Cryptography: MAC - MC9s12xdp512

RubenCG · ‎07-15-2008

Hi All,

We need to use a message authentication code (MAC) in a 10 bytes radio message. Our requirement is a 32-bit tag (32 bit MAC code). I was reading some information about MAC, HMAC, UMAC and so on, but I'm wondering if this algorithms are suitable for a MC9s12xdp512 mcu. ¿Is there any C-code available in freescale about MACs?

I think the best solution for this problem or, at least the simplest, is HMAC (with hash function output 32-bit.. I don't know what function is it!) or UMAC (this algorithm uses Uhash function, with three layers).

I'm really lost in these terms, perhaps somebody has worked with MACs and 16-bits MCUs and can help me.

Thanks in advance.

Added p/n to subject.

Message Edited by NLFSJ on 2008-07-15 08:36 AM

kef · ‎07-15-2008

I think this may help you:

http://tools.ietf.org/html/rfc2104

Sample code is provided at the end of this RFC. Required MD5 code shouldn't be hard to find, though I didn't try it myself

RubenCG · ‎07-15-2008

Thanks Kef,

I've read it days ago but I'm trying to find something more simple. Somebody has have to work with MACs in this kind of MCU. What is your opinion?

MD5 algorithm calculate a 128-bit tag with 64-byte blocks (it means the whole message is enormous)... I've 10-byte message and I need 4-byte tag. I think MD5 algorithm is too much for me and my requirements! If you've other point of view... I'm searching new ways to solve the problem.

Thanks

nikosxan · ‎07-16-2008

Hello.

I agree that, for such kind of H/W a simple function would be appropriate, as Kef proposed some kind of CRC. If you like you could also put (before CRC) some more byte calculated from you first 10 bytes...for example some function of bytes 3,5 and 9 (implemented in C) and after that the CRC, or even inter-mix the CRC and the function results in the last 4-5 bytes.... If you don't know what the last bytes after the message are and how you handle them you can't just make them...

RubenCG · ‎07-17-2008

Hi,
First of all, thanks for your help.

My requirements are CENELEC 50159-2, I know this text is heavy to read but I've had to read it and,summing up, the best (or simplest) solution is a cryptographic security code, and in this text recommends MAC tags for these tasks.
My question is, is there any simple MAC algorithm easy-to-implement in a 16-bit MCU? You know what are the length of message and MAC tag. It has to be simple but cryptographic... is it possible?

Thanks again,
Rbn

nikosxan · ‎07-17-2008

I did a search for CENELEC 50159-2, however didn't find complet spec, just got an idea.

If you consider implementation of the proposed MD5 algorithm too much for this kind of MCU -witch may be the case- then maybe use of a Dx512 not be adequate for such project and you should go for an industrial PC.... Also i think that if you have such a requirement just to send 10 bytes of info, what about fulfilling the other requirements witch could be also most critical and strick ?? What's the route of the 10 bytes information ? What's it's nature and do you only compile the 10 bytes msg ? or also de-complie it ??

RubenCG · ‎07-17-2008

The amount of info between equipments is ridiculous 2 bytes or 4 bytes as much! and 6 bytes more in header, sequence number, MAC, ... I need to ensure message's data integrity as well as its authenticity, and I think the best way to make it is MAC.What is your opinion?
Data integrity can be achieved by CRC, but not authenticity.
I get lost! cryptography in 16-bit MCU is impossible!!!.

nikosxan · ‎07-17-2008

Let's try to seperate the 2 issues wich are different ! Data interrity is one, cryptography is another and authenticity is something else !! The last 2 share some common field / technics but still purpuse is quite differnt. In theory, CRC (or advanced error corection codes) is for data integrity. !!!

If you want cryptograpty you can use some DES, AES style codes...I have seen DES implementation in the PIC family of MCUs....(far lesser than S12DX512).... can be implemented even in PIC 16F family....(just do a search and see...).....Cryptography is possible even in 8 bit MCUs.........it just requires an ammount of code.........(again just make a search and see the results for tiny 8 bit PIC)....

Is talking for HASH authentication this is something else.....................

I think even proposed code could be implemented since you have a LOT of flash........... But again you need to DEFINE the requirement (s)..... I mean, you need cryptography, or what....?

Aparta from this part, is the other part of the H/W and S/W adequate and qualified for the requirements ?

RubenCG · ‎07-17-2008

Nowadays the requirement is a MAC tag. And the MAC tag has both properties authenticity and integrity.

I know we can split the problem in two, but I have to find the way to implement a MAC tag in this MCU.

¿Is it possible?... I don't know.

Ciao

kef · ‎07-17-2008

Did you check this: http://fastcrypto.org/umac/ They claim UMAC is fastest MAC.

And regarding HMAC and security. As soon as some new encryption algorithm is published and is used on known data types, it becomes vulnerable. DES died, MD4 died, SHA1 died... I think first Internet Explorer for secure https pages I saw had some 56bits encryption? It also was supposed to be never broken. Nowadays 256 bits are sort of weak. I think if you don't need to publish your encryption, then hash function to be used in HMAC could be any hash function. Any CRC used for hash function would suffice. It will be very hard to break because type of data, algorithm (HMAC or other), hash function and authentication key would be not known to others. The only known to others would be probably just the number of bits your packet has.

As stated Nikosxan, even 8bit PIC can do AES. No doubt S12X is way more powerful than that. Also XGATE with its barrel shifter can help a lot on code requiring a lot of shifts, parities etc. BTW what data rate you have. Did you try to compile some HMAC code, was it really too slow on S12X?

Regards

nikosxan · ‎07-17-2008

I again fully support last kef's opinion... !

If you consider UNBREAKABLE cryptography this is NOT MCU application !!

on the other hand a much simpler hash will do the job !

Try kef links and if could not be implemented in S12 start thinking some other platform, since i think your application has a lot more strict requirements that don't apply for an MCU but rather fall in the upper level CPU category............ I shall give an example (trust me, i know.......)... You can find MANY MCUs (8, 16 or even 32 bit) for a simple commercial application, but if you try to get them to a MILITARY application (cryptography requirements are used a lot there...) you'll never qualify!!!............ even if you DO implement the strongest crypto algorithm there are PHYSICAL, H/W and even S/W design requirements concerning security that it will not pas... Even most of common CPUs will NOT pass and are NOT qualified for such a design.

RubenCG · ‎07-18-2008

I'll try UMAC implementation.(Thanks kef for the link)
I don't have to implement military SW... the customer commands like Captain but this application is not military

trust me!

nikosxan, you're right, my design has too much requirements in HW, low-level SW and application SW, but I think we can design a good product.

Thank you so much kef and nikosxan, discuss implementations is very useful for me, I'm a new designer and it's important to talk with experienced designers.

Bye,

nikosxan · ‎07-18-2008

You're welcome Ruben. I don't consider myself an experienced designer, but i like forums as this one that people with better knowlege share ideas.... However in every design there are basic principles.... Good luck with your design...!

RubenCG · ‎07-21-2008

Good luck for you too! I hope we can talk about something different in a few weeks.

Thanks and bye

nikosxan · ‎07-17-2008

if requirement is MAC, imlement MAC !!!

RubenCG · ‎07-17-2008

Implement MAC!
How is the question? Is it possible in this MCU is the question? if I post in these forums is because I don't know how to implement it...Here, you can find contributors who can help you.

Thanks

kef · ‎07-15-2008

Sorry, didn't understand your requirements.

Could any simpler hash function work or does it need to be stong encrypting hash function? For strong encryption you need a lot of bits. And if it can be a simple hash function, then what about CRC16 or CRC32? That should be enough for 10 byte messages, isn't it?

Cryptography: MAC - MC9s12xdp512

Cryptography: MAC - MC9s12xdp512

General