A SoC or Raspberry PI would triple/quadruple the BOM cost for the circuit
Weird that such a common interface/protocol is still not mainstream good quality open source available
For small microcontrollers, which were never a target for the protocols in question.
QuoteA SoC or Raspberry PI would triple/quadruple the BOM cost for the circuitAre you sure? It looks like you can still get Model B+ Pis for under $30, and It would be "challenging" to put together a cpu+wiznet+magnetics+connectors for less than $10...
single source module.
Using Linux or the Linux TCP/IP stack isn't an option on a microcontroller. There are not enough resources on a microcontroller to run that software. Besides that the Linux kernel source code is a complete mess so getting the TCP/IP stack out in one piece will be a large amount of work.
Unsecured IoT communication is a big no-no since one router breach and you are screwed.
Unsecured IoT communication is a big no-no since one router breach and you are screwed.Explain how exactly...
Security is more than pouring some encryption over a solution and be done with it. As a rule of thumb: a system should remain secure (=detect fraud) when the encryption is broken. Security stands on 3 pillars: Authorisation, Authentification and Accounting; encryption isn't even mentioned specifically.
There are a few microcontrollers with a crypto module, with AES and DES. Such as STM32F7.
And remember that Ethernet =/= Internet. There are a few advantages of Ethernet, such as speed, solid hardware and cheap cabling.
Unsecured IoT communication is a big no-no since one router breach and you are screwed.Explain how exactly...
Security is more than pouring some encryption over a solution and be done with it. As a rule of thumb: a system should remain secure (=detect fraud) when the encryption is broken. Security stands on 3 pillars: Authorisation, Authentification and Accounting; encryption isn't even mentioned specifically.
For example if Alice have an IoT capable room heater that is not properly secured. Mallory, walking by her apartment with his smartphone, can breach her Wi-Fi security (the router breach I am talking about), and then command the heater turn on full power if the heater is not properly secured. This will at least turn Alice's room into a sauna and take a huge chunk out of her electricity bill when she is back, or even set her room on fire. This is a double Authentication breach.
Or for some Internet-accessible IoT gadgets like Philips Hue, Mallory can spread a malware that detects the presence of such a gadget into Alice's laptop (thus bypassing the router which is also a firewall, effectively breaching it) and put on a freaky light show and scare the living s**t out of Alice in the least expected hour of day.
Unsecured IoT communication is a big no-no since one router breach and you are screwed.Explain how exactly...
Security is more than pouring some encryption over a solution and be done with it. As a rule of thumb: a system should remain secure (=detect fraud) when the encryption is broken. Security stands on 3 pillars: Authorisation, Authentification and Accounting; encryption isn't even mentioned specifically.
For example if Alice have an IoT capable room heater that is not properly secured. Mallory, walking by her apartment with his smartphone, can breach her Wi-Fi security (the router breach I am talking about), and then command the heater turn on full power if the heater is not properly secured. This will at least turn Alice's room into a sauna and take a huge chunk out of her electricity bill when she is back, or even set her room on fire. This is a double Authentication breach.
Or for some Internet-accessible IoT gadgets like Philips Hue, Mallory can spread a malware that detects the presence of such a gadget into Alice's laptop (thus bypassing the router which is also a firewall, effectively breaching it) and put on a freaky light show and scare the living s**t out of Alice in the least expected hour of day.Now explain how this cannot happen when running Linux in the device.
Linux's network stack is a lot better tested than whatever you can roll for yourself or used in chips like W5200 and friends - it is used in 95% of all servers worldwide
Linux-based platform have easier to use, well tested security software like OpenSSL or OpenSwan
For example if Alice have an IoT capable room heater that is not properly secured. Mallory, walking by her apartment with his smartphone, can breach her Wi-Fi security (the router breach I am talking about), and then command the heater turn on full power if the heater is not properly secured. This will at least turn Alice's room into a sauna and take a huge chunk out of her electricity bill when she is back, or even set her room on fire. This is a double Authentication breach.
Or for some Internet-accessible IoT gadgets like Philips Hue, Mallory can spread a malware that detects the presence of such a gadget into Alice's laptop (thus bypassing the router which is also a firewall, effectively breaching it) and put on a freaky light show and scare the living s**t out of Alice in the least expected hour of day.
An encrypted path between an IoT device and a host can be achieved using a crypto engine in a microcontroller and at the 'other side' with much less chance of configuring it wrong or leaving other holes open. SSL is intended to connect securely between random hosts/devices. An IoT device in general does not do that; it usually is paired with one or more 'hosts' and does not have a user(interface) to supply credentials. All in all the security model is entirely different. The key problem with an IoT device is authentification. How can a host be sure it is talking to the right device and how can the IoT device be sure it is talking to the right host?
For example if Alice have an IoT capable room heater that is not properly secured. Mallory, walking by her apartment with his smartphone, can breach her Wi-Fi security (the router breach I am talking about), and then command the heater turn on full power if the heater is not properly secured. This will at least turn Alice's room into a sauna and take a huge chunk out of her electricity bill when she is back, or even set her room on fire. This is a double Authentication breach.
Or for some Internet-accessible IoT gadgets like Philips Hue, Mallory can spread a malware that detects the presence of such a gadget into Alice's laptop (thus bypassing the router which is also a firewall, effectively breaching it) and put on a freaky light show and scare the living s**t out of Alice in the least expected hour of day.
In both your examples, the real security failure wasn't in the IOT device at all, but something else (the Wi-Fi router, laptop, or user for misconfiguring security on those devices).
I'm no security expert, but out of curiosity I searched and found examples of low-end MCUs running RSA and AES-128. Probably not fast, but an IOT device is not going to be transferring megabytes per second. I agree that if you roll your own, it's likely to be flawed, but that's not so bad if it's a secondary security method - because then it requires successful exploit of two different flaws, rather than just one. (Whereas with a router and IOT device both running Linux, and going without updates for years as is common for embedded devices, the likelihood of discovery of a a single flaw that works for both increases; especially with complex security methods. I wonder how many embedded Linux devices are still susceptible to Heartbleed?)
But honestly, if someone has breached my Wi-Fi or laptop, a scary but harmless light show would be the least of my worries. In fact it would be a welcome notification. I say leave the lights unprotected, let them function as a honeypot.
A heater is a more serious matter. But starting a fire? No heater should be capable of setting the room on fire, simply by commanding it to, period. Sane thermostatic limits should be built-in, hardwired, and functioning independently of the MCU.
You choose OpenSSL as an example of well tested, secure software? Bwaaahahhahah.
Way to often you find an alarm system with a web interface using the default password.
They'll tell you it's safe because nobody can access the network.... Right... But what if an employee turn rogue?QuoteYou choose OpenSSL as an example of well tested, secure software? Bwaaahahhahah.You say that, but because it is used widely they did find the bug. Which might not be the case with a proprietary implementation.
The bug might live for years before someone starts exploiting it, and then it's too late.
The claim that OpenSSL is more safe because it is open source was a bit debunked IMO by the latest bug finds, they were introduced couple of years ago and nobody checked it or found it.
I second Nico, if you have a constrained device that only needs to communicate with a single or very restricted set of other constrained devices , you can implement a symmetric (PSK) key based security layer IF you know what you are doing (so stay close to the known security implementations/standards).
This means setting up sessions using good randoms on both sides and key derivation of the PSK, aka "known partners design patterns".
Using TLS is only valid if you need (open) access to a larger audience, even unknown third parties that you need to identify based on their certificate.
That automatically involves public key cryptography which uses lots of RAM due to the large keys (yes even with ECC it takes up a lot of RAM and cycles).
Using OpenSSL even with a supersmall ciphersuite like AES-CCM8 takes over 30kB flash and 10kB of RAM which can be reduced but takes up lots of time and again you exactly need to know what you are doing or you can introduce weaknesses.
So it all depends on the implementation/usage of the device if OpenSSL for instance makes sense or is just overkill.
The claim that OpenSSL is more safe because it is open source was a bit debunked IMO by the latest bug finds, they were introduced couple of years ago and nobody checked it or found it. It was introduced to the fault of 1 programmer, so there is no good review in place or testing or other kind of checks and balances. Because it is open source and used in a lot of systems you can be sure that hackers and government agencies are checking this code also and if they find something they are not going to share it.
I should link this. It is very important that you never apply this kind of security. Even tough it's tempting to use in embedded systems.
https://en.wikipedia.org/wiki/Security_through_obscurity