I\'m building an embedded device that I plan on distributing. Periodically the d

Question

I'm building an embedded device that I plan on distributing. Periodically the device will poll my server to check for updates and commands. I'd like the device to verify that any messages(JSON strings parsed by a client written in Go) and updates are actually from me.

My plan is to use use Go's crypto/ecdsa library to generate a private/public key pair for each device, store the public key on the embedded device, and sign every message with the private key. The device will then verify any received messages with its public key.

From what I've learned so far it seems that the RNG (on the server that's signing the messages) could be a potential weak spot. Are there any other obvious flaws/issues I'm missing?

Explanation / Answer

Since you asked in general "Are there any other obvious flaws/issues I'm missing", I would recommend that you would take a critical look at the whole update process flow. I would not consider the quality of the PRNG at your server as an obvious weak point, as long as it is reasonably strong, since on servers you have quite a bit of choice of reasonably good routines to generate a fair PRN (note that it is quite acceptable to generate a pair of good PGP keys on a regular server or client machines).

Critical review of the update process as a whole should consider the following, by no means an exhaustive, list:

When you consider the above, it does make a difference if your embedded app is just an industrial controller, or a system whose failure due to a rogue update will cause a regional catastrophe.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.