[Cryptography] Simple IoT sensor encryption ?
Ray Dillinger
bear at sonic.net
Sun Apr 17 15:26:57 EDT 2016
On 04/15/2016 05:55 AM, Henry Baker wrote:
> I'm interested primarily in confidentiality of the sensor data during
> transmission & storage. As I've already said, authenticity will be
> difficult, if not impossible, to assure w/o some type of stored
> secret within the device.
I think the device needs to have a unique identity, but it can get one
easily: It is after all a sensor.
All it requires is that it's manufactured with a charged battery.
Let's say it's a thermostat. Even though it's probably only accurate to
within a tenth of a degree, it's a safe bet that its thermometer has
a resolution of one percent of a degree. So if it keeps making
full-resolution temperature readings every minute, XORing them with its
internal register, and hashing - from the time it leaves the factory to
the time its factory charge runs down, storing the low bits in
nonvolatile memory, then when it gets (re)charged and installed by the
user, it already has a bunch of bits that make it different from all the
other thermostats of its class out there. When the user turns it on for
the first time, these bits are hashed to form the device's unique ID,
which it stores permanently.
Now, assuming you want the device to use a different key every hour
for the anticipated ten years of its installation, you need ~90K keys.
So you hash that unique ID 90K times, remembering the last 24 hashes,
which are your keys for the first day. The following day it derives
24 new keys, by hashing its secret 90K-24 times, again storing the
last 24 hashes to use as keys. Rinse, repeat, and each key is the
hash preimage of the key used the previous hour.
The server knows that the device using the key that is the hash
preimage of one used the previous hour, is the same device. Or
if it hasn't heard from a device in three or four hours, then it'll
be the third or fourth preimage of the last key the server heard.
The server can tell it's the same device, but a spoofer can't derive
the credential to impersonate it without taking that particular
device.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160417/4f6a3bea/attachment.sig>
More information about the cryptography
mailing list