First step into Secure Embedded system

10-23-2009, 09:13 AM

On Oct 23, 11:21*am, ajaybgr <ajay....@gmail.com> wrote:
> On Oct 23, 11:51*am, Thad Smith <ThadSm...@acm.org> wrote:
>
>
>
> > ajaybgr wrote:
> > >>> - I have a Main program running on a PIC18(can be any MC)
> > >>> - Apart from that I have another PIC16(can be any MC) with some amount
> > >>> of non-volatile memory.
> > >>> - a variable "Counter" is stored on the non-volatile memory ie PIC16
> > >>> side
> > > Now I want to change this model into something like:
> > > -A new small device with EEPROM(any pic12/16 will do) is created which
> > > contains our License, how long can customer use our product and other
> > > proprietary details.
> > > I don't want to store these details on our main device due to some
> > > other reasons.(more like marketing and distribution reasons)
>
> > > -This new device can be connected to our existing device through uart/
> > > usb etc. (You may say this link can be spoofed-But actually I have
> > > taken care of such things and lets assume the link is not traceable
> > > nor can be cracked)
>
> > I don't know what you mean by traceable. *I assume by your statement
> > that you are encrypting traffic and have a link protocol preventing
> > playback attack, which is probably your main concern. *With such a
> > protocol you should be able to send a command to the license processor
> > to read the counter and receive a response with the counter value, all
> > protected by your protocol. *Now, since you have a secure communication
> > link, what's the problem?
>
> > --
>
> Yeah the communication between main device and License_key device is
> OK.
> Note:License_key device => extra small device to be attached to my
> existing main device containing some proprietary data.
>
> Now my concern is what kind of protection I must ensure so that the
> data in the EEPROM of License_key device is secure. I don't have much
> experience with these kind of devices so forgive, if my questions are
> trivial.
>
> For example if some one gets hold of my License_key device ,what can I
> implement to make cracking/modifying the License data more difficult?
> At the same time it should be easy for ME to modify that data in
> future.
>
> Any good implementation where authentication of License_key device is
> done by the main device before reading the license key?
> What I mean is that , License_key of one customer should not be used
> by another customer.(currently am reading/testing XTEA *by Microchip
> to see whether it fits my need..so if you have any tips on similar
> lines are welcome)
>
> Also I may have to store my License data on my main device sometimes.
> So is there a way to protect this data from being cracked(just more
> difficult) either at the Main device or License_key device?
>
> Thanks
> Aj- Hide quoted text -
>
> - Show quoted text -

Hi Aj,

do you mean that you plan to add a kind of dongle in your device in
order to fully enable your device functionality?

Regards,
Ivan

10-23-2009, 11:16 AM

On Oct 23, 4:13*pm, chris_ivan <chris.i...@gmail.com> wrote:
> On Oct 23, 11:21*am, ajaybgr <ajay....@gmail.com> wrote:
>
>
>
> > On Oct 23, 11:51*am, Thad Smith <ThadSm...@acm.org> wrote:
>
> > > ajaybgr wrote:
> > > >>> - I have a Main program running on a PIC18(can be any MC)
> > > >>> - Apart from that I have another PIC16(can be any MC) with some amount
> > > >>> of non-volatile memory.
> > > >>> - a variable "Counter" is stored on the non-volatile memory ie PIC16
> > > >>> side
> > > > Now I want to change this model into something like:
> > > > -A new small device with EEPROM(any pic12/16 will do) is created which
> > > > contains our License, how long can customer use our product and other
> > > > proprietary details.
> > > > I don't want to store these details on our main device due to some
> > > > other reasons.(more like marketing and distribution reasons)
>
> > > > -This new device can be connected to our existing device through uart/
> > > > usb etc. (You may say this link can be spoofed-But actually I have
> > > > taken care of such things and lets assume the link is not traceable
> > > > nor can be cracked)
>
> > > I don't know what you mean by traceable. *I assume by your statement
> > > that you are encrypting traffic and have a link protocol preventing
> > > playback attack, which is probably your main concern. *With such a
> > > protocol you should be able to send a command to the license processor
> > > to read the counter and receive a response with the counter value, all
> > > protected by your protocol. *Now, since you have a secure communication
> > > link, what's the problem?
>
> > > --
>
> > Yeah the communication between main device and License_key device is
> > OK.
> > Note:License_key device => extra small device to be attached to my
> > existing main device containing some proprietary data.
>
> > Now my concern is what kind of protection I must ensure so that the
> > data in the EEPROM of License_key device is secure. I don't have much
> > experience with these kind of devices so forgive, if my questions are
> > trivial.
>
> > For example if some one gets hold of my License_key device ,what can I
> > implement to make cracking/modifying the License data more difficult?
> > At the same time it should be easy for ME to modify that data in
> > future.
>
> > Any good implementation where authentication of License_key device is
> > done by the main device before reading the license key?
> > What I mean is that , License_key of one customer should not be used
> > by another customer.(currently am reading/testing XTEA *by Microchip
> > to see whether it fits my need..so if you have any tips on similar
> > lines are welcome)
>
> > Also I may have to store my License data on my main device sometimes.
> > So is there a way to protect this data from being cracked(just more
> > difficult) either at the Main device or License_key device?
>
> > Thanks
> > Aj- Hide quoted text -
>
> > - Show quoted text -
>
> Hi Aj,
>
> do you mean that you plan to add a kind of dongle in your device in
> order to fully enable your device functionality?
>
Yes..(Kind of) . The dongle not only controls device functionality but
also contains licensing details.
Is my approach good? what kind of problems I could face through this
approach?
Are there any better way to achieve my intentions??

Regards
Aj

10-26-2009, 02:36 AM

ajaybgr wrote:
> Yeah the communication between main device and License_key device is
> OK.
> Note:License_key device => extra small device to be attached to my
> existing main device containing some proprietary data.
>
> Now my concern is what kind of protection I must ensure so that the
> data in the EEPROM of License_key device is secure. I don't have much
> experience with these kind of devices so forgive, if my questions are
> trivial.

I assume that the EEPROM is in the microprocessor. Once the processor
is programmed and code and EEPROM protection set, someone cannot read or
program the EEPROM without erasing the microprocessor code or invasively
reading the code with acid, microprobes, etc., which is beyond the
ability of simple potential cheaters. Unless you are protecting a very
high value or are a lure to hackers, this level of attack is not a
significant threat.

> For example if some one gets hold of my License_key device ,what can I
> implement to make cracking/modifying the License data more difficult?
> At the same time it should be easy for ME to modify that data in
> future.

You can always reprogram the dongle or you can establish a secure
connection between the dongle and your dongle programmer (using mutual
authentication based on a shared secret key), then change your license
details.

> Any good implementation where authentication of License_key device is
> done by the main device before reading the license key?
> What I mean is that , License_key of one customer should not be used
> by another customer.(currently am reading/testing XTEA by Microchip
> to see whether it fits my need..so if you have any tips on similar
> lines are welcome)

This simplest thing is have the dongle send the serial number of the
unit being authorized, using your secure link, which the controller
verifies before being operation. You might establish a unique secret
key for each dongle/controller pair. This would prevent a hacker from
invasively reading out your dongle or controller code and keys and
applying that to a different controller, since the other controller
would be using a different key.

--
Thad

10-26-2009, 10:54 AM

On Oct 26, 10:36*am, Thad Smith <ThadSm...@acm.org> wrote:
> ajaybgr wrote:
> > Yeah the communication between main device and License_key device is
> > OK.
> > Note:License_key device => extra small device to be attached to my
> > existing main device containing some proprietary data.
>
> > Now my concern is what kind of protection I must ensure so that the
> > data in the EEPROM of License_key device is secure. I don't have much
> > experience with these kind of devices so forgive, if my questions are
> > trivial.
>
> I assume that the EEPROM is in the microprocessor. *Once the processor
> is programmed and code and EEPROM protection set, someone cannot read or
> program the EEPROM without erasing the microprocessor code or invasively
> reading the code with acid, microprobes, etc., which is beyond the
> ability of simple potential cheaters. *Unless you are protecting a very
> high value or are a lure to hackers, this level of attack is not a
> significant threat.
>
Well thanks Thad,for clarifying this.

> > For example if some one gets hold of my License_key device ,what can I
> > implement to make cracking/modifying the License data more difficult?
> > At the same time it should be easy for ME to modify that data in
> > future.
>
> You can always reprogram the dongle or you can establish a secure
> connection between the dongle and your dongle programmer (using mutual
> authentication based on a shared secret key), then change your license
> details.
>
> > Any good implementation where authentication of License_key device is
> > done by the main device before reading the license key?
> > What I mean is that , License_key of one customer should not be used
> > by another customer.(currently am reading/testing XTEA *by Microchip
> > to see whether it fits my need..so if you have any tips on similar
> > lines are welcome)
>
> This simplest thing is have the dongle send the serial number of the
> unit being authorized, using your secure link, which the controller
> verifies before being operation. *You might establish a unique secret
> key for each dongle/controller pair. *This would prevent a hacker from
> invasively reading out your dongle or controller code and keys and
> applying that to a different controller, since the other controller
> would be using a different key.
>
This sums up most of my doubts..
Thanks a lot Thad and everybody else ..

Regards
Ajay

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Viruses and the Mac FAQ	David Harley	Apple	0	08-17-2005 05:27 AM
Viruses and the Mac FAQ	David Harley	Apple	0	09-24-2004 05:22 AM
Viruses and the Mac FAQ	David Harley	Apple	0	09-10-2004 05:16 AM
Viruses and the Mac FAQ	David Harley	Apple	0	08-26-2004 08:28 AM
Viruses and the Mac FAQ	David Harley	Apple	0	02-28-2004 09:08 AM