-1

I have device connected to scooter it’s 4- wire uart communication. My fear is some can read the ascii data and send the at commands and unlock my scooter and steal the scooter. I want to secure the uart communication between the scooter and device.

I am using the nrf SOC and it has hardware support for AES-128bit. I am wondering what method should I go for encryption AES-128 or asymmetric?

I planned to go for AES-128 bit encryption because of hardware support. The only downside is I need to record all the 16-byte keys somewhere.

I am quite new to the encryption.

I checked asymmetric key it's more secure but I don't have hardware support for that. Anyone can guide me in selecting the encryption?

danglingpointer
  • 101
  • 6
  • What are you securing? What are you trying to protect against? What is your goal with the encryption? – Sjoerd Mar 11 '19 at 14:39

1 Answers1

2

If you want to prevent low hanging fruit attacks, AES-CBC with a static key stored in the EEPROM of each device is fine. I would avoid AES-CTR simply because it's too easy to perform malleability attacks.

I checked asymmetric key it's more secure but I don't have hardware support for that. Anyone can guide me in selecting the encryption?

Asymmetric encryption isn't "more secure", but a hybrid scheme would be. However I think you're going about this the wrong way.

UART is a physical bus. You need physical access to mess with it. You mention that you're protecting the scooter somehow - what's to stop them from just asserting whatever GPIO your lock is connected to manually? Nothing. I don't think encryption of the UART is going to save you here. You should make a threat model and think about what security controls work for that model, then implement those controls.

Polynomial
  • 132,208
  • 43
  • 298
  • 379