Hi all, I was working on a project where the embedded device can be updated online. To update the application one can connect the device to the serial port and then press(Update) and the application downloads the firmware from our website and uploads it to the device. Now this is unprotected update file where the code can be sniffed out and copies of the device will be made which is not in our interest. To prevent this i was wondering whether there was a method which could encode(scramble) the update file with a secret key and when downloaded into the device, the device itself decodes the update file back and the device works as should work. Is there any thoughts about how I can manage this? Im using Uvision3 and LPC935 microcontroller. any help is realy appreciated thanks, Khaled
Public-key cryptography provides a way to establish a protected data link over an open data channel where no amount of sniffing can reveal the data being transferred. The simplest way to do that is for the embedded device to generate a public key - secret key pair, send the public key to the update host and use it to encrypt the update before sending it to the embedded device. Of course, attention should be paid to the randomness of the key and to the possibility of attacks like 'man-in-the-middle' or embedded device spoofing. There are open-source implementations of the algorithms involved, like OpenSSL. There is a freely downloadable book called "Handbook of Applied Cryptography" which has all the necessary information on the subject. Regards, - mike
thank you mike for the reply, I just wanted to know how to decrypt it back in the controller itself. Generating a secret key can be done with no problems, and the update host can even encrypt the data to be programmed but then the update host sends the encrypted data to the microcontroller and then I want the controller to decrypt it to the original hex code generated by the Compiler and program itself. Any example codes are really appreciated.