Blended Cryptography: Public Key Infrastructure for Devices that - - PowerPoint PPT Presentation

blended cryptography
SMART_READER_LITE
LIVE PREVIEW

Blended Cryptography: Public Key Infrastructure for Devices that - - PowerPoint PPT Presentation

Jul 27, 2023 174 likes •391 views

Blended Cryptography: Public Key Infrastructure for Devices that dont Public key Phillip Hallam-Baker Principal Scientist VeriSign Inc. Small is not beautiful Not When you write the code PIC 16F88 368 bytes RAM 4K Word ROM 20MHz

slide-1
SLIDE 1

Blended Cryptography:

Public Key Infrastructure for Devices that don’t Public key

Phillip Hallam-Baker Principal Scientist VeriSign Inc.

slide-2
SLIDE 2

Small is not beautiful

slide-3
SLIDE 3

Not

slide-4
SLIDE 4

When you write the code

slide-5
SLIDE 5

PIC 16F88

368 bytes RAM 4K Word ROM 20MHz RS232/485 serial i/f 1kWh in 2,000 years

slide-6
SLIDE 6
slide-7
SLIDE 7

<$1 (In quantity)

slide-8
SLIDE 8

The situation

  • Fact: Can’t do Public Key

– No, really, it can’t

  • Fact: Can’t use bigger chip

– Can’t grow out of the problem

  • Myth: Cannot do PKI

– Just have to do the PKI elsewhere

slide-9
SLIDE 9

Why PKI?

slide-10
SLIDE 10

Automated Administration

slide-11
SLIDE 11

SCADA

slide-12
SLIDE 12

Device ID Master Secret

Delegated Key Agreement

Prob e Service SCADA Device ID Master Secret Certificate Shared Secret Shared Secret Nonces

slide-13
SLIDE 13

Mobile [User] Device

  • Public Key Capable
  • Limited Storage
slide-14
SLIDE 14

Device Authentication ≠ User Authentication

slide-15
SLIDE 15

Transparent TLS Authentication

Client [Master Key] Web Server [SSL Cert] Radius Shared Secret = MAC (ServerID, Master Key) ServerID = H(Public Key) or H(Issuer + Domain name) or EV-ID

slide-16
SLIDE 16

Strong Authentication Credentials

  • Implement TTLSA in microchip

– Does not require public key

slide-17
SLIDE 17

Traditional Approach

  • Use public key to do all the

interesting stuff

– Use symmetric key for bulk crypto only

  • Heavy number theory is impressively

difficult

– Get paper published at Crypto – No customer will ever accept it

  • Wait for the symmetric key guys to
slide-18
SLIDE 18

Blended Approach

slide-19
SLIDE 19

Public Key Establishes Context

  • If:

– Party A knows the public key of Party B

  • Or if:

– Party A knows the public key of Party C that has a symmetric key relationship with party B

  • Provides non-repudiation

– (Whatever that might be)

slide-20
SLIDE 20

Symmetric Key does ‘exotic’ effects

  • Any random 128 value is a strong

key

– If k is a strong key then so is

  • H(k)
  • Mac (x, k)
  • Enc (x, k)
  • Enc (k, x)
slide-21
SLIDE 21

Conclusions

  • Every device that supports RS485

– Can support strong cryptography – Can leverage PKI

  • Even if the device itself can’t
  • Blended Cryptography allows exotic

effects

– Without exotic public key