[Cryptography] PAKE for embedded device (<64K RAM)?

Andrew P. Lentvorski bsder at allcaps.org
Mon Feb 27 14:36:25 EST 2017 

On 2/27/17 8:07 AM, Ron Garret wrote:
> First, in your subject line you mention that your device has <64k RAM. 
> That is very unlikely to be your limiting factor. 64k RAM is plenty to 
> implement just about any crypto algorithm and protocol (except, 
> obviously, memory-hard password hashes, but those are trivially 
> avoided simply by not using them). 
I'm not sure I buy this completely.  Things like SRP require a not 
insignificant chunk of OpenSSL, and that takes up a pretty big chunk of 
a 256K ROM/64K RAM device.  None of the embedded crypto stacks seem to 
implement SRP.
> Second, it’s impossible to answer your question without a more detailed description of the application and the threat model.  Who is your adversary and what are their powers and motives?
Motivated active hacker, but not necessarily state level threat actors.  
Bunnie Huang, not NSA.  :)  So, capable of dumping a ROM to get keys, 
possibly decapping a chip while destroying it, getting a discarded 
device from the trash with which to create correct keys in the middle.
>   Do you need to protect against DOS attacks?
No, not particularly.  We have rate limiting that should prevent DoS 
from originating.  Receiving will simply shut down when on a battery 
powered device.  It is more important that attackers not be able to 
command the device than the user have access.  Think lighting--you 
probably don't command the device all that often--so it's more likely 
that you won't even notice a DoS attack as long as you aren't 
originating.  In addition, there are so many ways to DoS BLE that 
defending against yet one more doesn't make a lot of sense.
> Impersonation attacks?  With or without physical proximity?
Yes and yes.  We are assuming that someone can pick up a discarded chip 
and carry on two valid conversations while sitting in the middle.  BLE 
requires some level of physical proximity, and we dial the power back.  
But we're being careful.  We'd like not to wind up in the newspapers for 
being the next big botnet...
> Do you really mean PAKE and not just AKE?  (Embedded devices generally do not have the kind of UI that would let a user enter a password.)
We do have the ability to enter a pin code.

-a

More information about the cryptography mailing list