[Cryptography] Simple IoT sensor encryption ?

Ray Dillinger bear at sonic.net
Sun Apr 17 14:43:38 EDT 2016



On 04/15/2016 12:13 PM, Jerry Leichter wrote:
>> I'm interested primarily in confidentiality of the sensor data during transmission & storage.
> That, in combination with the assumption that the adversary has physical access to the device, makes little sense.  Given physical access, I would simply place my own sensor next to yours.  A hell of a lot easier than disassembling your device, getting the key out, and then putting it back in place in a way that you won't detect.
> 

I think he was saying that the adversary has physical access to examples
of the device that came off the same assembly line with the same
firmware - not that the adversary has access to the instant device.

This is the classic case of the Nest Thermostat - the first few examples
of which had been installed for only a couple of weeks before burglars
figured out how to read their signals in order to find out when the
owners were away and burglaries could proceed.

The burglars weren't already inside with access to that particular
thermostat; if they had been, they could have just looked around for
themselves to see if anyone was home, or installed their own IR sensors
and motion detectors alongside the Nest in order to duplicate the
service it was providing to them.  But they had been able to access and
analyze Nest thermostats, and learned the language in which it was
blabbing its owners' secrets.

				Bear








-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160417/056cf959/attachment.sig>


More information about the cryptography mailing list