The threat mode is concerning the hacking of PC based software. We want to place a vital part of the processing of data on a unit consisting of a microcontroller device which we design and build ourselves. It is not possioble for a hacker to actually intercept the processing done on board this unit, but he would probably be able to hook into the transfer of data between the PC and the unit (USB or serial). So we want to encrypt the data stream.
And of course the PC software can simply be attached to a debugger and traced through.... So now if there is a key pair used with a secret key embedded in the microcontroller code and the public key in the PC software the PC can encrypt the data set before transferring to the device using the device's public key. Then the device can decode it and then perform its processing after which it will encrypt it using some key before sending the data back. By using its own secret key to encode the result it would be possible to decode with the public key and the PC would get the processed data back for further processing. But by using a key pair also for the PC it would be even more difficult to break, because then the device would encrypt using the public key of the PC when sending back and the PC would decrypt using its "secret" key. Of course the PC secret key would not be protected against debugger tracing, but since the debugger cannot see the public key in the device it cannot find out how the data should be formatted in a pirated device to mimick our device. Should work to deter hacking, I believe. But the problem is how to implement encrypting/decrypting on the microcontroller device.... Best Regards, Bo Berglund -----Original Message----- From: gnupg-users-boun...@gnupg.org [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Nik N Sent: Thursday, March 26, 2009 6:54 AM To: Gnupg-users@gnupg.org Subject: Re: Using GPG in embedded applications? On Tue, Mar 17, 2009 at 12:24 PM, Bo Berglund <bo.bergl...@agiusa.com> wrote: > ... > The idea is to have the PC program encrypt a fairly large chunk of data using the embedded unit's public key and then send the result over the channel into the embedded application. > > Inside this (protected) hardware the secret key would be used to decode the data, then some processing would be done whereupon the resulting data is again GPG encrypted now with the public key of the PC program and sent back over the channel. > Finally the PC program would decode the data and further process it. > I am trying to understand your threat model: If the attacker has access only to the channel but not to the two communicating devices, a simpler, symmetrical-cipher-only solution would suffice. If, on the other hand, the attacher has access to either device, isn't it reasonable to assume he'd be able to pry the decryption (private) key and decrypt the data (flowing in at least one direction)? Nik N. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
