Electronic – AES-128 Chip Solutions

encryptionmicrocontroller

Project

The system is effectively a sensor network that connects to a star topology routing network. The Identities of each node's identity must be kept secret from all listeners as the range of the RF transmission and relay may be on the order of tens of miles. Each sensor node has its own Identification number, as required by laws pertaining to our systems target deployment.

This means that if someone is able to read the identifier on the node then the security has not value, so a side channel attack on our implementation is a waste of time, unless they can implement it from a long distance, but I do not believe our SPI will radiate that well when sandwiched between a power and ground layer.

Security Options

This question is asking for solutions to using AES-128. I will explain what I found in an answer that I was lead to directly by Joby Taffey. Thank you Joby. I was looking for off-chip low cost solutions that could speed up our system greatly, it ends up i missed something from my chip supplier.

Best Answer

Having a separate encryption co-processor could be risky. Anyone with a Bus Pirate or logic analyser and physical access can sniff the bus and pluck out the plaintext data.

You can mitigate the risk a bit with BGAs and/or epoxy, but the best solution is likely to be a SoC which combines MCU with AES.

One approach might be to use a SoC ZigBee chip and ignore the radio part, eg. CC2430, or EM250.

Or, you could go with a Stellaris Cortex-M3 (some have AES tables in ROM)

Or, do it in software. I've used Brian Gladman's code before in projects.

Related Solutions

Electronic – Smallest AES implementation for microcontrollers

I'm wondering how did you get 7.5kB of RAM usage with axTLS. Looking at the code, all the context is stored in this structure:

typedef struct aes_key_st 
{
    uint16_t rounds;
    uint16_t key_size;
    uint32_t ks[(AES_MAXROUNDS+1)*8];
    uint8_t iv[AES_IV_SIZE];
} AES_CTX;

Size of this structure is 2 + 2 + 4 * 15 * 8 + 16 = 504. I see no global variables in aes.c, automatic variables are all small, so stack usage is also reasonable. So where does 7.5kB go? Perhaps you're trying to use the whole library instead of just extracting AES implementation from it?

Anyway, this implementation looks pretty simple, I'd rather stick to this code and try to optimize it. I know it can be tricky, but learning the AES details can help you at least to estimate the absolute minimum RAM usage.

Update: I've just tried to compile this library on IA-32 Linux and write a simple CBC AES-128 encryption test. Got the following results (first number is the section length hex):

 22 .data         00000028  0804a010  0804a010  00001010  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 23 .bss          00000294  0804a040  0804a040  00001038  2**5
                  ALLOC

That's just 660 bytes of .bss (I've declared AES_CTX as a global variable). Most of .data is occupied by IV and key. I don't include .text here, as you'll get totally different result on PIC (data sections should be nearly the same size on both architectures).

Electronic – Streaming camera solutions for RaspberryPi MCU

I might (doubtful) want to try and sell this device, so I can't simply take some Logitech web cam and use it due to obvious licensing issues. So that's a huge constraint.

Basically you will be creating an IP Camera. The Raspberry Pi is probably the cheapest and easiest way to prototype this, however there are other boards like the Beagle Boards.

Once you get a prototype going, then you may consider creating your own all in one device that uses an ARM or DSP processor. For example I would probably use some type of Serial JPEG Camera Module, a cheap microphone, and the cheapest ARM processor that will fit these requirements. But for a prototype, the Raspberry Pi and a cheap usb web cam is probably the cheapest and quickest way to get started and get your software going. You may even to be able to find a cheap no-name usb camera from china that will work for this so you can resell it in small quantities.

So as far as getting the frames to the MCU, there's two main issues here: (a) the choice of camera and microphone, and (b) the drivers for connecting the cam/mic to the Pi's USB port.

Here is the huge list of devices that work with the Raspberry Pi: RPi Verified Peripherals. The USB Webcams section lists both working and problem units. Along with a bit of extra info. After you find a unit that fits your requirements (price, etc.) I would try to double check via Google to verify someone has used it and it does indeed work; although this is probably unnecessary.

I'm sure there are other units that work that haven't been tested, the two things that will help you is to make sure it is Linux compatible, and that there are ARM drivers available.

There's also the issue of A/V encoding as well as synchronizing the video and the audio feeds together.

As I mentioned in my comment, the RP really won't have any issues handling this part. It has more than enough processing power to handle most all A/V formats.

the Pi (which would be running GNU/Debian linux) will have the right drivers to ingest the streaming frames and send them off to a tool that would then be able to forward them on to a WiFi or Ethernet adapter

Basically the RP is just going to be a linux computer that is connected to the internet and has the camera and microphone plugged into it. You will install and configure libasound2-dev (for the audio) and FFMPEG to stream everything.

Then this will just be like any other server online (you may need to configure your router and port forwarding etc. to get it to be visible on the web,) and according to this, you and other computers will just access it by going to h**p://YOUR_WEBCAM_SERVER/webcam.mjpeg

Helpful links: