1

I am working on an encryption method between a server and multiple clients. The client hardware only supports basic encryption algorithms (Currently Aes 128-bits and HmacSha1). The hardware is too simple to support TLS/SSL. I have read about Embedded System Communications Security and I also checked https://stackoverflow.com/questions/5235161/aes256-cbc-hmac-sha256-ensuring-confidentiality-and-authentication

Combining this information I came up with an EncryptionClass which takes a weak master key which is unique to each client and also known to the server. The class uses HmacSha1 to generate stronger keys for encryption and authentication. It looks as follows (pseudocode):

EncryptionClass(weakMasterK) {
    HmacSha1.init(weakMasterK)
    strongEncrK = HmacSha1.doFinal(0) // zero constant in bytes
    strongAuthK = HmacSha1.doFinal(1) // one constant in bytes

    // Message encryption:
    AesCipher.init("ENCRYPT_MODE", strongEncrK)
    AesCipher.doFinal(random IV || message)

    // Message decryption:
    AesCipher.init("DECRYPT_MODE", strongEncrK)
    AesCipher.doFinal(encrypted data)

    // Hash generation (for authentication):
    HmacSha1.init(strongAuthK)
    HmacSha1.doFinal(encrypted message)
}

Given the fact that I am not an expert on cryptography at all, I was wondering if anybody sees a problem with this approach, especially with the way keys are generated and used. I would also consider a totally different approach if this requires less computational power than TLS/SSL.

Community
  • 1
david
  • 11
  • 1
  • 1
    Since you deploy code to these devices, what prevents you from porting an asymmetric algorithm? – symcbean Oct 08 '16 at 14:24
  • 2
    What kind of hardware are we talking about that you can't compile/port a TLS/SSL library? – Mr. E Dec 07 '16 at 11:56
  • 3
    I'm voting to close this question as off-topic because it's about reviewing a piece of code. – CodesInChaos May 06 '17 at 17:05
  • You've shown a piece of code but you don't say how it's going to be used so we can't tell you whether it's suitable for its intended purpose or not. Your argument against TLS doesn't hold: why not use TLS with a pre-shared key, rather than make up your own equivalent which will not be faster but, since you need to ask, will be less secure? – Gilles 'SO- stop being evil' May 06 '17 at 19:22

1 Answers1

1

Your 'strong' key is just a hmac with static content - you would be better off implementing HKDF for your key strengthening portion if possible. It would also be worth ensuring your random IV is random enough - an error there will stuff things up a lot.

C_Sto
  • 311
  • 1
  • 5