[Chugalug] LittleBlackBox -- Default SSL Keys for Embedded devices

Dan Lyke danlyke at flutterby.com
Wed Oct 17 20:59:41 UTC 2012


On Wed, Oct 17, 2012 at 12:18 PM, Dave Brockman <dave at brockmans.com> wrote:
> I was thinking in terms of configuring the default key (at the
> factory) per-say, and I would assume *that* network would be secured.

Scenario: you could insist on a private key that was the first
external site that the network accessed, and have the device insist
that the first thing it got was some entropy with which to generate
its own new key pair.

You couldn't MitM that, but unless you get entropy from another source
(ping latency? Something else? It would have to be unmeasurable by a
sniffing device) to generate the new key pair, you can sniff that
connection and predict what the new key would be based on the sniffed
data.

You really want that entropy to come from multiple sources so that
someone trying to compromise the device needs to compromise multiple
vectors. One possibility we were talking about was a source of
randomness as the final test phase in manufacture, but making sure
that that was truly random was tough.

For instance, if you design a device to sell a few thousand and it
turns into a few hundred thousand device, then maybe someone will
decide to put a robot on the "turn on the device and punch a few
buttons to start the initialization and self-test sequence", and all
of a sudden your entropy gets very constrained.

Dan


More information about the Chugalug mailing list