exercise for the reader to research the history of TLS and how it has been strengthened over 20 years to cover more and more attacks). Doing crypto correctly is hard enough; designing your own secure protocol is even trickier. I've fit TLS into embedded devices, only requiring maybe 30K of flash; RAM depends on how many connections you want to support. | |
| Jan 14, 2021 at 8:18 | vote | accept | earthling | ||
| Jan 13, 2021 at 19:26 | answer | added | Myath | timeline score: 2 | |
| Jan 12, 2021 at 8:27 | comment | added | earthling | Let us continue this discussion in chat. | |
| Jan 12, 2021 at 7:55 | comment | added | Myath | @earthling No, you don't need to store all public keys of all devices on each device, only the single public key of the manufacturer. | |
| Jan 12, 2021 at 7:45 | comment | added | earthling | @Myath If I understand correctly, storing a certificate for each device would be doable. However, if I wanted to confirm this cetificate by another device, I need to know its public key beforehand. I would have to store the public keys of all other devices, which one be exponentially many. | |
| Jan 12, 2021 at 7:40 | comment | added | Myath | @earthling Yes, each device would have to have its certificate signed by the manufacturer and the manufacturer's public key. | |
| Jan 12, 2021 at 6:45 | comment | added | earthling | @Myath: But then I would have to store the respective public keys on each device, right? If the other device does not know the public data beforehand, I have no benefit. | |
| Jan 12, 2021 at 6:44 | comment | added | earthling | @Crowman: microchip.com/wwwproducts/en/ATECC608A | |
| Jan 11, 2021 at 22:14 | comment | added | Myath | You can give each device a unique certificate signed by the manufacturer. | |
| Jan 11, 2021 at 17:34 | comment | added | Crowman | It would be helpful to know exactly which cryptographic chip your devices have, as it may have facilities which can help with your objective. | |
| Jan 11, 2021 at 16:03 | history | edited | earthling | CC BY-SA 4.0 | added 70 characters in body |
| Jan 11, 2021 at 16:02 | comment | added | earthling | @Crowman I think I used the term TPM wrong. It is a cryptographic chip, that can perform the algorithms I mentioned. I am going to edit the question. | |
| Jan 11, 2021 at 15:56 | comment | added | Crowman | "... and use a small TPM..." - which version of the TPM specification do these devices implement? | |
| Jan 11, 2021 at 15:25 | history | asked | earthling | CC BY-SA 4.0 |