D4no0

D4no0

Using SIM card as a secure storage

I was reading about security considerations of firmware for RPIs, namely when it comes to firmware encryption when deploying to sdcard.

The default solution seems to use a ATECC508A or similar as a secure storage for encryption keys. One of the issues I see with this is that the availability of these chips is not that great, so I would guess there are other models that are used for professional use-cases?

While I was thinking about this, I remembered that smartcards are mainly used to do the exact same thing, not to mention that most of the deployed devices on the field have already a SIM used for internet. Theoretically we should be able to use at the very least the key that the SIM uses to authenticate with the cellular tower, even a better thing would be to be able to deploy your custom key, but I guess this highly depends on the model of the SIM your operator uses.

The great thing about such a solution it’s extremely easy to implement both from development standpoint (as all sims should follow the same AT commands standard) and in terms of hardware.

Maybe anyone tried to do this already with Nerves? It would be really interesting to hear more about this.

Most Liked

D4no0

D4no0

I have worked with other kind of smartcards before, the ones used by truck drivers in europe, so I am not entirely sure about the capabilities of current SIMs. Those cards follow the ISO standard for data signature and challenges and I’m more than positive that is a convention widely used by all other vendors too.

I have never used a modem for this before (I am actually thinking now on buying a few models to play around with them), but as long as your modem supports APDU protocol used for issuing commands to smartcard, you are good to go. At work, we were using USB smartcard readers, those are extremely easy to work with from your computer.

Once I get the hardware, I will definitely give it a try as I plan on deploying a few RPIs zero w2 and while I don’t care about encrypting the firmware, I don’t want anybody acquiring the keys used for authentication for firmware download from NervesHub. I will definitely share my findings!

lawik

lawik

Nerves Core Team

Yeah, this is definitely interesting! Keep us posted if you try it.

The Redwire Labs folks are doing device certs with TPM 2.0.

I hope to do it in the near term using ARM TrustZone-protected keys.

Both of those can be used through a PKCS11 interface via OpenSSL engine support. And some other avenues.

Where Next?

Popular in Discussions Top

Rustixir
Hi everyone, im working on find best language/framework/system for high concurrency, high performance and stable performance after wor...
New
JakeBecker
TL;DR: I’ve just released an implementation of Microsoft’s IDE-independent Language Server Protocol for Elixir. It adds language support ...
1144 53690 245
New
sashaafm
Piggy backing a bit on @dvcrn topic BEAM optimization for functions with static return type?, I’ve been trying to understand in a deeper ...
New
gausby
I asked this very same question on twitter and got some interesting feedback, but I thought it would be a good question to ask here as we...
1207 39297 209
New
Crowdhailer
I’ve been hearing much about the new formatter and it’s something I have been keen to try. I find examples buy far the most illuminating...
248 19204 150
New
hazardfn
I suppose this question is effectively hackney vs. ibrowse but we are at a point in our project where we have to make a choice between th...
New
Qqwy
I would like to spark a discussion about the static access operator: .. For whom does not know: it is used in Elixir to access fields of...
New
rms.mrcs
A couple of days ago I was discussing with a friend about different approaches to write microservices. He said that if he was going to w...
New
tomekowal
Hey guys! I want to create a toy project that shows a chart of temperature over time and updates every 5 seconds. I feel LiveView is per...
New
paulanthonywilson
I like Umbrella projects and pretty much always use them for personal Elixir stuff, especially Nerves things. But I don’t think this is ...
New

Other popular topics Top

9mm
I am constructing a JSON object (map) and I need to conditionally set a field. I’m trying to write proper elixir-way code… and I’m at a l...
New
senggen
Erlang/OTP 25 [erts-13.2.2] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] 15:22:35.803 [error] gen_event {lager_file_backend...
New
mcarvalho
What is the difference between System.get_env and Application.get_env? For example, what are best practices to use one versus another.
New
electic
Hi, I am new to Elixir. I am trying to use the DateTime component to insert a date into MySQL however the there seems to be no way to fo...
New
ovidiubadita
Hey all, I discovered Elixir and I love it. I always wanted to learn a functional programming and I intended to go for Haskell, but afte...
New
johnnyicon
Hi all, I’ve just started learning Elixir and Phoenix Framework, so please pardon my n00bness at this stage. I’m trying to use Postgres...
New
msaraiva
Surface is an experimental library built on top of Phoenix LiveView and its new LiveComponent API that aims to provide a more declarative...
564 43622 214
New
RisingFromAshes
I’ve read in another post that it may be possible with a router helper - but I couldn’t find an appropriate one, and tbh, I’m still just ...
New
klo
Got a question about when to concat vs. prepending items to list then reversing to achieve appending. So i know lists boil down to [1 | ...
New
hariharasudhan94
I would like to know what is the best IDE for elixir development?
New

We're in Beta

About us Mission Statement