lawik

lawik

Nerves Core Team

Secure elements, beyond TLS

Another one where me and @fhunleth have gone kind of deep on a topic and I figure this information should be in the community. Findable.

So NervesKey is a cool library for setting up device certificates and via nerves_key_pkcs11 it allows us to override what OpenSSL uses for particular connections and suddenly we can have a high degree of certainty about which device is connecting. This works for NervesHub and other IoT cloud things. TLS with device certificates without unduly findable provate keys is fantastic.

This uses the Microchip ATECC508/ATECC608A/ATECC608B series. Interestingly the 608 chips can also hide secrets for symmetric encryption. Sweet. Suddenly a world opens. Hide your SQLite encryption key, you disk encryption key, key to your journal.

Not quite. Signatures are not secret, authenticity is “easier” than secrecy. In the midst of my excitement Frank noted that the darned thing ships decrypted secreta over a slow, plain I2C bus. So it is physically exposed at the time of decryption, travelling to the SoC.

I have been digging for options for my client REDACTED. We can probably physically secure the unit with tamper protection to mitigate the I2C bus being exposed but a deeper protection would be nice.

Beyond the plaintext transport the ATECC chips have been hit with some novel laser fault injection hacks, that while risky and kind of demanding, have potentially real implications to the security of the device.

Currently I’ve seen NXP EdgeLock, either in the iMX9-series, iMX8ULP devices or standalone via SE050 chip. I am sure there are others I am not aware of, these bill themselves as a Secure Enclave.

The other interesting angle is ARM TrustZone plus OP-TEE which lets parts of an SoC run trusted code only and allows the designer to include certain hardware only in the trusted part. This enables heavier security in terms of hiding secrets.

All of these approaches should typically allow interop with OpenSSL to get stuff done.

I would love to push this forward as my work progresses specifically for Nerves and I am curious if others have done it or have hardware recommendations.

Most Liked Responses

lawik

lawik

Nerves Core Team

I am travelling now but at home I apparently have a bundle of these waiting for me. The NXP EdgeLock TM SE050. Will see if I get a chance to do something with it.

lawik

lawik

Nerves Core Team

SE050 datasheet

“Support for SCP03 protocol (bus encryption and encrypted credential injection) to securely bind the host with
the secure element”
more on SCP03

Finding details for this? Probably in an “Application note” somewhere :smiley:

gus

gus

Nerves Core Team

It looks like NXP published an app note about how to bind a host to the device here.

Section 2.1 has a link to the SCP protocol spec sheet, which seems to want to collect your email before you can view it.

This is a very dense data sheet and I’m pretty sure you’re aware, but I want to point out two of the functions/operating modes because it wasn’t immediately clear to me: It has 50kb secure onboard storage for encryption keys and such, so it would be a secure replacement to the ATECC line of chips used by Nerves Key.

But also has a secondary function (which was my first impression of the chip does when I read the data sheet) to add a semi-secure bridge between a controller and a sensor or storage chip. You could theoretically store your keys in the ATECC chips, and use the SE050 to create an encrypted channel of communication, but which is still plaintext on the ATECC side of things. This doesn’t really get you anywhere in terms of security, as you’d still have plaintext keys on an I2C bus (just not one that is talking with the host device), plus the other security considerations of the ATECC chips you mentioned above.

The only reason I can think of for why they have this functionality is for hosts with just one I2C controller to be able have encrypted bus communications while still supporting reads and writes of traditional I2C sensors which don’t need encryption.

In terms of implementation, I’d be willing to bet there is a NXP provided implementation which might be possible to repackage into a NIF. More fun in Elixir land though :smiley:

If you make any progress on supporting the chip please post updates, I’m curious to follow along!

Where Next?

Popular in Discussions Top

andre1sk
A big advantage to Elixir is all the distributed goodness but for many applications running on multiple nodes having integrated Etcd, Zoo...
New
Rustixir
Hi everyone, im working on find best language/framework/system for high concurrency, high performance and stable performance after wor...
New
jeramyRR
This is an interesting article to read. Elixir’s performance, like usual, is excellent. However, it seems like the high CPU usage is co...
New
WolfDan
After doing a port from a c++ library to my project in phoenix I’ve seen that I need a faster way to run this algorithm and I found this ...
New
fireproofsocks
This is more of a general question, but I’m wondering how other people in the community think about the pattern matching in function sign...
New
praveenperera
How We Replaced React with Phoenix By: Thought Bot
New
IVR
Hi all, I’ve seen a number of related threads in the past, but I’d still be very curious to hear an up-to-date opinion on this topic. I...
New
acrolink
How does the two languages compare when it comes to server side application development? Any experiences or ideas? Thank you.
New
sergio
Kind of like when jquery came out, it was super necessary. Existing drag and drop libraries have a bunch of baggage to support old browse...
New
Markusxmr
Since Drab has been developed for a while in the open, introducing the Liveview functionality in a way it happend appears to undermine th...
New

Other popular topics Top

Darmani72
If I have a post route which an argument: post /my_post_route/:my_param1, MyController.my_post_handler How would get the post params ...
New
senggen
Erlang/OTP 25 [erts-13.2.2] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] 15:22:35.803 [error] gen_event {lager_file_backend...
New
Nvim
Anybody knows a comprehensive comparison of Django and Phoenix, thanks for the help. Where are they similar? Where do they differ the m...
New
jerry
Good day to you all. I have been struggling to get a query involving like and ilike to work. Can anyone assist me on this, please? pro...
New
dokuzbir
I want to highlight html closing tags when i click a html tag. That works in .html files but doesnt work for html.eex templates. How can...
New
vegabook
I’m brand new to Phoenix and I have stripped one of the demo applications to the bone. I just want to get an svg up on the screen. Here i...
New
grych
Hi folks, Few months ago I have announced the proof-of-concept of the library to manipulate the browsers DOM objects directly from Elixi...
639 52341 488
New
ashish173
I am using Ecto timestamps with postgres, I can see the timestamps() use the :naive_dateime but for my use case I wanted to store the ti...
New
PeterCarter
There are pre-rolled solutions for other frameworks that do work. However, Phoenix does not seem to have these. Have people had good expe...
New
AstonJ
Seen any cool LiveView demos, sample apps or examples? Please post them here! :003:
New

We're in Beta

About us Mission Statement