[Cryptography] embedding security (was ChaCha)
dan at geer.org
dan at geer.org
Fri Mar 14 14:18:40 EDT 2014
All -- Sure, there are imperfections and edge conditions around the
requirements I was suggesting (management-interface XOR finite-lifetime)
for embedded devices. As always, it is tempting to let the best
be the enemy of the good, with which I am sympathetic in emotion
but try always to discipline myself out of such temptations. In
any case, the triad of {immortal, un-updateable, and vulnerable}
and its cross-product with Really Big Numbers of embedded systems
seems so real and so prevalent that a cold bath is surely preferable
to waiting for a sufficient disaster to make way for easy change.
(Yes, I know, Washington wisdom says to never let a good crisis go
to waste, meaning that absent a crisis the status quo ante is the
rule of the day. All hail Rahm Emanuel, so to speak.)
In the meantime, this is an interesting paper...
Perimeter-Crossing Buses: a New Attack Surface for Embedded Systems
http://www.cs.dartmouth.edu/~sergey/pubs/WESS-2012-usbsurface.pdf
--dan
More information about the cryptography
mailing list