Hi Pascal, there is no doubt that today's IoT hardware can run Internet security protocols. This is why we worked on the DTLS profile in the DICE working group, which has been finally published as an RFC a few days ago. Here is the link: https://tools.ietf.org/html/rfc7925
There are two separate issues that are being raised here in this discussion, namely * Low latency requirements (and Abhinav just sent a document around that provides further details), and * Security of the stored keying material. During the meeting we had a discussion about the ability (or inability) to use public key crypto on modern IoT hardware so that it hits the time budget needed for the lighting domain. I personally see the security of the stored keying material is an orthogonal issue since additional security protection makes attacks harder but of course not impossible. Btw, when you mention prices of chips you also need to indicate what the volume is. The price is very much dependent on the volume. Furthermore, you mention some performance numbers below but they seem to be incomplete since I don't really know what the constant 'nb_bloc_512bits' is. Could you please elaborate? Ciao Hannes On 07/24/2016 11:50 AM, Pascal Urien wrote: > I fully agree... > > J3A081M can be found at 10$ over the WEB > > Futhermore this class of cheap device can process TLS or DTLS as > illustrated in > > https://tools.ietf.org/html/draft-urien-uta-tls-dtls-security-module-00 > > They could be used for numerous applications in the IoT > > Rgs > > Pascal > > > 2016-07-23 23:59 GMT+02:00 Michael StJohns <[email protected] > <mailto:[email protected]>>: > > On 7/23/2016 11:10 AM, Pascal Urien wrote: >> Hi All >> >> J3A081M is a javacard device from NXP >> >> The micocontroller should be the P5CD081V1A, which comprises a >> crypto processor > > There's a number of these from a number of vendors. I'd actually > look at the A7xxx series of chips as they're designed to be > embeddable. I've become a big fan of javacard style solutions over > the years. > > In any event, the number of relatively inexpensive public key crypto > accelerator chips (e.g. googl for "secure authentication chips") is > greater than zero and continues to climb. And for not a lot of > money. Estimating what from prices on Digikey, I'd think something > less than $.50 for Quantity large as of today and half that or less > in 1-2 years as its gets bundled into the "Swiss Army Knife" style > of process (e.g. support for wireless 900mhz plus ... plus ... plus > ... plus security...) (google for iot module secure element 900mhz > for example). > > Later, Mike > > > >> >> The performances with the curve secp192r1 are the following (for >> ECDSA + SHA1) >> >> Sign = 40ms + nb_bloc_512bits x 3.5 ms >> Verify = 60ms + nb_bloc_512bits x 3,5 ms >> >> >> By the way this chip has enough crypto ressouces for processing >> TLS or DTLS >> >> Rgs >> >> Pascal >> >> >> _______________________________________________ >> Ace mailing list >> [email protected] <mailto:[email protected]> >> https://www.ietf.org/mailman/listinfo/ace > > > > _______________________________________________ > Ace mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/ace > > > > > _______________________________________________ > Ace mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ace >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
