STATIC keys on IoT devices & how to use them.
I myself am very interested in seeing IoT take off in my neck of the woods, rural Scotland. Like many, I like the idea of a private conversation when I want. This also goes for reading/sending data to my IoT devices.
I did look at using LoRaWAN for secure communications, the issue here was that they use security via obscurity, this does not work. They leave AES application keys in the wild even when doing an over the air activation. Symmetric keys are no good if you don't protect them.
"Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext."
My solution is simple to switch to Asymmetric to overcome STATIC keys in the wild.
"Asymmetric Encryption is a form of Encryption where keys come in pairs. What one key encrypts, only the other can decrypt. Frequently (but not necessarily), the keys are interchangeable, in the sense that if key A encrypts a message, then B can decrypt it, and if key B encrypts a message, then key A can decrypt it."
By switching to STATIC public keys with asymmetric encryption, we don't care if someone clones the device.
The key will only encode in one direction.
Embedded H/W cryptographic co-processors for signing data.
If a signature or a bi-directional system is required then the end device will require H/W cryptography co-processor. This will allow signature checks and only taking updates from valid users. It also allows the unit to sign the data with its private key.
This way cloning cannot take place without compromising the hardware.
PGP clients.
A good solution would be to get these IoT end nodes to be able to send a PGP-encrypted e-mail just by entering the public key & e-mail address. This way no special hardware or software will have to be written for the receiver.
An example would be a door bell sending a time stamp when it was activated with a ring pattern and then all signed as valid. This would show as a valid signed & encrypted e-mail, plus normal human readable data. If NFC data was also collected at the door then this could be used to allow access to the locked door at the users discretion.
Mark Edgar.
0
replies
STATIC keys on IoT devices & how to use them.
I myself am very interested in seeing IoT take off in my neck of the woods, rural Scotland. Like many, I like the idea of a private conversation when I want. This also goes for reading/sending data to my IoT devices.
I did look at using LoRaWAN for secure communications, the issue here was that they use security via obscurity, this does not work. They leave AES application keys in the wild even when doing an over the air activation. Symmetric keys are no good if you don't protect them.
"Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext."
My solution is simple to switch to Asymmetric to overcome STATIC keys in the wild.
"Asymmetric Encryption is a form of Encryption where keys come in pairs. What one key encrypts, only the other can decrypt. Frequently (but not necessarily), the keys are interchangeable, in the sense that if key A encrypts a message, then B can decrypt it, and if key B encrypts a message, then key A can decrypt it."
By switching to STATIC public keys with asymmetric encryption, we don't care if someone clones the device. The key will only encode in one direction.
Embedded H/W cryptographic co-processors for signing data.
If a signature or a bi-directional system is required then the end device will require H/W cryptography co-processor. This will allow signature checks and only taking updates from valid users. It also allows the unit to sign the data with its private key. This way cloning cannot take place without compromising the hardware.
PGP clients.
A good solution would be to get these IoT end nodes to be able to send a PGP-encrypted e-mail just by entering the public key & e-mail address. This way no special hardware or software will have to be written for the receiver.
An example would be a door bell sending a time stamp when it was activated with a ring pattern and then all signed as valid. This would show as a valid signed & encrypted e-mail, plus normal human readable data. If NFC data was also collected at the door then this could be used to allow access to the locked door at the users discretion.