Difference between revisions of "Talk:Main Page"

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
Line 102: Line 102:
Testing the algorithms - which work and which do not work? If something does not work: why does not it work?
Testing the algorithms - which work and which do not work? If something does not work: why does not it work?


--> In processing  
--> In processing: Anleitung und Ergebnisse: wie tue ich das?
 
    Welche HW - was muss ich tun, um x/y zu erreichen
 
 
 


== References ==
== References ==

Revision as of 15:36, 19 June 2019

Summary

This summary gives an overview of the cryptographic applications of the microcontroller XMC4500 Relax Kit and the Optiga Trust E with security features.


First Steps

Registration at www.infineon.com to find all the important information about the XMC4500 and the Optiga Trist E evaluation kit. We need the following program: DAVE ™ version 4, which is compatible with our kit.

Enclosed the download link

https://www.infineon.com/cms/en/product/microcontroller/32-bit-industrial-microcontroller-based-on-arm-cortex-m/?redirId=53843#!tools


The following data must be filled out in order to load and send the program:

https://infineoncommunity.com/dave-download_ID645

The DAVE ™ package contains the IDE and all required libraries (DAVE ™ APPs, XMC ™ Lib, Device and Board Support Package, and Device Descriptions).


OPTIGA ™ Trust E-Evaluation Kit

The Infineon Technologies OPTIGA ™ Trust E-Evaluation Kit evaluates and demonstrates the OPTIGA ™ Trust B Authentication Device. This kit features a PC plug-in board based on the XMC microcontroller and comes with software that provides the user with an intuitive graphical user interface. The OPTIGA ™ Trust E Evaluation Kit allows the user to try out OPTIGA Trust E applications, including authentication, adding cryptographic certificates, and read / write data. This evaluation kit can either be used to debug the Host Lib code or to demonstrate the key features of the OPTIGA ™ Trust E through the intuitive PC GUI.

The OPTIGA ™ Trust E helps protect services, business models and user experience. This security solution uniquely identifies objects and protects PKI networks based on their one-way authentication mechanism. In addition, the OPTIGA Trust E protects the quality and safety of products.

The OPTIGA Trust E is based on Elliptic Curve Cryptography (ECC) with 256-bit, AES128 and SHA-256. This security technology greatly enhances the security of the entire system. In addition, the OPTIGA Trust E covers a wide range of applications to protect the authentication, security and confidentiality of embedded devices. These include mutual authentication, secure communication, data store protection, lifecycle management, secured updates, and platform integrity protection. The out-of-the-box facility, with full system integration and pre-programmed essentials, reduces design, integration and deployment requirements. As a ready-to-use solution, the OPTIGA Trust E comes with OS, embedded application and full host-side integration support.


Security Features

Cryptographic support: ECC256, AES128, SHA-256, TRNG (TrueRandomNumberGenerator), DRNG (DigitalRandomNumberGenerator)


Characteristics

• High-end security controller • Ready to use solution • One-way authentication with ECDSA • Mutual authentication with DTLS client (standard RFC 6347) • Secure communication with DTLS • Compliant with USB Type-C ™ authentication standard • I2C interface • Cryptographic support: ECC256, AES128, SHA-256, TRNG, DRNG • Standard and extended temperature ranges • Complete system integration support • Common Criteria certified EAL6 + (high) hardware • Cryptographic Toolbox based on ECC NIST P256, P384 and SHA256 (register, verify, key generation, ECDH, session key derivation)


Applications

• Industrial control and automation • Consumer electronics • Smart Home • Medical equipment


ECC - Elliptic Curve Cryptography

Crypto-systems and methods based on elliptic curves are referred to as ECC methods. ECC procedures have been part of the NIST (National Institute of Standards and Technology) standards since 1999. ECC methods are among the asymmetric encryption methods. The number after the hyphen refers to the key length. Typical applications of ECC are the key exchange and signature procedures. Also, Mozilla Foundation products (including Firefox, Thunderbird) support ECC with min. 256 bit key length.

Roughly speaking, ECC methods are based on operations with pairs of points on certain elliptic curves. Despite the complexity, the mathematics behind the ECC methods has been sufficiently well researched. Most cryptographers recommend ECC methods to be preferred. The use of elliptic curves requires that both communication partners support the same curve. That means you can not just use any curve. It has to be a specific one.


AES - Advanced Encryption Standard

Advanced Encryption Standard, AES for short, is a symmetric encryption method. Since the end of 2001, Rijndeal has been officially standardized as AES in the US by NIST (National Institute of Standards and Technology). It is used for the encryption of documents and communication connections. AES is not patented and therefore freely usable.

Rijndael and AES are block ciphers based on a substitution-permutation network (SPN). The procedure alternates between substitution and permutation at each step. The transformation of the plaintext occurs in several rounds of the same structure. The plaintext is not processed as a whole, but in blocks.

For Rijndael, block length and key length can be independently 128, 160, 192, 224 or 256 bits. For AES, the block length is set to 128 bits and the key size to 128 (10 rounds), 192 (12 rounds), and 256 bits (14 rounds). The AES decryption necessarily requires that the same steps be followed as with encryption. Just in reverse order. It is, in a way, a weakness of AES.


SHA - Secure Hash Algorithm (SHA-1 / SHA-2 / SHA-3)

The Secure Hash Algorithm, SHA for short, and all its versions, are cryptographic hash functions. These are used to calculate a check value for any digital data (messages) and are among other things the basis for creating a digital signature. The check value is used to ensure the integrity of a message. If two messages produce the same check value, the equality of the messages should be guaranteed in their normal discretion, without prejudice to specific attempted manipulation of the messages. That's why we require a cryptographic hash function, the property of collision safety: it should be virtually impossible to create two different messages with the same test value.

SHA was developed by the US secret service NSA on behalf of the US standardization authority NIST. SHA is used in all popular web applications and network protocols. PGP, SSL, IPsec and S / MIME. And of course with different signature methods. For example, for signing certificates. The original SHA is referred to as SHA-1 to distinguish it from its successors SHA-2 and SHA-3. SHA-3 should not replace SHA-2, but is an alternative. Should SHA-2 be broken at some point, you can go to SHA-3.


Objective and results of the project

Testing the algorithms - which work and which do not work? If something does not work: why does not it work?

--> In processing: Anleitung und Ergebnisse: wie tue ich das?

   Welche HW - was muss ich tun, um x/y zu erreichen

References