Timeline for Secure communication between a mobile app and a microcontroller
Current License: CC BY-SA 3.0
6 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jul 21, 2016 at 11:00 | comment | added | Jody Bruchon | You need full-blown encryption in some form to do this right. Tacking on a hash alone is useless; if I was the MITM I'd just rewrite your message, re-hash it, tack my new hash on, and the MCU wouldn't know any difference. There must be a pre-shared key of some sort involved. AES with a pre-shared key is probably going to be your best bet. | |
| Jul 18, 2016 at 16:24 | comment | added | hpb | @JimmyB: The main function is to prevent anybody using network scanners to read packets between the app and the device and then spoof as either one. Not sure what you mean by "number of app instances". The initial key exchange would happen once and then using the key multiple apps (on multiple phones) would be able to control a single MCU. Now that I think about it, I could create a QR code for the key that the app can scan and get the key. This would mean that there cannot be random keys across devices. | |
| Jul 18, 2016 at 7:50 | comment | added | JimmyB | What kind of "secure" do you want? Integrity and/or authenticity and/or confidentiality? How many app instances should communicate with a single MCU? Is it viable to assign a random key to each device during production and hand it to the customer in printed form to enter into the app? | |
| Jul 18, 2016 at 6:41 | answer | added | Chamindu | timeline score: -1 | |
| Jul 18, 2016 at 5:57 | review | First posts | |||
| Jul 24, 2016 at 6:00 | |||||
| Jul 18, 2016 at 5:56 | history | asked | hpb | CC BY-SA 3.0 |