7

Let's say I have a PIC and an EEPROM memory IC. I store sensitive data in the EEPROM. If I want to encrypt the data what is a good encryption algorithm? It should be executed by the PIC but that does have time for that. So I want to store ~100 bytes and the encryption shouldn't take longer than ~5s on 40MHz.

  • 1
    Does your PIC have any kind of accelerator for encryption? Usually the answer here is AES, though I don't know how fast it will run (should be much less than 5s though for this amount of information). – Gustavo Litovsky Jan 29 '13 at 19:19
  • No, just the PIC, no external components (except the EEPROM). Are there AES libaries available or should I write them? –  Jan 29 '13 at 19:22
  • 1
    Microchip provides ready made libraries: http://www.microchip.com/stellent/idcplg?IdcService=SS_GET_PAGE&nodeId=2680&dDocName=en537998 – Gustavo Litovsky Jan 29 '13 at 19:30
  • Maybe it's not free. Not sure. – Gustavo Litovsky Jan 29 '13 at 19:30
  • Fast! Edit your comments instead of adding new! ;-) and a nice link! You may submit it as an answer! –  Jan 29 '13 at 19:32
  • 1
    Notice that the encryption/decryption key is probably part of the program and therefore contained in flash. I don't know PIC, but I do know it is rather trivial to read both EEPROM and Flash from an AVR unless properly protected by its fuses. Encrypting EEPROM data is useless without proper protection of the keys. – jippie Jan 29 '13 at 19:49
  • True, but it is possible to protect the data with the fuses. –  Jan 29 '13 at 20:00
  • 4
    It's not terribly difficult for a determined and technical attacker to circumvent the protection fuses and read the PIC's flash anyway. See the google results for "circumventing microcontroller read protect fuse" for ideas. – Phil Frost Jan 29 '13 at 20:36
  • Hmm, so, any ideas on how to do this? Or is it simply not possible? –  Jan 29 '13 at 20:50
  • One of course is just _don't store_ the keys but let someone remember them. AES uses keys of 128 through 256 bits, easy to remember. Or to write down. –  Jan 29 '13 at 21:03
  • 1
    Any crypto system is only as good as the secrecy of its key. No way around that. – Phil Frost Jan 29 '13 at 22:34
  • 1
    I can't find the article right now. You are Dutch, you heard about the OV-chipkaart (public tansport). You have to think about possibilities, not about impossibilities. Like a German University did one or two years back. They wanted to prove the (MiFare Classic based) chip card was insecure, so they grinded the chip card from top to bottom, layer by layer and after every layer they analyzed the surface under a electron microscope. Within a couple of weeks they had reverse engineered the encryption algorithm and the related keys. From that moment onward the Dutch OV-chipcard was open to public. – jippie Feb 01 '13 at 23:36
  • 2
    As @PhilFrost states, if someone is determined to extract keys/algorithms from a device, they will manage. The fact that you don't have an electron microscope yourself, doesn't mean that nobody else hasn't access to one. Good security algorithms and systems are open (in contrast to security by obscurity), peer reviewed by many ... and probably sooner or later broken and thus you always have to be prepared for the next step (different algorithm/hardware/...). The only secret ought to be the key, not the algorithm. Many examples for security broken by design exist, the internet is full of them. – jippie Feb 01 '13 at 23:49

2 Answers2

7

Microchip provides ready made encryption library. Typically AES is the most commonly used and available, and I see no reason to use anything else.

Due to export restrictions, you will need to contact them directly to obtain the source code.

Gustavo Litovsky
  • 7,619
  • 3
  • 25
  • 44
  • I agree here, AES is pretty easy to do on chip and would be my choice if I wanted security. – Kortuk Feb 08 '13 at 23:27
3

A much less resource consuming algorithm than AES, specificially for embedded applications, is XTEA. The wiki page gives the source code and you can find test vectors which are used to verify your implementation. You should also consider XXTEA.

Martin
  • 8,320
  • 1
  • 22
  • 30
  • 2
    I am not sure I agree with this, AES is actually very doable and on even small block sizes quite secure. XTEA has a multiple published breaks of the cipher on the wiki page alone, to my knowledge all such attacks on AES are side channel attacks. – Kortuk Feb 06 '13 at 02:13