Arduino, an iPhone, a garage door and the internet: Encryption?

Dear Arduino Forum readers,

I'm working on a project which is bound to let users interact from their iPhones (maybe Androids later on) to an Arduino.

To do this I'll set up an Arduino with Ethernet Shield. All is working good up until the point of encryption:

Off coarse nobody would use my setup if every stranger with internet access and your ip adress could make your garage door go open. For this I made a little script which is supposed to work a bit like session hashing:

Steps of encryption:

1 iPhone contacts Arduino server to call a new session
2 Arduino sends back a SHA256 hashed random message like '049478637406792073950239740679405796037027893057297369' to iPhone
3 iPhone decrypts message and uses an algorithm to succesfully challenge the question.
4 It sends a number as described in 2 back to the arduino.
5 arduino use the same decryptor as the iPhone in step 3 to check the result.
6 if all is fine, a new session is born in which the random code in 2 will take part as a sort of password that will be passed to a different algorithm to send messages to one and other.

the algorithm looks like this (for now):

#define RECEIVEALGO (4 / (float) p) * (USERPASS1 * 4) * ((float) p*(float) p*(float) p) / USERPASS2 * (USERPASS1%USERPASS2)

#define SENDALGO ((5 / (float) p) * (USERPASS1 * 3) * ((float) p*(float) p*(float) p) / USERPASS2) //from iphone

// p is the actual message that will be used to identify what the user wants to do with arduino i.e. light up led or something.
// userpass1 : user assigned number [four digits]
// userpass2 : user assigned number [four digits]

Also, the keys that will be used to hash the random codes will be generated the first time Arduino and iPhone interact in combination with some kind of subtraction of the random code.

To my theory a hypothetical hacker would need to intercept all data via MITM.
It would need to decrypt the SHA256 within the sessions cool down time [10 minutes should be right]
Then it would need to somehow backcalculate the algorithm if it wanted to know what was the actual message.

Question: Is this a safe method let Arduino interact with the internet?
Could I undertake steps to make it more secure?

Thanks a lot!
Stan Verschuuren

P.S: Another question of mine: http://arduino.cc/forum/index.php/topic,72334.0.html

Public key cryptosystems take substantial computing power, they would be very very slow on an Arduino.

What is wanted is a means of authentication (not secrecy), and for this the full power of public-key isn't needed. Same problem that designers of remote car locking deal with (google "KeyLoq"), hashing and a shared secret ought to do it. Suggest googlng "MAC". Also you need to protect against replay attacks which implies a shared sequence counter is maintained in non-volatile storage both ends.

If you don't want people messing with your web setup, just don't make the url to it publically available. :slight_smile:

Bzzzzzt! "Security by Obscurity" is simply not a viable option in the modern world.

You probably could password protect your project behind an apache web server. But in reality, very few people will probably care about trying to compromise your project. I've been running my webcams for ~10 years on the net and people just arn't that interested in trying to hack things. You can't ever show your project to somebody with risking various hacking attempts, so it will be your secret site. :wink:

Basically it's down to "something that only your Arduino and your phone know"

To avoid a replay attack you need a session key.

So...

  1. You generate a number and send it to the Arduino when you connect
  2. You both encrypt the number in (1) using the secret
  3. The encrypted number in (2) is the encryption key for remainder of the session