I am developing an IoT device that uses TI's tm4c129encpdt microcontroller, cc3100 wifi chip and TI RTOS, and I am using TLS for secure communication with the server (HTTPS).
I just want to make my device more secure by adding some authentication methods. I am already assigning tokens to the device through a server.
Is there any standard way to add authentication method to an IoT device based on which I can assure to my clients that it has secured communication and authentication method?
Thanka and Regards
Akhilesh Gangwar
Use the 2-way authentication using TLS.
Related
We need to add RSA encryption after my Qualcomm (QCA4020) Iot device gets paired to android app.
Not sure how to implement this case to exchange RSA public keys between devices.
After device pairing, do we need to define GATT service to exchange RSA public keys?
if yes are there any standard GATT service defined by bluetooth for key exchange?
What is the standard way for implementing application level encryption that is defined by bluetooth?
Looking for some brief explanation.
Thank you.
After device pairing, do we need to define GATT service to exchange RSA public keys?
Yes, if you want to use you own security procedure at application level you need to define a GATT service to transfer the keys. You could reuse an existing one as long as you can differentiate between a normal message and your keys
if yes are there any standard GATT service defined by bluetooth for key exchange?
No, there are, to my knowledge, no predefined GATT services available for key exchanges
What is the standard way for implementing application level encryption that is defined by bluetooth?
There is no standard, application level security is totally up to you. I personally would go with a more lightweight encryption method like AES with an ECDH key exchange
I have a problem with security of my system. I have develop a mobile app that communicate with my Bluetooth Low Energy device. My device requires challenge-response authorization, it stored secret key, and it has not the Internet access. The question is how can I store that secret key safely in my cloud database? All my users need to use the same secret key to communicate with that device.
when working with service bus relay how's the security done?. Both transport and message level? If we use SAS key based sb endpoint does it mean it is https by default? At Message level I believe we have to do the regular encryption and decryption.
It uses either TCP, HTTP, or HTTPS depending on what you select. If you set it up so it uses client authorization, it will block you from using HTTP.
I am developing a javame application that connects to a web server which has verisign certificate installed.
Is there a way to implement https connection to connect this server? If bouncycastle is the way, is there any example?
You do not need to bother because:
"MIDP 2.0 adds a robust end-to-end security model, built on open standards, that protects the network, applications and mobile information devices. MIDP 2.0 supports HTTPS and leverages existing standards such as SSL and WTLS to enable the transmission of encrypted data."
From http://www.oracle.com/technetwork/java/whatsnew-138562.html#endtoend
Also, see this nice video on how SSL works: http://www.youtube.com/watch?v=SJJmoDZ3il8
If radius is Authuntication protocol why use kerberos,pap,chap,... ?
The Remote Authentication Dial-In User Service (RADIUS) protocol provides authentication, authorization, and accounting (AAA) for dial-in infrastructures, and it uses the same account and password to log into your company network through modem, WiFi, or a VPN tunnel. RADIUS has many carrier-grade features (the whole accounting part, for example) and is designed to operate in explicitly configured backbone networks.
But it is not well suited for PC and workstation networks and doesn't have the single-sign-on capability offered by Kerberos.
On the Other Hand, Kerberos provides an encrypted authentication service using shared secret keys. Kerberos can also support authentication via public key cryptography, but this is not covered by RFC 4120. Kerberos does not provide an authorization service, but Kerberos does support pass-through to other authorization services. Kerberos does not provide an accounting service.
For More Information about the PAP and CHAP, refer the following url
http://www.zeroshell.net/eng/kerberos/
and this url too you can refer
http://www.firewall.cx/ftopict-2679-.html
RADIUS (Remote Authentication Dial In User Service), defined in RFC 2865, is a protocol for remote user authentication and accounting.
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
Suppose you have Vodafone or Orange Telecom operator's connectivity at your home for internet connectivity.so,you will be needing a particular user id and password to access that.
Here Radius Protocol is used.
Technically, if you see the network file(.pcap file) that Wireshark Tool uses.
You will see that it contains Attribute Value Pairs that contains user name, password fields.
Radius uses CHAP password.So, it is more secured in terms of middle attack.
I hope you got my point