Author Topic: Open Discussion about Security when crossing public networks.  (Read 5009 times)

travphel

  • Jr. Member
  • **
  • Posts: 6
    • View Profile
Greetings all!

First off I wanted to thank everyone who replied, both privately and publicly to my first post about the MD5 code not compiling correctly. I have since merged my older code with an example found online and can now generate an MD5 Hash with the SBC65EC board correctly via TCP\UDP packet. If anyone is interested in the MD5 code please let me know and I’ll forward it on.

The reason I started this post is to open the discussion of security in relation to trans-public network communications (aka sending commands across the internet). The application I had in mind for this was to remote control of some security system features via TCP\UDP packets across the. So the end goal is to get the board to decrypt a string and then execute the correct command (i.e. B4=1). Whereas, I spent 4 years learning and living C\C++ during my college days, the last 6 years of .Net development has made my coding style lazy and caused my thinking to become to high-level when programming.
Usually, when sending a packet across the internet I would take the MAC Address of the sending computer and then add a static value to the string. So you would end up with something like “002AEF80FF_JustTryAndCrackThis” as a string, I would then translate this into a MD5 hash string, and then use this hash value as the key to an AES encryption method. Then when the receiving computer receives the packet it would get the sender’s MAC Address from the packet and then would add the hard coded string. The receiving computer could then construct the proper key to decrypt the string and then execute the required command.

The beauty of this system was that if someone did crack your key then they would only be able to decrypt the commands from a single computer. So, I’ve added a manual process by which we change the static key, in this case “_JustTryAndCrackThis” every 2 – 3 weeks.

Keeping this long winded explanation in mind, I wanted to ask the good people of this community about their experiences and opinions when dealing with security and this powerful product. First off, do you think this is overkill? Would the standard security functionality be acceptable in your opinions? If not, do you think my model is over the top, or not secure enough?

The reason I am asking these questions is that I am trying to replicate the AES security on the SBC65EC board with limited……. ok no success. In addition, after 2 weeks of work I am finally getting the MD5 to work when I send a string. However, I can’t get the board and a vb.net app to generate the same hash for static string + the MAC Address. Something to do with my conversion of data types in C I think….. Unsigned Ints  to Char would be my guess. So, I have decided to reach out to my fellow developers here in the forums and ask if anyone has already implemented this kind of model, or something like it, or if someone has implemented a form of encryption\decryption that they are comfortable with that they would be willing to point me in the right direction I’d greatly appreciate it. I am by no means asking for the answer just some ideas, opinions, thoughts, suggestions, or general knowledge you have with your applications of this product.

Thank you so much in advance for your time and I hope to hear from you all soon.
-Travis

Trick

  • Jr. Member
  • **
  • Posts: 5
    • View Profile
    • My Twitter Feed
Re: Open Discussion about Security when crossing public networks.
« Reply #1 on: October 29, 2009, 04:23:41 AM »
Hi Travis,

I intend to do something very similar, although in the other direction.  My project will log the value of some sensors to a remote web/sql server, via an HTTP POST from the SBC.  At the moment I have a Windows Forms application doing the same job as I expect the SBC to do when it's ready, so in effect I have already implemented the "protocol".

Assuming the content of the data isn't sensitive and you only really need to authenticate the origin of the data, then I think my method works fairly well.  In my case I take the set of variables formatted as POST data (one of which is a user id), append a pre-shared key and take an MD5 hash.  The key is then removed and the checksum added (Base64 encoded, there's a function for this already in helpers.c).

At the receiving end, the ASP.NET code looks up the pre-shared key based on the user id in the database, removes the checksum, adds the key and takes another MD5 hash.  If this hash matches the one sent with the data, all is well.

It's a pretty standard validation method and should work well with the SBC.  I'll try and remember to post the code once I have it up and running.

Regards,

Richard.
Follow my project on Twitter: http://twitter.com/richardwvm

travphel

  • Jr. Member
  • **
  • Posts: 6
    • View Profile
Re: Open Discussion about Security when crossing public networks.
« Reply #2 on: November 09, 2009, 11:08:12 AM »
Richard,

Sorry for the delay in my reply but I have been working very hard on this problem and have finally solved the AES encryption issues I was having.

It turns out that MicroChip has created the AN953 security\encryption library (Ref: http://www.microchip.com/Stellent/idcplg?IdcService=SS_GET_PAGE&nodeId=1824&appnote=en022056) which you can purchase for 5$ USD. This code contains more then just the AES library, and plugs in seamlessly into your SBC project. The code comes formatted for the 256 byte limit that the boards have by default.

With this code I was able to encrypt\decrypt within minuets of adding the source files to my MPLab project. I highly recommend this if you are still having issues with Encryption.

Please let me know if you require any sample code or if what I've learned can help in anyway.

Thanks,
T

Bipsype09

  • Jr. Member
  • **
  • Posts: 8
    • View Profile
    • single russian brides
Open Discussion about Security when crossing public networks
« Reply #3 on: December 05, 2009, 06:12:14 PM »
are you talking about the stupid windows warning when running a .exe ?

travphel

  • Jr. Member
  • **
  • Posts: 6
    • View Profile
Re: Open Discussion about Security when crossing public networks
« Reply #4 on: December 06, 2009, 08:54:18 PM »
are you talking about the stupid windows warning when running a .exe ?
No we are discussing embedded security within the board's firmware.

epizido09

  • Guest
Open Discussion about Security when crossing public networks
« Reply #5 on: December 27, 2009, 11:18:02 PM »
How we can send Current page to different aspx page.

I have lost of confusion about how can I post current page to different Aspx page??

Need suggestion or help about it.