lawik

lawik

Nerves Core Team

Secure elements, beyond TLS

Another one where me and @fhunleth have gone kind of deep on a topic and I figure this information should be in the community. Findable.

So NervesKey is a cool library for setting up device certificates and via nerves_key_pkcs11 it allows us to override what OpenSSL uses for particular connections and suddenly we can have a high degree of certainty about which device is connecting. This works for NervesHub and other IoT cloud things. TLS with device certificates without unduly findable provate keys is fantastic.

This uses the Microchip ATECC508/ATECC608A/ATECC608B series. Interestingly the 608 chips can also hide secrets for symmetric encryption. Sweet. Suddenly a world opens. Hide your SQLite encryption key, you disk encryption key, key to your journal.

Not quite. Signatures are not secret, authenticity is “easier” than secrecy. In the midst of my excitement Frank noted that the darned thing ships decrypted secreta over a slow, plain I2C bus. So it is physically exposed at the time of decryption, travelling to the SoC.

I have been digging for options for my client REDACTED. We can probably physically secure the unit with tamper protection to mitigate the I2C bus being exposed but a deeper protection would be nice.

Beyond the plaintext transport the ATECC chips have been hit with some novel laser fault injection hacks, that while risky and kind of demanding, have potentially real implications to the security of the device.

Currently I’ve seen NXP EdgeLock, either in the iMX9-series, iMX8ULP devices or standalone via SE050 chip. I am sure there are others I am not aware of, these bill themselves as a Secure Enclave.

The other interesting angle is ARM TrustZone plus OP-TEE which lets parts of an SoC run trusted code only and allows the designer to include certain hardware only in the trusted part. This enables heavier security in terms of hiding secrets.

All of these approaches should typically allow interop with OpenSSL to get stuff done.

I would love to push this forward as my work progresses specifically for Nerves and I am curious if others have done it or have hardware recommendations.

Most Liked Responses

lawik

lawik

Nerves Core Team

I am travelling now but at home I apparently have a bundle of these waiting for me. The NXP EdgeLock TM SE050. Will see if I get a chance to do something with it.

lawik

lawik

Nerves Core Team

SE050 datasheet

“Support for SCP03 protocol (bus encryption and encrypted credential injection) to securely bind the host with
the secure element”
more on SCP03

Finding details for this? Probably in an “Application note” somewhere :smiley:

gus

gus

Nerves Core Team

It looks like NXP published an app note about how to bind a host to the device here.

Section 2.1 has a link to the SCP protocol spec sheet, which seems to want to collect your email before you can view it.

This is a very dense data sheet and I’m pretty sure you’re aware, but I want to point out two of the functions/operating modes because it wasn’t immediately clear to me: It has 50kb secure onboard storage for encryption keys and such, so it would be a secure replacement to the ATECC line of chips used by Nerves Key.

But also has a secondary function (which was my first impression of the chip does when I read the data sheet) to add a semi-secure bridge between a controller and a sensor or storage chip. You could theoretically store your keys in the ATECC chips, and use the SE050 to create an encrypted channel of communication, but which is still plaintext on the ATECC side of things. This doesn’t really get you anywhere in terms of security, as you’d still have plaintext keys on an I2C bus (just not one that is talking with the host device), plus the other security considerations of the ATECC chips you mentioned above.

The only reason I can think of for why they have this functionality is for hosts with just one I2C controller to be able have encrypted bus communications while still supporting reads and writes of traditional I2C sensors which don’t need encryption.

In terms of implementation, I’d be willing to bet there is a NXP provided implementation which might be possible to repackage into a NIF. More fun in Elixir land though :smiley:

If you make any progress on supporting the chip please post updates, I’m curious to follow along!

Where Next?

Popular in Discussions Top

matthias_toepp
I’d love to hear what people think about Wisp, the new Gleam web framework started by Gleam’s primary creator Louis Pilfold. Gleam, alon...
New
pillaiindu
In django there is a cache framework backed by memcached. Rails also puts a lot of emphasis on caching, and even the idea of russian-doll...
New
axelson
Decided against including more info in the title, but the gist is that Plataformatec sponsored projects will continue with the assets bei...
New
WildYorkies
It seems that the more I read, the more I find Elixir users speaking about all the ways that Elixir is not good for x, y, and z use cases...
New
nunobernardes99
Hi there Elixir friends :vulcan_salute: In a recent task I was on, I needed to check in two dates which of them is the maximum and which...
New
Ankhers
Just a little information upfront. Generally speaking, if I feel like I need to either break a pipe chain or use an anonymous function in...
New
rower687
Hi all, I’ve been reading a lot about the “let it crash” term and how supervising processes and the whole messaging passing make an elixi...
New
shishini
I think this twitter post and youtube video didn’t get as much attention as I hoped I am still new to Elixir, so can’t really judge ...
New
griffinbyatt
Sobelow Sobelow is a security-focused static analysis tool for the Phoenix framework. For security researchers, it is a useful tool for g...
New
AstonJ
Seen any cool LiveView demos, sample apps or examples? Please post them here! :003:
New

Other popular topics Top

aadeshere1
I have a another noob question about loop. Since elixir is immutable, while loop is not directly possible. total = 10 while total != 0 ...
New
senggen
Erlang/OTP 25 [erts-13.2.2] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] 15:22:35.803 [error] gen_event {lager_file_backend...
New
albydarned
Hello all! I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
AstonJ
Posting this to see if we can make things easier for people to get into Neovim. If you use Neovim and have a favourite distro please let ...
New
gshaw
What is the idiomatic way of matching for not nil in Elixir? E.g., First way: defp halt_if_not_signed_in(conn, signed_in_account) when...
New
JeremM34
Hello, how can I check the Phoenix version ? Thanks !
New
Brian
What is the proper way to load a module from a file in to IEX? In the python world, doing something like this pretty standard: from ....
New
AstonJ
We’ve put together this wiki for Phoenix LiveView - please feel free to add any info you feel is worth including. What is Phoenix LiveV...
New
WestKeys
Currently suffering from paralysis by [HTTP client] analysis. This is rather unusual in Elixirland as there tends to be consensus on the ...
New
jononomo
For some reason my phoenix channels are working for me in my local dev environment, but as soon as I deploy via Docker, I get a 403 error...
New

We're in Beta

About us Mission Statement