I've been listening to Security Now long enough to know that with crypto you should always reach out to more knowledgeable people to make sure you're doing it right.
I need to implement a secure pairing of IoT devices. To do that I'm thinking I will need to use asymmetric crypto with the public key printed on the new device. Then that key will be entered into the user interface of the hub and the hub reaches out to the new device and does a Diffie-Hellman key exchange to establish a symmetric key for the network traffic. So far so good?
Because this code will be running on a micro controller there are some resource constraints (EEPROM, RAM, CPU cycles). That's why I'm thinking I should use elliptic curve crypto so the key size will be as small as possible while still maintaining security. I know better than rolling my own so I searched for a library implementation and found something called mirco-ecc (http://kmackay.ca/micro-ecc/).
Micro-ecc of course depends on a cryptographically secure random number generator. Because I'm working with a micro controller my options are a bit limited. The controller, however, does have a true random number generator that feeds from the radio receiver. According to the data sheet it's able to produce two bits of entropy every 1µs. So I do have a robust source of entropy. Next I searched for a cryptographically secure pseudo random number generator that I could use with the entropy generated by the radio receiver. I found a variation of Mersenne Twister called TinyMT (https://en.wikipedia.org/wiki/Mersenne_Twister#TinyMT). There is a library available on GitHub from the original authors and I'm thinking I could create a wrapper that initializes it from the TRNG and interfaces with micro-ecc library.
Am I on the right track here? What do you guys think?
I need to implement a secure pairing of IoT devices. To do that I'm thinking I will need to use asymmetric crypto with the public key printed on the new device. Then that key will be entered into the user interface of the hub and the hub reaches out to the new device and does a Diffie-Hellman key exchange to establish a symmetric key for the network traffic. So far so good?
Because this code will be running on a micro controller there are some resource constraints (EEPROM, RAM, CPU cycles). That's why I'm thinking I should use elliptic curve crypto so the key size will be as small as possible while still maintaining security. I know better than rolling my own so I searched for a library implementation and found something called mirco-ecc (http://kmackay.ca/micro-ecc/).
Micro-ecc of course depends on a cryptographically secure random number generator. Because I'm working with a micro controller my options are a bit limited. The controller, however, does have a true random number generator that feeds from the radio receiver. According to the data sheet it's able to produce two bits of entropy every 1µs. So I do have a robust source of entropy. Next I searched for a cryptographically secure pseudo random number generator that I could use with the entropy generated by the radio receiver. I found a variation of Mersenne Twister called TinyMT (https://en.wikipedia.org/wiki/Mersenne_Twister#TinyMT). There is a library available on GitHub from the original authors and I'm thinking I could create a wrapper that initializes it from the TRNG and interfaces with micro-ecc library.
Am I on the right track here? What do you guys think?