Collaborate Disseminate
I am trying to find the locations on the embedded devices with micros that don’t support HSM/SHE. What are the ideas/suggestions for storing the symmetric keys? I found solutions that suggest using public/private keys to encrypt this symme… Continue reading what are the locations to store symmetric keys on the embedded controller without HSM or certs involvement?
Let’s assume we’re running on mbed system with internal and external RAM. Dumping external RAM is much more easier for attacker on such systems when debug ports are locked.
I’m wondering if the context passed to mbedTLS APIs carries any se… Continue reading MbedTls – keeping context private?
I was looking at the LXI Device Specification 2022 Version 1.6. For those not familiar with LXI, it is a standard for lab instruments like oscilloscopes, function generators, LCR meters and many more which have ethernet ports. You can con… Continue reading How can one use HTTPS without a domain name, or on a local network?
I will be deploying IOT devices in a consumer’s network that authenticate with a web based API using mTLS. Is it safe to embed the certificate and private key in the IOT applications binary at compile time and distribute it like this? If t… Continue reading Is it safe to embed mTLS certificate and private key in IOT device’s executable?
The team is trying to decide which SSL implementation should be used in a specific embedded device. The device should be FIPS 140-3 certified. A part of the team wants to buy the license for the Mocana implementation because they worked wi… Continue reading Is there any advantage of using Mocana SSL library vs openSSL?
I am trying to intercept traffic to and fro an embedded device using an ESP8266 (ESP-WROOM-S2). I have set up my computer as a wifi hotspot, and re-routed all hotspot traffic to run through mitmproxy. The TLS (v1.2) handshake though fails,… Continue reading ESP8266 MiTM interception of TLS1.2 and certificate pinning
The answers to Can a PDF file contain a virus? show that clearly it can!
Sometimes we can be quite sure a certain pdf should not need to do anything sophisticated – for example a book in pdf form – so we wouldn’t expect them to contain emb… Continue reading Is there a way to scan a pdf to ensure it doesn’t contain anything that could be a virus?
I am connecting an Arduino Uno to the internet via ethernet (using the ethernet shield v2) and querying NTP time. Making requests to a NTP server is the only internet related thing it does. You can use the ethernet shield as an SD card to … Continue reading When connecting an Arduino Uno to the internet (ethernet) what are some attacks it’s susceptible to and how can I secure against them?
NOTE: This was originally asked on the main StackOverflow site, but now moved here because of the security nature of the question.
Since internet-connected Infotainment Systems are now connected with other components of a car… Is it pos… Continue reading After EOL, can safety-critical systems be secured when connected to internet-connected components? [Automotive]
I am working on an IoT device and companion app to control features on the device. I’m using an ESP32 MCU – http://esp32.net/
I’ve implemented a JSON REST API on HTTPS over TLS 1.2 with a self signed SSL cert from an RSA 2048 key both gene… Continue reading IoT Device Authentication