On Fri, 09 Mar 2012 21:13:45 +0100, Hans-Bernhard Bröker wrote:> On 09.03.2012 01:14, Tim Wescott wrote: > >> I want to build some security into a product that uses a pair of >> controllers communicating by RS-232. I'd like the "slave" controller >> to require the "master" controller to perform some sort of validation >> before the slave will respond with any but the most basic of keep-alive >> messages. > > I don't think that makes sense. What's the point of "protecting" the > connection if the only thing an attacker would need is to sniff into the > link _after_ it's been authenticated? > > Just about the bare minimum level of security worth having would require > > 1) some half-decent crypto and robust (P)RNG to authenticate endpoints > 2) based on 1), generate and exchange random keys for the main data > transfer 3) using the keys from 2), encrypt _all_ sensitive data using a > cypher focussed on throughput (a "stream cypher") 4) for long-running > connections, go back to 2) or even 1) every once in a while > > Serious choices would be RSA or DH for 1), DES or AES for 3) > > If you want to keep it simple, MD5 for 1), XOR for 3)The point isn't to prevent unauthorized knowledge of the messages being passed: the point is to prevent unauthorized use of parts of the system that are not connected to the whole. -- My liberal friends think I'm a conservative kook. My conservative friends think I'm a liberal kook. Why am I not happy that they have found common ground? Tim Wescott, Communications, Control, Circuits & Software http://www.wescottdesign.com
Cryptography: serial-link validation
Started by ●March 8, 2012
Reply by ●March 9, 20122012-03-09
Reply by ●March 9, 20122012-03-09
On Fri, 09 Mar 2012 13:24:31 -0600, Tim Wescott <tim@seemywebsite.please> wrote:>On Fri, 09 Mar 2012 10:50:51 +0100, Arlet Ottens wrote: > >> On 03/09/2012 10:04 AM, David Brown wrote: >> >>> The slave picks a random number, and sends it to the master. The master >>> applies an encryption function, then sends the encrypted version back. >>> The slave does the same encryption itself, and compares. >>> >>> For the encryption function, I'd recommend a CRC. You probably already >>> have a CRC in the code somewhere anyway, they are easy to code, and >>> they are very good at "messing up" numbers, so that it is practically >>> impossible to predict the patterns. Your encryption function is just a >>> CRC of the random number, the shared key, and some salt (a fixed value >>> shared by all your systems). >> >> A CRC is cryptographically very weak, because CRC(A XOR B) = CRC(A) XOR >> CRC(B). It's probably good enough for the casual hacker, but it won't >> stop anybody serious.. >> >> I'd recommend using XXTEA instead. See >> http://en.wikipedia.org/wiki/XXTEA It's very easy to implement, while >> providing a good level of security. > >I had considered CRC, and it's probably good enough -- but if I can >implement something better easily, I will. >The XXTEA site linked has example code, which isn't very complicated, so that might help. This is a huge field of study, so there are all kinds of approaches depending on the desired complexity and level of security. Some searches on "cryptographic authentication protocols" or "nonce authentication" might give you a reasonable survey of what's out there. Like Clay mentioned, you can use some pretty powerful stuff without too massive of a development effort. There is open source code for some of the more common powerful methods. It's often just a complexity tradeoff. Eric Jacobsen Anchor Hill Communications www.anchorhill.com
Reply by ●March 10, 20122012-03-10
On 3/9/2012 12:55 PM, clay@claysturner.com wrote:> On Thursday, March 8, 2012 7:14:00 PM UTC-5, Tim Wescott wrote: >> I'm not even sure of the correct term to use. >> >> I want to build some security into a product that uses a pair of >> controllers communicating by RS-232. I'd like the "slave" controller to >> require the "master" controller to perform some sort of validation before >> the slave will respond with any but the most basic of keep-alive messages. >> >> This whole thing doesn't need to be perfect: it just needs to discourage >> all but the serious hackers from breaking into the link. >> >> I'm pretty sure that the best way to do this is to have the slave send a >> challenge to the master, and only open up if it gets the correct response. >> >> What's the right place to go to find a good method, or do you have any >> suggestions? >> >> -- >> My liberal friends think I'm a conservative kook. >> My conservative friends think I'm a liberal kook. >> Why am I not happy that they have found common ground? >> >> Tim Wescott, Communications, Control, Circuits& Software >> http://www.wescottdesign.com > > Hello Tim, > > I've actually done this with a serial dongle I designed. I implemented RSA in a pic. You can verify the dongle is there by sending over some random numbers encrypted with your half of the key and the dongle decodes with his half of the key and sends it back to you to verify against the original random numbers you picked. Likewise the dongle verifies you by a similar action where it picks random numbers and sends them to you encrypted and you have to decrypt them and send them back. > The number crunching takes a few seconds, but it is quite secure if you pick large keys.Does a potential snooper's having access to both the encoded and clear messages give him a leg up in deducing the keys? Jerry -- Engineering is the art of making what you want from things you can get. �����������������������������������������������������������������������
Reply by ●March 10, 20122012-03-10
On Saturday, March 10, 2012 11:24:55 AM UTC-5, Jerry Avins wrote:> On 3/9/2012 12:55 PM, clay@claysturner.com wrote: > > On Thursday, March 8, 2012 7:14:00 PM UTC-5, Tim Wescott wrote: > >> I'm not even sure of the correct term to use. > >> > >> I want to build some security into a product that uses a pair of > >> controllers communicating by RS-232. I'd like the "slave" controller =to> >> require the "master" controller to perform some sort of validation bef=ore> >> the slave will respond with any but the most basic of keep-alive messa=ges.> >> > >> This whole thing doesn't need to be perfect: it just needs to discoura=ge> >> all but the serious hackers from breaking into the link. > >> > >> I'm pretty sure that the best way to do this is to have the slave send=a> >> challenge to the master, and only open up if it gets the correct respo=nse.> >> > >> What's the right place to go to find a good method, or do you have any > >> suggestions? > >> > >> -- > >> My liberal friends think I'm a conservative kook. > >> My conservative friends think I'm a liberal kook. > >> Why am I not happy that they have found common ground? > >> > >> Tim Wescott, Communications, Control, Circuits& Software > >> http://www.wescottdesign.com > > > > Hello Tim, > > > > I've actually done this with a serial dongle I designed. I implemented =RSA in a pic. You can verify the dongle is there by sending over some rando= m numbers encrypted with your half of the key and the dongle decodes with h= is half of the key and sends it back to you to verify against the original = random numbers you picked. Likewise the dongle verifies you by a similar ac= tion where it picks random numbers and sends them to you encrypted and you = have to decrypt them and send them back.> > The number crunching takes a few seconds, but it is quite secure if you=pick large keys.>=20 > Does a potential snooper's having access to both the encoded and clear=20 > messages give him a leg up in deducing the keys? >=20Often yes, but that's why I used a known tough to beat public key algo. If = you use large keys i.e., 128 bytes or more, the eavesdropper won't be able = to observe enough messages to figure out the keys or make a planetext to cy= phertext map.=20 I wrote the modular exponetiation code with Montgomery reduction is less th= an 100 lines of "C." So this is not difficult to implement. Often one uses a secure algo like RSA to exchange keys for some other algo = that runs faster like AES. But just to verify some hardware is present, who= cares if the process takes 5 seconds. And there is always TES and its deri= vatives. You don't have to check on the hardware being there very often. Pl= us RSA uses assymetrical keys and AES is symmetrical. Clay
Reply by ●March 10, 20122012-03-10
On 3/10/2012 5:50 PM, clay@claysturner.com wrote:> On Saturday, March 10, 2012 11:24:55 AM UTC-5, Jerry Avins wrote: >> On 3/9/2012 12:55 PM, clay@claysturner.com wrote:...>>> I've actually done this with a serial dongle I designed. I implemented RSA in a pic. You can verify the dongle is there by sending over some random numbers encrypted with your half of the key and the dongle decodes with his half of the key and sends it back to you to verify against the original random numbers you picked. Likewise the dongle verifies you by a similar action where it picks random numbers and sends them to you encrypted and you have to decrypt them and send them back. >>> The number crunching takes a few seconds, but it is quite secure if you pick large keys. >> >> Does a potential snooper's having access to both the encoded and clear >> messages give him a leg up in deducing the keys? >> > > Often yes, but that's why I used a known tough to beat public key algo. If you use large keys i.e., 128 bytes or more, the eavesdropper won't be able to observe enough messages to figure out the keys or make a planetext to cyphertext map. > > I wrote the modular exponetiation code with Montgomery reduction is less than 100 lines of "C." So this is not difficult to implement. > > Often one uses a secure algo like RSA to exchange keys for some other algo that runs faster like AES. But just to verify some hardware is present, who cares if the process takes 5 seconds. And there is always TES and its derivatives. You don't have to check on the hardware being there very often. Plus RSA uses assymetrical keys and AES is symmetrical.That makes sense with something like RSA, but it would seem to be too insecure for a checksum or maybe even XXTEA. With all the suggestions bruited around, what techniques they are suited to needs to be made explicit. Jerry -- Engineering is the art of making what you want from things you can get. �����������������������������������������������������������������������
Reply by ●March 11, 20122012-03-11
On Sat, 10 Mar 2012 22:33:36 -0500, Jerry Avins <jya@ieee.org> wrote:>On 3/10/2012 5:50 PM, clay@claysturner.com wrote: >> On Saturday, March 10, 2012 11:24:55 AM UTC-5, Jerry Avins wrote: >>> On 3/9/2012 12:55 PM, clay@claysturner.com wrote: > > ... > >>>> I've actually done this with a serial dongle I designed. I implemented RSA in a pic. You can verify the dongle is there by sending over some random numbers encrypted with your half of the key and the dongle decodes with his half of the key and sends it back to you to verify against the original random numbers you picked. Likewise the dongle verifies you by a similar action where it picks random numbers and sends them to you encrypted and you have to decrypt them and send them back. >>>> The number crunching takes a few seconds, but it is quite secure if you pick large keys. >>> >>> Does a potential snooper's having access to both the encoded and clear >>> messages give him a leg up in deducing the keys? >>> >> >> Often yes, but that's why I used a known tough to beat public key algo. If you use large keys i.e., 128 bytes or more, the eavesdropper won't be able to observe enough messages to figure out the keys or make a planetext to cyphertext map. >> >> I wrote the modular exponetiation code with Montgomery reduction is less than 100 lines of "C." So this is not difficult to implement. >> >> Often one uses a secure algo like RSA to exchange keys for some other algo that runs faster like AES. But just to verify some hardware is present, who cares if the process takes 5 seconds. And there is always TES and its derivatives. You don't have to check on the hardware being there very often. Plus RSA uses assymetrical keys and AES is symmetrical. > >That makes sense with something like RSA, but it would seem to be too >insecure for a checksum or maybe even XXTEA. With all the suggestions >bruited around, what techniques they are suited to needs to be made >explicit. > >JerryGiven that this is for Tim I think this is one of those cases where the OP is competent enough to make a determination on their own. Plus he's already said he doesn't need a high level of security. Secure authentication is a pretty broad topic and anybody who needs to implement something serious is not going to be able to do so solely on the basis of internet advice. Eric Jacobsen Anchor Hill Communications www.anchorhill.com
Reply by ●March 11, 20122012-03-11
On Sun, 11 Mar 2012 16:02:06 +0000, Eric Jacobsen wrote:> On Sat, 10 Mar 2012 22:33:36 -0500, Jerry Avins <jya@ieee.org> wrote: > >>On 3/10/2012 5:50 PM, clay@claysturner.com wrote: >>> On Saturday, March 10, 2012 11:24:55 AM UTC-5, Jerry Avins wrote: >>>> On 3/9/2012 12:55 PM, clay@claysturner.com wrote: >> >> ... >> >>>>> I've actually done this with a serial dongle I designed. I >>>>> implemented RSA in a pic. You can verify the dongle is there by >>>>> sending over some random numbers encrypted with your half of the key >>>>> and the dongle decodes with his half of the key and sends it back to >>>>> you to verify against the original random numbers you picked. >>>>> Likewise the dongle verifies you by a similar action where it picks >>>>> random numbers and sends them to you encrypted and you have to >>>>> decrypt them and send them back. The number crunching takes a few >>>>> seconds, but it is quite secure if you pick large keys. >>>> >>>> Does a potential snooper's having access to both the encoded and >>>> clear messages give him a leg up in deducing the keys? >>>> >>>> >>> Often yes, but that's why I used a known tough to beat public key >>> algo. If you use large keys i.e., 128 bytes or more, the eavesdropper >>> won't be able to observe enough messages to figure out the keys or >>> make a planetext to cyphertext map. >>> >>> I wrote the modular exponetiation code with Montgomery reduction is >>> less than 100 lines of "C." So this is not difficult to implement. >>> >>> Often one uses a secure algo like RSA to exchange keys for some other >>> algo that runs faster like AES. But just to verify some hardware is >>> present, who cares if the process takes 5 seconds. And there is always >>> TES and its derivatives. You don't have to check on the hardware being >>> there very often. Plus RSA uses assymetrical keys and AES is >>> symmetrical. >> >>That makes sense with something like RSA, but it would seem to be too >>insecure for a checksum or maybe even XXTEA. With all the suggestions >>bruited around, what techniques they are suited to needs to be made >>explicit. >> >>Jerry > > Given that this is for Tim I think this is one of those cases where the > OP is competent enough to make a determination on their own.Thank you.> Plus he's > already said he doesn't need a high level of security.About as much as comes with the door lock on a convertible, or a locking leather soft-side briefcase.> Secure authentication is a pretty broad topic and anybody who needs to > implement something serious is not going to be able to do so solely on > the basis of internet advice.Yup. If I really needed security I'd either be hitting the books hard, or I'd be posting a classified for help. -- Tim Wescott Control system and signal processing consulting www.wescottdesign.com
Reply by ●March 22, 20122012-03-22
In article <8qKdnV1hy93V1sTSnZ2dnUVZ_jGdnZ2d@web-ster.com>, tim@seemywebsite.com says...> > I'm not even sure of the correct term to use. > > I want to build some security into a product that uses a pair of > controllers communicating by RS-232. I'd like the "slave" controller to > require the "master" controller to perform some sort of validation before > the slave will respond with any but the most basic of keep-alive messages. > > This whole thing doesn't need to be perfect: it just needs to discourage > all but the serious hackers from breaking into the link. > > I'm pretty sure that the best way to do this is to have the slave send a > challenge to the master, and only open up if it gets the correct response. > > What's the right place to go to find a good method, or do you have any > suggestions?IEC 62351 Unfortunately, IEC standards are not free. -- Saludos. Ignacio G.T.
