Arduino Encryption for Communication with Web Server (FTP, IoT)

Projects General Guidance
1

Hi All,

First post on here but been using Arduinos for a while.

I'm starting a new project that monitors lots of sensors and passes information between multiple Arduinos. A central 'hub' arduino collates all the information and uploads it to my web server.

I'm currently thinking of using the FTP library for the upload.

While the data isn't ultra sensitive, it is commercially sensitive and I'd rather it was encrypted.

What is the best way to encrypt the data, to then send over FTP? I would need something capable of running on an Arduino but also not insecure.

What would I run on the web server to decrypt the data?

I've seen this link, but they don't really give any information on the actual code they've used. https://evothings.com/is-it-possible-to-secure-micro-controllers-used-within-iot/

Any other comments/ideas people have on the project would be appreciated :slight_smile:

Thanks,
Marc

2

There are several versions of Tiny Encryption Algorithm around. It all depends on how secure you want the data.

3

Great thanks. I'll have a look at that.

Is there anything a little more robust than that? There isn't a huge amount for the arduino that is uploading the data to do, so if there's a delay while it encrypts that's ok. I would normally use SFTP that uses SSH, but obviously this is far beyond an Arduino's memory/RAM.

I've seen a lot written about AES? I assume this is more secure? Does anyone have any experience implementing this with a web server?

Thanks,
Marc

4

Is there anything a little more robust than that?

Please explain what you think the problem with XTEA to be and define "a little more robust".

5

Well at the moment I'm just looking at all the options so wondered if there were any others worth considering.

Also I note that there is a corrected block tea (XXTEA) version so I assume you would suggest that rather than the XTEA version you linked?

As I've read about AES on arduino I wondered what the practical differences were?

Also whether there were any guides about how to actually implement one of these protocols with a web server?

Thanks,
Marc