Hi All, Background: I have worked on embedded systems where security or encryption were never used.I just have some text book knowledge about encryption/ decryption and nothing more.So you can assume I am a newbie in this matter. Problem: Currently am planning to implement a kind of simple model as below: -A value is stored in non-volatile part of memory say a "Counter" -After a certain task or incident, the above "Counter" value is decreased and stored back into memory(may not be the same memory as "Counter") -At the Boot-up time, Boot-loader checks the value in "Counter" and if its less than a certain number, prints out an error message through serial port etc I am using a low end 8/16 bit micro-controller and code/data memory IS a constraint. I am not mentioning much about my system as I would like a very generic explanation. Also would like to look at as many different ways of doing it as possible. What is the best way to implement the above design where CPU cycles and memory usage matter a lot? Of-course I would be using an encryption/decryption mechanism and would like to know any design patterns for this kind of model as I think its a quiet common requirement. Could anybody please point me to any reading materials on this as most of my Google search leads me to Encrypted data for USB flash or something similar. P.S.:Sorry for my poor English Regards Aj
First step into Secure Embedded system
Started by ●October 21, 2009
Reply by ●October 22, 20092009-10-22
ajaybgr wrote:> Hi All, > > Background: > I have worked on embedded systems where security or encryption were > never used.I just have some text book knowledge about encryption/ > decryption and nothing more.So you can assume I am a newbie in this > matter. > > > Problem: > Currently am planning to implement a kind of simple model as below: > -A value is stored in non-volatile part of memory say a "Counter" > -After a certain task or incident, the above "Counter" value is > decreased and stored back into memory(may not be the same memory as > "Counter") > -At the Boot-up time, Boot-loader checks the value in "Counter" and if > its less than a certain number, prints out an error message through > serial port etc > > I am using a low end 8/16 bit micro-controller and code/data memory IS > a constraint.Implementing a non-volatile counter as you described appears straight-forward. You haven't mentioned the essence of your problem. I could make guesses, but it would be easier if you tell us. -- Thad
Reply by ●October 22, 20092009-10-22
On Oct 22, 11:08 am, Thad Smith <ThadSm...@acm.org> wrote:> Implementing a non-volatile counter as you described appears > straight-forward. You haven't mentioned the essence of your problem. I > could make guesses, but it would be easier if you tell us. >Hi, Thanks for your reply. Basically what I want to do is : - I have a Main program running on a PIC18(can be any MC) - Apart from that I have another PIC16(can be any MC) with some amount of non-volatile memory. - a variable "Counter" is stored on the non-volatile memory ie PIC16 side Now when the Main program starts up(on PIC18) ,during program bootup,it must read the "Counter" value present on non-volatile memory (This part I can manage with some I2c or Uart). Now depending on the "Counter" value read , the program must either continue or halt. Also a copy of "Counter" must be stored in PIC18(the main MC) Now my question is on:How to implement this mechanism efficiently and what kind of encryption i should use at PIC16 and PIC18 side. Hope this is clear. Regards Aj
Reply by ●October 22, 20092009-10-22
On Thu, 22 Oct 2009 00:38:05 -0700, ajaybgr wrote:> - I have a Main program running on a PIC18(can be any MC) > - Apart from that I have another PIC16(can be any MC) with some amount > of non-volatile memory. > - a variable "Counter" is stored on the non-volatile memory ie PIC16 > sideWhy can't you keep the counter on the main MCU ?
Reply by ●October 22, 20092009-10-22
On 22 Ott, 09:38, ajaybgr <ajay....@gmail.com> wrote:> Now depending on the "Counter" value read , the program must either > continue or halt. > Also a copy of "Counter" must be stored in PIC18(the main MC) > > Now my question is on:How to implement this mechanism efficiently and > what kind of encryption i should use at PIC16 and PIC18 side. > Hope this is clear.not really. Where, why and to do waht do you want to use encryption/decryption? Bye Jack
Reply by ●October 22, 20092009-10-22
In article <0e3a2509-a195-4120-8636- 1e41d49f1aa9@x6g2000prc.googlegroups.com>, ajay.bgr@gmail.com says...> On Oct 22, 11:08 am, Thad Smith <ThadSm...@acm.org> wrote: > > > Implementing a non-volatile counter as you described appears > > straight-forward. You haven't mentioned the essence of your problem. I > > could make guesses, but it would be easier if you tell us. > > > > Hi, Thanks for your reply. > Basically what I want to do is : > - I have a Main program running on a PIC18(can be any MC) > - Apart from that I have another PIC16(can be any MC) with some amount > of non-volatile memory. > - a variable "Counter" is stored on the non-volatile memory ie PIC16 > sideSo what are you Securing against? Secure Embedded can mean many different things from design security to secure against all types of direct and indirect snooping or attack.> Now when the Main program starts up(on PIC18) ,during program > bootup,it must read the "Counter" value present on non-volatile memory > (This part I can manage with some I2c or Uart).So you have a link that could be monitored, cracked or simulated.> Now depending on the "Counter" value read , the program must either > continue or halt. > Also a copy of "Counter" must be stored in PIC18(the main MC)Inside the PIC or on yet another component?> Now my question is on:How to implement this mechanism efficiently and > what kind of encryption i should use at PIC16 and PIC18 side. > Hope this is clear.Depends on so many factors as you still have given no idea what you are securing against. -- Paul Carpenter | paul@pcserviceselectronics.co.uk <http://www.pcserviceselectronics.co.uk/> PC Services <http://www.pcserviceselectronics.co.uk/fonts/> Timing Diagram Font <http://www.gnuh8.org.uk/> GNU H8 - compiler & Renesas H8/H8S/H8 Tiny <http://www.badweb.org.uk/> For those web sites you hate
Reply by ●October 22, 20092009-10-22
In message <0e3a2509-a195-4120-8636-1e41d49f1aa9@x6g2000prc.googlegroups .com>, ajaybgr <ajay.bgr@gmail.com> writes>Now my question is on:How to implement this mechanism efficiently and >what kind of encryption i should use at PIC16 and PIC18 side. >Hope this is clear.Not at all.... why do you need encryption between the two MCU's? The level of the threat determines the level of encryption required. -- \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ \/\/\/\/\ Chris Hills Staffs England /\/\/\/\/ \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Reply by ●October 22, 20092009-10-22
>> - I have a Main program running on a PIC18(can be any MC) >> - Apart from that I have another PIC16(can be any MC) with some amount >> of non-volatile memory. >> - a variable "Counter" is stored on the non-volatile memory ie PIC16 >> side>Why can't you keep the counter on the main MCU ?>> Now my question is on:How to implement this mechanism efficiently and >> what kind of encryption i should use at PIC16 and PIC18 side. >> Hope this is clear.>Depends on so many factors as you still have given no idea what >you are securing against.----->> <<snipped many other valuable comments from various posts>>> Well Thanks for all the above replies. My use of "secure" embedded term is wrong in this context, I guess. Our actual requirement is like controlling/licensing our Devices which are already on the field. For example lets say,one of our device is running at our customer side. The customer has complete control over that device and uses it more times than he has paid us.(Note that Customer hasn't paid us completely for full usage) Now I want to change this model into something like: -A new small device with EEPROM(any pic12/16 will do) is created which contains our License, how long can customer use our product and other proprietary details. I don't want to store these details on our main device due to some other reasons.(more like marketing and distribution reasons) -This new device can be connected to our existing device through uart/ usb etc. (You may say this link can be spoofed-But actually I have taken care of such things and lets assume the link is not traceable nor can be cracked) -When customer pays us full money - we program the smaller device for unlimited usage. ((Well this all sounds more like shareware/trial software,right?! But the problem is our devices are already on the field and hardware cannot be changed drastically-so whatever I can do is through an extra small device and firmware only)) Hope this is clear. So the question arises as below: 1)whats the best way to implement this model on PIC18 like devices 2)Is there anything wrong with my approach - Assume, We are NOT targetting for complete foolproof solution but just to make cracking our device more difficult. 3)Is there any better way to achieve what I am trying to do? Any other thoughts and references/pointers are appreciated. Regards Aj
Reply by ●October 23, 20092009-10-23
ajaybgr wrote:>>> - I have a Main program running on a PIC18(can be any MC) >>> - Apart from that I have another PIC16(can be any MC) with some amount >>> of non-volatile memory. >>> - a variable "Counter" is stored on the non-volatile memory ie PIC16 >>> side> Now I want to change this model into something like: > -A new small device with EEPROM(any pic12/16 will do) is created which > contains our License, how long can customer use our product and other > proprietary details. > I don't want to store these details on our main device due to some > other reasons.(more like marketing and distribution reasons) > > -This new device can be connected to our existing device through uart/ > usb etc. (You may say this link can be spoofed-But actually I have > taken care of such things and lets assume the link is not traceable > nor can be cracked)I don't know what you mean by traceable. I assume by your statement that you are encrypting traffic and have a link protocol preventing playback attack, which is probably your main concern. With such a protocol you should be able to send a command to the license processor to read the counter and receive a response with the counter value, all protected by your protocol. Now, since you have a secure communication link, what's the problem? -- Thad
Reply by ●October 23, 20092009-10-23
On Oct 23, 11:51=A0am, Thad Smith <ThadSm...@acm.org> wrote:> ajaybgr wrote: > >>> - I have a Main program running on a PIC18(can be any MC) > >>> - Apart from that I have another PIC16(can be any MC) with some amoun=t> >>> of non-volatile memory. > >>> - a variable "Counter" is stored on the non-volatile memory ie PIC16 > >>> side > > Now I want to change this model into something like: > > -A new small device with EEPROM(any pic12/16 will do) is created which > > contains our License, how long can customer use our product and other > > proprietary details. > > I don't want to store these details on our main device due to some > > other reasons.(more like marketing and distribution reasons) > > > -This new device can be connected to our existing device through uart/ > > usb etc. (You may say this link can be spoofed-But actually I have > > taken care of such things and lets assume the link is not traceable > > nor can be cracked) > > I don't know what you mean by traceable. =A0I assume by your statement > that you are encrypting traffic and have a link protocol preventing > playback attack, which is probably your main concern. =A0With such a > protocol you should be able to send a command to the license processor > to read the counter and receive a response with the counter value, all > protected by your protocol. =A0Now, since you have a secure communication > link, what's the problem? > > --Yeah the communication between main device and License_key device is OK. Note:License_key device =3D> extra small device to be attached to my existing main device containing some proprietary data. Now my concern is what kind of protection I must ensure so that the data in the EEPROM of License_key device is secure. I don't have much experience with these kind of devices so forgive, if my questions are trivial. For example if some one gets hold of my License_key device ,what can I implement to make cracking/modifying the License data more difficult? At the same time it should be easy for ME to modify that data in future. Any good implementation where authentication of License_key device is done by the main device before reading the license key? What I mean is that , License_key of one customer should not be used by another customer.(currently am reading/testing XTEA by Microchip to see whether it fits my need..so if you have any tips on similar lines are welcome) Also I may have to store my License data on my main device sometimes. So is there a way to protect this data from being cracked(just more difficult) either at the Main device or License_key device? Thanks Aj
