Geek Answers Handbook

Simple TCP Authentication and Encryption Methods for the Microcontroller Embedded Device

I developed a simple protocol for exchanging raw TCP socket data to allow easy messaging between some embedded devices. To put everything in context, my built-in device is an electronics box containing a relatively small microcontroller that runs the basic built-in RTOS (which basically provides only task priority and message order) and a TCP / IP stack. The intended use of TCP is

  • Include two or more β€œboxes” for communication with each other over a local network in the same building.
  • Allow the field to exchange data with an external server via the Internet.

Now I have a messaging protocol between my metal boxes, which I am pleased with. The basic procedure for exchanging messages between two blocks is basically:

  • In the field "A", the connection of the socket with "B" is initiated.
  • Block "A" sends a message report or sequence of commands.
  • In the field "B" is the response of the confirmation and / or command.
  • Box 'A' closes the socket.

Now I would like to enable some level of security and authentication. The huge limitation here is that I don't have any OS or an illustrious TCP stack that can provide me with any security features; I just have a simple TCP stack, so I have to implement security measures at the application level and with the limitations of the microcontroller.

The goals that I would like to meet are as follows:

  • Authentication between devices. To do this, I intend to take the following steps:

    • Keep a table of known IP addresses from which connections should be accepted.

    • Each time a socket connection is established, unique identifiers always change first. The number may be a unique serial number for this device and should be known to other devices.

  • Data encryption if packets are somehow intercepted. Presumably I need some kind of encryption algorithm that is not too "expensive" to work on a small microcontroller, which is used in combination with a unique key that is programmed on all devices. One such algorithm that I have seen that looks compact enough to be implemented in my code is TEA (Tiny Encryption Algorithm).

I would really appreciate any advice or pointers.

+4
source share
2 answers

Tea looks pretty simple and is likely to do what you need.

I added a tea example for my thumbulator project on github (thumbnail simulator, loading cortex-m3 style).

thumb compilation with -O2 or similar optimization:

arm-none-linux-gnueabi-gcc (Sourcery g ++ Lite 2011.03-41) 4.5.2 encrypt 136 bytes decrypt 128 bytes

llvm 29 encrypt 92 bytes decrypt 96 bytes

compilation for a common hand ...

gnu encrypts 188 bytes, decrypts 184 bytes llvm encrypts 112 bytes, decrypts 116 bytes

For authentication, is there a single link between the ip address table and the number of devices? Basically, should a device have more than one unique identifier? Do you want the other side to connect to the embedded system to enter the system in some form or in fashion? Or do you manage binary files / code at both ends, and there are no users or no choice of devices (programs know what to do), etc.? If each device has a known IP address, this IP address can be the key to encryption (plus other bytes that are common to everyone or received in some way that everyone knows). If the incoming connection is 1) not from the approved list 2) the encryption fails when the built-in key based on the ip address does not work, and then rejects the connection.

Your safety can go so far if you need something really reliable, you probably need more horsepower in the embedded system, and then implement one of the usual / standard systems like ssl.

+2
source

Check out MatrixSSL - they boast tiny sizes and built-in capabilities. This is much better than inventing SSL / TLS yourself (which is what you end up doing).

+3
source

More articles:


All Articles