upgrade
Fiveable

๐Ÿ’พEmbedded Systems Design Unit 18 Review

QR code for Embedded Systems Design practice questions

18.2 Cryptography and secure communication

๐Ÿ’พEmbedded Systems Design
Unit 18 Review

18.2 Cryptography and secure communication

Written by the Fiveable Content Team โ€ข Last updated September 2025
Written by the Fiveable Content Team โ€ข Last updated September 2025
๐Ÿ’พEmbedded Systems Design
Unit & Topic Study Guides
18.1 Security threats and vulnerabilities in embedded systems
18.2 Cryptography and secure communication
18.3 Secure boot and firmware updates
18.4 Fault tolerance and reliability techniques

Cryptography is crucial for secure communication in embedded systems. It uses encryption methods like symmetric and asymmetric encryption to protect data. Public Key Infrastructure provides a framework for managing digital certificates and signatures, ensuring secure electronic transactions.

Secure communication protocols like SSL/TLS encrypt data transmitted between devices. Message Authentication Codes and hash functions ensure data integrity and authenticity. These tools are essential for maintaining security and reliability in embedded systems.

Encryption Methods

Symmetric Encryption

  • Uses a single secret key for both encryption and decryption
  • The same key must be securely shared between the sender and receiver
  • Provides confidentiality but not authentication or non-repudiation
  • Examples of symmetric encryption algorithms include AES (Advanced Encryption Standard) and DES (Data Encryption Standard)
  • Symmetric encryption is generally faster than asymmetric encryption but requires secure key exchange

Asymmetric Encryption

  • Uses a pair of keys: a public key for encryption and a private key for decryption
  • The public key can be freely distributed while the private key must be kept secret
  • Provides confidentiality, authentication, and non-repudiation
  • Examples of asymmetric encryption algorithms include RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography)
  • Asymmetric encryption is slower than symmetric encryption but eliminates the need for secure key exchange

Elliptic Curve Cryptography (ECC)

  • A type of asymmetric encryption based on the algebraic structure of elliptic curves over finite fields
  • Requires smaller key sizes compared to RSA for equivalent security levels
  • Provides faster computation and lower power consumption than RSA
  • Suitable for resource-constrained embedded systems
  • Examples of ECC algorithms include ECDSA (Elliptic Curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman)

Public Key Infrastructure

Public Key Infrastructure (PKI) Components

  • Consists of a set of roles, policies, hardware, software, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption
  • Includes Certificate Authorities (CAs) that issue and verify digital certificates
  • Provides a framework for secure electronic transactions and communication
  • Enables the use of digital signatures and encryption to protect data integrity and confidentiality

Digital Signatures

  • Use asymmetric cryptography to provide authentication, non-repudiation, and data integrity
  • The signer uses their private key to create a digital signature, which can be verified using the corresponding public key
  • Ensures that the message originated from the claimed sender and has not been altered in transit
  • Examples of digital signature algorithms include RSA and ECDSA

Key Management

  • Involves the generation, distribution, storage, and revocation of cryptographic keys
  • Ensures the security and integrity of the keys throughout their lifecycle
  • Includes key generation algorithms, key exchange protocols, and secure key storage methods
  • Examples of key management systems include Public Key Infrastructure (PKI) and Key Management Interoperability Protocol (KMIP)

Secure Communication Protocols

SSL/TLS (Secure Sockets Layer/Transport Layer Security)

  • Provides secure communication over the internet by encrypting data transmitted between a client and a server
  • Ensures confidentiality, integrity, and authentication of the communication channel
  • Uses a combination of symmetric and asymmetric encryption, digital certificates, and message authentication codes (MAC)
  • Widely used in web browsers (HTTPS), email (SMTPS, IMAPS), and other applications requiring secure communication

Message Authentication Codes (MAC)

  • Provide data integrity and authentication by creating a unique code based on the message and a secret key shared between the sender and receiver
  • The recipient can verify the authenticity and integrity of the message by recalculating the MAC using the same secret key and comparing it with the received MAC
  • Examples of MAC algorithms include HMAC (Hash-based Message Authentication Code) and CMAC (Cipher-based Message Authentication Code)

Hash Functions

  • Take an input (message) of arbitrary size and produce a fixed-size output (hash value or message digest)
  • Provide a unique "fingerprint" of the input data
  • Used for data integrity checks, password storage, and digital signature schemes
  • Examples of cryptographic hash functions include SHA-256 (Secure Hash Algorithm) and MD5 (Message Digest Algorithm 5)
  • Important properties of hash functions include pre-image resistance, second pre-image resistance, and collision resistance