I'm using a microprocessor – PIC32MZ2048efm144 MCU that receives commands encrypted with a specific key, decrypts them and executes the command.
The encrypted commands are stored offline, so I cannot just change the key whenever I want. The key is FIXED.
The commands are encrypted by a server, and donwloaded by a phone. The phone sends the encrypted commands to the MCU at a later time, when it's not online. The commands are encrypted before the phone communicates them to the MCU, so a session key is not possible.
I am allowed to connect an external encryption / decryption module to the PIC, but then the data will pass decrypted in at least one direction..
The solution brought here:
Storing a secure key in an embedded device's memory
uses one-time keys to encrypt, but I need to store a single super-secret key
What My employer requires is for the keys to not be accessible, so physical protection besides the one offered by secure memory modules and the MCU, is not considered.
Assuming no military-grade equipment is used, are there any know solutions you guys know and can recommend?
Thanks in advance!
Best Answer
I'm sorry this answer won't actually solve your problem. But it is too long to fit in a comment, and it will allow you to rethink your problem in the right way (because as it is, I think it is flawed).
This kind of problems have to be solved taking account all components of the system, and making reasonable assumptions on what a potential hacker can or can't do.
For example:
You say: "the PIC32MZ2048efm144 (MCU) receives commands encrypted with a specific key, decrypts them and executes the command". I suppose the result of the execution of the command is toggling some GPIOs to actuate stuff.
Then, why are you afraid that, potentially, some data passes decrypted between the MCU and an encryption/decryption module? A hacker that has access to the hardware to see the decrypted commands would, anyway, be able to directly act on the GPIOs of the MCU and "actuate the stuff" as easily.
Second example:
Using on-time keys is an idea. But as you say, where do you store the main master key used to generate the one-time keys? You'll face the exact same questions as in your original problem.
Actually, there is no way to make your system secure if you suppose that a hacker can potentially sneak in at any location of your system (which is what it seems to me you're currently assuming).
What makes a system secure, then?
A smart card is made secure because it is unreasonable to assume a hacker can probe the internal routes within the IC, between the memory and the CPU block.
An electric door lock is made secure because it is unreasonable to assume a hacker can reach the wires that actuate the lock.
Etc... Basically, you have to start by indentifying things a hacker won't be able to do, and work out your whole solution from there. For example, is it possible to put your whole system in a secure, physically tamper-resistant box? In this case, you can freely have decrypted commands passing through an internal bus.
You can't build a secure system without knowing what it is the hacker can't reasonably do. You didn't tell us that. We therefore can't propose a complete solution.