EmbeddedRelated.com
Forums
   Forums    More Forums    comp.arch.embedded  

Encrypting an RS-232 stream

Started by Urs Beeli March 22, 2006
Reply by Peter Jakacki March 22, 20062006-03-22
Hi Urs,
I can't see why our standard RS-232 protocol converter can't be used.
http://www.pbjtech.com/products/index.html#CE0058_RS-232RS-485_PROTOCOL_CONVERTER

This has RS-232 on one side and RS-232/RS-485 on the other. The second 
RS-232 is available off the same DB9 connector. The ARM7 controller has 
plenty of grunt for more secure encryption schemes.

We have customers already that require encryption over serial. If you 
can specify your requirements we can ship these to you with your 
settings preloaded.

*Peter*
www.pbjtech.com
peter@pbjtech.com

Urs Beeli wrote:

> One of our devices is controlled from a PC using the serial
> interface. One of our customers has security concerns as the
> protocol used, though proprietary, is not encrypted.
> 
> As adding encryption to our - dated - device is not a viable
> option, I have gotten the task to find out if we can find
> some third party solution that plugs into the serial stream
> and encrypts/decrypts the data stream with a corresponding
> library to do the same on the PC.
> 
> Something along those lines:
> 
>  +--------+                 +--------------------------+
>  | device +-- rs232 open ---+ third party en/decryptor |
>  +--------+                 +-----------+--------------+
>                                         |
>                                         |
>                                   rs232 encrypted
>                                         |
>                                         |
>                                         |
>             +-------------+-------+-----+-----------+
>             |             |       |  en/decryption  |
>             |    PC       |       |  library        |
>             |             |       +-----------------+
>             |             |                         |
>             |             |   original app          |
>             |             |                         |
>             +-------------+-------------------------+
> 
> Does anyone know of a product that offers this? I have
> found a number of "port servers" with rs-232 on one side
> and TCP/IP on the other side but we need rs-232 on both
> sides.
> 
> I would appreciate any pointers.
> 
> Cheers
> Urs
>
Reply by Andrew Reilly March 22, 20062006-03-22
On Wed, 22 Mar 2006 15:32:47 +0000, Urs Beeli wrote:


> One of our devices is controlled from a PC using the serial
> interface. One of our customers has security concerns as the
> protocol used, though proprietary, is not encrypted.
> 
> As adding encryption to our - dated - device is not a viable
> option, I have gotten the task to find out if we can find
> some third party solution that plugs into the serial stream
> and encrypts/decrypts the data stream with a corresponding
> library to do the same on the PC.


One of the amusing characteristics of RS-232 communication systems is that
since they're bi-directional and byte-oriented, even though the ultimate
bit-rate is not terribly high, by today's standards, the protocol-level
latency demands can be *very* high, compared to internet-oriented packet
protocols.  I don't suppose that your device has any particular gotchas,
there?

The other (related) thing to consider is that most of the good encryption
protocols are block based, operating on 64 bits (8 bytes) or more at a
time.  If your protocol is byte-based, then you might have to work out
some padding tricks, to make sure that individual bytes get through on
time.  This is generally handled by the packetizers in network terminal
servers, but it's something that you'll have to think about, if you want
to roll your own solution.

[snip diagram]

> 
> Does anyone know of a product that offers this? I have
> found a number of "port servers" with rs-232 on one side
> and TCP/IP on the other side but we need rs-232 on both
> sides.


You seem to be prepared to hack up the PC-side application to suit the
solution.  If you can't switch to ethernet because you have an installed
run of RS-232 cable, could you go as far as running a PPP link over your
RS-232 cable?  That way you could use common off the shelf crypto
libraries/protocols, like SSL or SSH.


> 
> I would appreciate any pointers.


I think that a fairly simple mostly off-the-shelf solution could be:

0) Get a Linux/BSD box (quite small ones can be had, like gumstix or one
of the little VIA Mini-ITX PC motherboards).  Make at least one
interactive (shell) user account on it.

1) Set it up to boot up with a PPP server running on one COM port and plug
another com port into your device.

2) Put a PPP client on the PC, and have it "dial" the new box over the
main RS-232 link.  Verify a working IP connection to the new box.

3) issue the command "ssh new-box cu -n -s 38400 -l /dev/tty00" (seasoned
to taste), and bingo: you've got an encrypted terminal session talking to
the original serial port on your device.  Use public keys to avoid the
log-in dialog.

4) use popen("ssh new-box cu -n -s 38400 -l /dev/tty00", "r+") in your
application to give you a file descriptor open to read/write your device.

That should all pretty much "just work", for the cost of an embedded
system with two serial ports and a Linux or BSD installation, with no
actual coding, provided that the time-outs that the ssh session uses to
block up small packets doesn't interfere with your proprietary serial
protocol.

Neat, huh?

-- 
Andrew
Reply by Jim Nagy March 22, 20062006-03-22
> 
> >On Wed, 22 Mar 2006 09:57:56 -0500 CBFalconer wrote:
> >>  Urs Beeli wrote:
> >> > 
> >> > One of our devices is controlled from a PC using the serial
> >> > interface. One of our customers has security concerns as the
> >> > protocol used, though proprietary, is not encrypted.
> >> >


Have you seen the SEL 3021 by Schweitzer Engineering? They make some
pretty good devices for the power electricity market:

http://www.selinc.com/sel-3021.htm

It says US$540 ea.

-- 
Jim Nagy
Elm Electronics
Reply by Urs Beeli March 23, 20062006-03-23
On Wed, 22 Mar 2006 14:32:47 +0000 (UTC) Urs Beeli wrote:


>  One of our devices is controlled from a PC using the serial
>  interface. One of our customers has security concerns as the
>  protocol used, though proprietary, is not encrypted.
> 
>  As adding encryption to our - dated - device is not a viable
>  option, I have gotten the task to find out if we can find
>  some third party solution that plugs into the serial stream
>  and encrypts/decrypts the data stream with a corresponding
>  library to do the same on the PC.
> 
>  Does anyone know of a product that offers this? I have
>  found a number of "port servers" with rs-232 on one side
>  and TCP/IP on the other side but we need rs-232 on both
>  sides.


Thanks for all the many answers. I'll try to answer some of the
suggestions in this one posting instead of following up each of
them.

- terminal server based solutions
  this seems to be the most common solutions available, i found
  quite a number of those. however, as we have rs232 cable runs
  installed I don't see this as an option

- various ideas on how to "roll our own" are noted and would
  probably be feasible. however, if we decided to do this
  ourselves, we might as well integrate it into our own devices.
  as we are tight on resources and our management would prefer
  a "buy" solution I don't think we'll continue along this path.
  still, thanks for all the ideas

- researching the net and from your suggestions I have put
  together the following list of potential devices:

    Simrex SimCrypt
    http://www.simrex.com/site/products/special.htm

    SEQUI EncryptorPak
    http://www.sequi.com/SEQUI_Products.htm

    DCB SE-660 Serial Data Encrypter
    http://www.dcbnet.com/datasheet/se6600ds.html?overtureencryptor&OVRAW=rs232%20encryption&OVKEY=rs232%20encryption&OVMTC=standard

    Selinc SEL-3021
    http://www.selinc.com/sel-3021.htm

    CE0058 RS-232/RS-485 PROTOCOL CONVERTER
    http://www.pbjtech.com/products/index.html#CE0058_RS-232RS-485_PROTOCOL_CONVERTER

    RS-232 to RS-232 adapter
    http://www.wrenchman.com/products.htm

Thank you for all your input, we will have a look at these devices and
see which one fits our needs best.

Cheers
/urs
-- 
"Change is inevitable, except from a vending machine."
 -- Urs Beeli, <usenet@CONCAT_MY_FIRST_AND_LAST_NAME.ch>
Reply by Peter March 23, 20062006-03-23
"Urs Beeli" <usenet@CONCAT_MY_FIRST_AND_LAST_NAME.ch> wrote in message 
news:slrne22tl9.7np.usenet@stinky.trash.net...

> On Wed, 22 Mar 2006 09:57:56 -0500 CBFalconer wrote:
>>  Urs Beeli wrote:
>> >
>> > One of our devices is controlled from a PC using the serial
>> > interface. One of our customers has security concerns as the
>> > protocol used, though proprietary, is not encrypted.
>> >

We had a client who wanted security. Instead of encrypting the data we used 
fibre optic links as those are much more difficult to break into.

Peter
You might also like... (promoted content)
New Research Report: The State of IoT Software Development
New Research Report: The State of IoT Software Development
New Research Report: The State of IoT Software Development
Check out Memfault's New Sandbox!
Check out Memfault's New Sandbox!
Check out Memfault's New Sandbox!