Simple Encryption

[Caelvan]

I was wondering if anybody knew of a good simple encryption scheme.

I want to implement some encryption on an embedded system (so I can't use anything too complex) but is secure. TEA, XTEA, and XXTEA all look like decent choices but they have been broken in the past. So are there any ideas on another simple encryption scheme out there?

[Infiltrator]

TrueCrypt its quite a powerful open source full disk encryption software. It also allows you to create a hidden volume where you can hide your "dirty files" from the praying eyes.

You should definitely check it out.

Edited June 15, 2012 by Infiltrator

[Caelvan]

I don't think that True Crypt will work in this situation. Since it is an embedded system, I will need to code the algorithm myself. So I am looking for different algorithms I could code into a C program.

[Sitwon]

How "embedded" are we talking. And are you sure that you *need* to code it yourself, or do you want to code it yourself?

If it's an embedded Linux system, you might be able to fit a stripped down build of GPG and use it to symmetrically encrypt files. (See '--symmetric' or '-c' in the man pages.) Or you could use openssl to do it.

Implementing your own crypto from source is generally considered to be a bad idea.

[combatwombat27]

If it isn't necessary (and I don't know your situation so it may be) to protect the system itself(remember full disk encryption only protects data at rest and a computer on and running is no more safe w/ full disk encryption than the same without) you might consider encrypted file containers that you open only as needed. You could code an automated process that prompts you for a the encryption key to open the container it would use the data and the close the container when done. Data in encrypted containers is also vulnerable while the container is open. I would use truecrypt and a little script-fu in the language of your choice to accomplish this.

[Caelvan]

It is pretty deeply embedded. I currently have the system running with Freescale's RTOS MQX (not embedded Linux). I don't necessarily need to code it myself, but I would need the source so that I can compile it in.

I have the system connecting to a server over a WLAN, and I don't want people to be able to read the data as it is being sent back to the server, or any commands from the server.

The data isn't stored on the embedded system, I let the server take care of that, so I am not worried about encrypting the local data, just as I send the data out or receive it.

[Infiltrator]

I have the system connecting to a server over a WLAN, and I don't want people to be able to read the data as it is being sent back to the server, or any commands from the server.

How about encrypting the connection with SSH, and before sending the data to the server, you could create a TrueCrypt hidden container to keep the file secure and locked.

And even if someone managed to break into your server or sniff your traffic, the data would be encrypted and password protected.

Edited June 16, 2012 by Infiltrator

[combatwombat27]

Remember there is differences in encryption at rest and in motion. At rest you cover by stuff like file encryption, full disk encryption, encrypted file containers. In motion you have to encrypt the traffic so, SSH, SFTP , HTTPS, etc. It depends on how you are trying to "talk to your server". Can you give us detail more on what the two are doing? How they interact more specifically? I know you say the two are connected and you send commands to the server, but what are you currently doing?

With more information we can tailor it to your situation.

[Jason Cooper]

I was wondering if anybody knew of a good simple encryption scheme.

I want to implement some encryption on an embedded system (so I can't use anything too complex) but is secure. TEA, XTEA, and XXTEA all look like decent choices but they have been broken in the past. So are there any ideas on another simple encryption scheme out there?

Are you looking for a stream or block? TEA would suggest block but it might be that a stream cipher would be more suitable for your requirements.

If going for a block cipher then I would suggest AES if you can implement it in your embedded system. Or if you feel like going old school then you could have a go at triple DES which is still secure.

[Sitwon]

It is pretty deeply embedded. I currently have the system running with Freescale's RTOS MQX (not embedded Linux). I don't necessarily need to code it myself, but I would need the source so that I can compile it in.

I have the system connecting to a server over a WLAN, and I don't want people to be able to read the data as it is being sent back to the server, or any commands from the server.

The data isn't stored on the embedded system, I let the server take care of that, so I am not worried about encrypting the local data, just as I send the data out or receive it.

If you're trying to encrypt a remote shell connection, I would look into something like dropbear if you think you could compile and fit it on the system. I'm not too familiar with the OS you're using, but security is persistent concern in computing and cryptography is such a common tool that I would be very surprised if there was not some existing libraries or utilities available for that OS.

Let someone else do the heavy lifting of implementing cryptography securely and optimizing it for the platform. It's actually harder than it sounds to get it right, which is why you should rely on well-vetted code written by experts. As long as that critical piece is solid, you should can focus on your application rather than worrying about the security of the protocol/transport.

[xero]

people spend years of their life developing crypto algorithms.

so dont reinvent the wheel if you dont *have* to.

that being said, im a huge fan of blowfish, xtea, and serpent256.

(depending on how encrypted you want/need things to be)

all three of these algos are open source, and have been ported

to multiple platforms already.

Edited June 18, 2012 by xero

[Caelvan]

Are you looking for a stream or block? TEA would suggest block but it might be that a stream cipher would be more suitable for your requirements.

If going for a block cipher then I would suggest AES if you can implement it in your embedded system. Or if you feel like going old school then you could have a go at triple DES which is still secure.

I am open to working with either, but the block code is more likely what I will be working with. It fits better since the data will be sent in blocks and not a continuous stream. I don't think that I will be able to do AES but I will definitely look into that, and DES is an option too. Thanks!

[Caelvan]

people spend years of their life developing crypto algorithms.

so dont reinvent the wheel if you dont *have* to.

that being said, im a huge fan of blowfish, xtea, and serpent256.

(depending on how encrypted you want/need things to be)

all three of these algos are open source, and have been ported

to multiple platforms already.

I know developing a new algorithm is not really an option, just looking for some good algorithms already out there. Thanks for the suggestions, I'll look into them.

[bwall]

Just going to put this out there. RC4 is probably going to be the simplest to implement. If you do proper key management, it can be quite secure, not to mention fast, easily to add onto(making it so someone would need entire new attacks against the algorithm).

If you want anywhere to look for how to implement RC4, the wikipedia page for it is pretty in depth.

I have an implementation that another person and I optimized to death for class project, let me know if you want that.