CODEWITHSUNDEEP
cencryptionarmembeddedcan-bus
sukhbir1996
sukhbir1996

Reputation: 186

Encryption Strategy for Flashing or updating firmware on ARM Cortex M0+

I want to flash a firmware update through CAN, on my ARM Cortex M0+ MCU. I'm using MKV11 microcontroller.

How can I secure the firmware, so that, even if the transfer(from PC to MCU) is sniffed, it will be secure?

Memory requirement is also a constraint for me, but right now, I am open to all suggestions.

Also, should I go for some library, or develop bare-metal code for Cryptographic Algorithms?

Upvotes: 1

Views: 649

Answers (2)

Bo_TAMU
Bo_TAMU

Reputation: 1

There is a number of ways to architect your firmware to implement the bootloader with a crypto function. Communication must be private that is the CAN data must be encrypted for one thing. But before you can even start downloading encrypted image payload, your MCU must be able to authenticate its communication partner. In symmetric authentication, the MCU must send a random challenge to the CAN node. The CAN node encrypts it with its key (eg. AES-256) and returns the digest which your MCU must compare against after it encrypts the challenge with the same key. Once authenticated, the CAN node can begin sending payload messages which are encrypted with the same or different key. These will likely be chained together and accompanied by a random challenge to make each frame unique.

Upvotes: 0

Dan
Dan

Reputation: 10393

A small book could be written on the topics you touch in this question. But this site isn't intended to be a consulting service or a blog entry site, so I'll try to answer your question succinctly. Here I can't (won't) address all your nuances such as memory constraints, CAN-bus-specific stuff, securing the contents inside the MCU -- way too much to address.

For your firmware update to be secure, it must be encrypted and authenticated. Either alone won't be sufficient. Use symmetric-key cryptography to encrypt, and public-key cryptography (e.g. RSA or elliptic curve) to authenticate via digital signature.

You should use accepted cryptographic primitives (e.g. AES-256 and ECDSA) instead of rolling your own. And you shouldn't implement (code) your own crypto, use a validated library (too many to name / recommend here).

Upvotes: 1

Related Questions