On Tue, Aug 18, 2015 at 10:32 AM, Bill Frantz
<frantz(_at_)pwpconsult(_dot_)com> wrote:
On 8/16/15 at 8:47 AM, derek(_at_)ihtfp(_dot_)com (Derek Atkins) wrote:
Bill Frantz <frantz(_at_)pwpconsult(_dot_)com> writes:
I think in the IoT space, we will need to have signed software
updates. I don't think there is much of an issue taking several
seconds to verify an update signature, but these 8 bit processors seem
like the right level of hardware for these IoT devices.
Yes, signed software is definitely one use case. However, often on
these systems it's more than just authenticating a software update;
sometimes it might actually want to check the signature on every bootup
(to prevent an attack on the flash/firmware)!
I hope we don't have to worry about attacks via physical access, so the
only attacks available will be through the upgrade mechanism.
We also need to worry about authentication and replay prevention for the
instructions delivered to these devices through the internet. One can
imagine an architecture with a controller with the power of a Raspberry Pi
giving orders to dumber devices using authenticated symmetric crypto as a
solution. That system would prevent my favorite "neat hack" attack, turning
your neighbor's living room into your own light organ.
Exactly the approach I want to see.
Yes, it is absolutely true that 8 bit CPUs matter and I have been telling
people that there are more of them produced every year than the last for
over ten years now.
BUT
Anyone building a system who is trying to tell me that there is no room
anywhere in that system for a $1 Raspberry Pi sized CPU and memory needs
slapping with a cluestick.
What I would really like right now is some low cost controller for two
stepper motors that can sit off an IC2 serial port with all the commands
being authenticated by a MAC. I don't need a lot of CPU power to be able to
take commands off a slowish serial bus, authenticate them and set registers
controlling a couple of steppers.
Llama, my static hero sized dalek prop would like to be able to waggle his
plunger and exterminator gun. The idea is that when someone enters the
office without badging in, they get a surprise.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp