Choosing the right encryption method for securely exchange information for IoT devices - achildrenmile/IoTSecurity GitHub Wiki

In an IoT platform project we came to a point, where an aceess token has to be securely be delivered to the devices. As the IoT device (in our case a Lolin ESP32) is a micro controller not providing the full power and capacities of microprocessor systems (like Raspberry PI or ordinary PC), we come to boundaries of the system very quickly. We first planned to use a token exchange using RSA with 4096 Byte certificate to exchange the token, which was working as a charm in our .NET simulation, but not at the device itself. So, how to handle this. Thanks to Whitfield Diffie and Martin Hellman there are possibilities to make a secure token exchange to work on a micro controller in a save way. We will go for the ECC (Elliptic Curve Cryptography) approach. As we are currently in the implementation phase, I'll update this post as soon as we have results.

Update You can find a sample .NET Core implementation of ECDH here-> https://github.com/achildrenmile/IoTSecurity.

Find the IoT scenario described here https://github.com/achildrenmile/IoTSecurity/wiki

As an overview, here I provide a link list for the topic around ECC and as well as Diffie-Hellmann-Key-Exchange.

Linklist:

• RSA vs ECC http://page.mi.fu-berlin.de/rhschulz/Krypto/RSA_or_ECC.pdf
• What's the difference between RSA and Diffie-Hellman https://crypto.stackexchange.com/questions/42180/whats-the-difference-between-rsa-and-diffie-hellman
• Can Elliptic Curve Cryptography be Trusted? A Brief Analysis of the Security of a Popular Cryptosystem? https://www.isaca.org/Journal/archives/2016/volume-3/Pages/can-elliptic-curve-cryptography-be-trusted.aspx
• ECC in .NET and .NET core example in action https://msdn.microsoft.com/de-de/library/system.security.cryptography.ecdiffiehellmancng(v=vs.110).aspx
• How does Diffie-Hellmann key exchange work (Quick start) in German- https://www.youtube.com/watch?v=_E0SGl7aN70
• What are primitives? What is a cyclic group? What is the discrete logarithm problem and why is it helpful? How does Diffie-Helmann key exchange work? https://www.youtube.com/watch?v=eI6XxEFxcio
• RSA vs ECC Comparison for Embedded Systems http://ww1.microchip.com/downloads/en/DeviceDoc/Atmel-8951-CryptoAuth-RSA-ECC-Comparison-Embedded-Systems-WhitePaper.pdf