I am proud to announce that today we hit a massive milestone in the µTLS (micro TLS) project - we can confirm that an Arduino UNO is capable of implementing a secure communication protocol. Using ECC-163, the client gains the trust of the server and exchanges secret keys to have ongoing communication using AES-128. The final pieces are almost in place to make this a product.
I have covered the process in multiple articles over the last week (working 15+ hours a day on it) if you are interested to see how it all came about and the progress that was made. I have successfully gotten elliptic curve cryptography (sect163r2) to establish trust, and exchange AES-128 (could do 192, 256 no problem) keys for ongoing communication.
the goal was to target the Arduino UNO - but the same code will work on all Arduino's and similar micro-controllers. reaching out to see if there is any commercial interest for the project and what the next steps would be. I am not interested in open sourcing it and giving it away - this could be a game changer for all Arduino projects out there and the rising risk of IoT Security.
I am not interested in open sourcing it and giving it away - this could be a game changer for all Arduino projects out there and the rising risk of IoT Security.
So I should mark your post an advertisement? Why do you announce it here if other cannot use it? Buy some Google ads if you want to sell your piece of code. I personally don't see a sense in TLS on an Arduino. If I want secure communication I attach the Arduino to a Raspberry Pi and do it right on hardware that is able to handle it in a timely manner. So your approach is more an academic exercise which is the main reason I don't understand that you want to hide it from the community.
Any secure system is worthless until it has been independently audited and tested.
Who is going to audit your secret code?
Who is going to pay for the testing?
Coding for 15 hours at a time is pretty well guaranteed to result in buggy code. That isn't how you build secure systems.
ardiri:
I am proud to announce that today we hit a massive milestone in the µTLS (micro TLS) project - we can confirm that an Arduino UNO is capable of implementing a secure communication protocol. Using ECC-163, the client gains the trust of the server and exchanges secret keys to have ongoing communication using AES-128. The final pieces are almost in place to make this a product.
I have covered the process in multiple articles over the last week (working 15+ hours a day on it) if you are interested to see how it all came about and the progress that was made. I have successfully gotten elliptic curve cryptography (sect163r2) to establish trust, and exchange AES-128 (could do 192, 256 no problem) keys for ongoing communication.
the goal was to target the Arduino UNO - but the same code will work on all Arduino's and similar micro-controllers. reaching out to see if there is any commercial interest for the project and what the next steps would be. I am not interested in open sourcing it and giving it away - this could be a game changer for all Arduino projects out there and the rising risk of IoT Security.
Are you already a millionaire ???
Why do not you publish it and look for donations?
Oh, I was interested to hear more about it, but since it's not open and is commercial software, then I agree. An announcement for non-open source, commercial software doesn't belong in the Arduino forum.