I’ve an embedded device (E) with limited code size. It communicates with host processor (H) using UART (USB, serial, ..). I need to implement an easy authentication of the host processor to unlock function is my embedded device.
The important issue is that USB/serial/UART can be sniffed, so the channel is not secure.
The usage should be the following:
during manufacturing we generate a pair of keys Ke and Kh.
E stores Ke
E generates N random bytes R, encrypts R into secret S with key Ke and sends to H
H should enrypt S using Kh to reveal R
H sends R to E and E unlocks some functionality
So,
S = u(R, Ke)
R = v(S, Kh)
Where u() and v() are some crypto function (it might be that u = v, but u MUST be easy to implement in embedded device taking samll code space).
It should be even better to find an alog that allows to have many Kh for same Ke to give them to different users. But this is optional.
As mentioned above, the channel is not secure, so we do not want an evil sitting on the USB (with an USB sniffer) to reveal Ke or Kh (or the way to generate R from S) just from R and S.
So, XOR will not work 😉
Please propose something
Can your device give the processor some nonce and verify answer as encrypted nonce using some lightweight encryption algorithm (e.g. RC5) ? This can also help you to establish a secure channel between your device and a processor. For example, answer can be
RC5_CBC( CONCAT(key_for_secure_channel, nonce) ). Note: nonce must be written at the end, so new key integrity will be verified by them.