[Cryptography] Simple IoT sensor encryption ?

Jerry Leichter leichter at lrw.com
Fri Apr 15 07:03:18 EDT 2016


>> Without saying what properties you want the system to provide, you can't
>> possibly analyze the threats - threats to do *what*?
> Simple threat: the attacker spoofs the cheap sensor, and convinces the system that it is really freezing in the master room. Based on that input, the system cranks the boiler way up. The people sleeping in the master room end up being cooked.
Even dumb temperature sensors can fail, reporting either high or low temperatures.  The systems they connect to have to have some kind of protection from such failures.  In the case of a boiler, inherent limits in the amount of heat you can generate vs. the rate of heat loss from the house make the scenario of "cooking" anyone unrealistic.  (There are likely local over-temp sensors are parts of the system that are prone to such problems - if any.  A boiler might have a shutoff tripped by running out of water.)

The original scenario envisioned physical access to the sensor.  If I have physical access to your sensor, I can easily modify it so that it senses whatever I want it to sense.  I can even add my own remote control for my override.  If I can control the inputs, all the crypto you put on the outputs buys you ... nothing.

Granted, if a single symmetric key is shared by all your IoT devices, breaking one breaks them all - but I think we kind of understand that these days.

You can always construct wild scenarios.  How much would you be willing to pay to make sure your temperature sensor can't be hacked (for some meanings of "can't be" and "hacked")?  Costs are a part of a threat model, too.

                                                        -- Jerry



More information about the cryptography mailing list