[Cryptography] Simple IoT sensor encryption ?
Tony Arcieri
bascule at gmail.com
Sat Apr 16 18:20:08 EDT 2016
On Thu, Apr 14, 2016 at 12:50 PM, Henry Baker <hbaker1 at pipeline.com> wrote:
> Ok, so now we have 2 choices: engage in a DH exchange with the repository
> or utilize random numbers.
>
> Using a DH exchange is a real problem due to 1) latency and 2) we now need
> the little sensor to be able to *receive* data from the data repository,
> which complicates the system enormously and opens up whole new vistas of
> attack surfaces. It also doesn't solve the problem of fully protecting the
> session keys so negotiated from physical attacks.
No bidirectional communication is needed. Each time the sensor wants to
send data, it "seals" it by generating a random ephemeral (EC)DH private
key, computing the corresponding public key and shared secret with the
static (EC)DH public key of the recipient which can be used to derive a
symmetric key to encrypt a given message. Then you just send the
corresponding ephemeral public key along with each message, and erase the
(EC)DH private key (and derived shared secret / symmetric key) once the
message has been sent.
This scheme lacks forward secrecy if the static key on the other end is
exposed though.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160416/0a7d459b/attachment.html>
More information about the cryptography
mailing list