Friday, October 19, 2007

What is an embedded system, anyway?

Just a short insight as to what the term "embedded" really mean. What made me write this was a column I just read, written by Richard Nass in Embedded.com entitled "What's your definition of "embedded"?". Mr. Nass defines embedded as a computer whose end function is not a computer. He cited examples such as a microwave oven that contains a computer, but whose function is not really a computer, rather to heat up food. But due to the rising technology, where cellphones, PDAs, etc are now becoming computer-like, he still argues that an embedded device is simply a microcontroller/microprocessor-based system except for a PC.

Ok, he's right. He's definitely right. However, don't we know that a PC is also a microprocessor-based system? Maybe we should re-define the term "embedded". As for me, a "robot", "computer", and an "embedded device" have very much similarities. Let me define each item first:

ROBOT
A robot is a mechanical or virtual, artificial agent. It is usually an electromechanical system, which, by its appearance or movements, conveys a sense that it has intent or agency of its own.
While there is still discussion about which machines qualify as robots, a typical robot will have several, though not necessarily all of the following properties:
  • Is not 'natural' i.e. has been artificially created.
  • Can sense its environment.
  • Can manipulate or interact with things in its environment.
  • Has some degree of intelligence, or ability to make choices based on the environment, or automatic control / preprogrammed sequence.
  • Is programmable.
  • Can move with one or more axes of rotation or translation.
  • Can make dexterous coordinated movements.
  • Appears to have intent or agency (reification, anthropomorphisation or Pathetic fallacy).
  • Is in some degree metallic.
Source: http://en.wikipedia.org/wiki/Robot


COMPUTER
A programmable machine. The two principal characteristics of a computer are:
  • It responds to a specific set of instructions in a well-defined manner.
  • It can execute a prerecorded list of instructions (a program).
Source: http://www.webopedia.com/TERM/C/computer.html


EMBEDDED SYSTEM
An embedded system is a special-purpose computer system designed to perform one or a few dedicated functions. It is usually embedded as part of a complete device including hardware and mechanical parts. In contrast, a general-purpose computer, such as a personal computer, can do many different tasks depending on programming. Since the embedded system is dedicated to specific tasks, design engineers can optimize it, reducing the size and cost of the product, or increasing the reliability and performance. Some embedded systems are mass-produced, benefiting from economies of scale.
Source: http://en.wikipedia.org/wiki/Embedded_device

Through the aforementioned definitions, I can say that a computer and an embedded system is a robot. Computers and embedded systems have very much similarities because they are both robots in definition. They both respond to a specific set of instructions, are programmable, and in some degree, they are metallic. Both also are artificially created, thus, leading me to the conclusion that both of them are robots. The difference between computers and embedded systems may be traced back to history, but due to the rising technology, computers and embedded systems are now becoming the same, and thus, both are similar. Additionally, the term "computer" has always been associated with the "device having a keyboard, mouse, and monitor". Thus, creating confusion as to its real meaning and intention.

Now, back to the question, "What is an embedded system. anyway?". It is simply a computer packed in different ways to be able to perform certain tasks. Note that I used "computer" to make a general meaning that everybody can understand, which basically means, a controller/processor-based system.

Sunday, October 14, 2007

Introduction to Cryptography

In my attempt to learn how to use the .NET's cryptography class, I come across an article that suggests to have a firm grasp of the cryptographic theory to be able to have a better understanding of the .NET's cryptography class. Here's what I got so far...

3 Fundamental Concepts of Cryptography (Types of Cryptographic Algorithm)

  1. Hash Functions
  2. Symmetric (Secret Key) Encryption
  3. Assymetric (Public Key) Encryption


HASH (MESSAGE DIGESTS or ONE-WAY ENCRYPTION)

  • sort of "signature" for a stream of data that represents the contents
  • can be associated to a "tamper-proof seel in a package", once its opened, its obvious
  • reads a stream of data
  • outputs a 128-/160-bit number which contains the summary of the stream of data
  • each hashing method have their own advantages and disadvantages depending on their performance, variations of collision resistance, how well security has been tested, etc.
  • uses no key, instead, uses a fixed-length hash value that is computed based on the cleartext that makes it impossible to recover either the contents nor the length of the cleartext
  • used to provide a digital fingerprint of a file's contents
  • used to ensure that the file has not been altered by a virus, an intruder, nor thru data transfer
  • used for encrypting passwords in a password store

SOME HASH FUNCTIONS COMMONLY USED
  1. md2
    • designed for systems with limited memory (i.e., smartcards)
  2. md4 (128 bits, obsolete)
    • designed for fast processing in software
  3. md5 (128 bits)
    • similar to md4 but slower due to manipulations made to the original data
  4. Secure Hash Algorithm (SHA)
    • produces a 160-bit hash value which can produce 224-, 256-, 384-, 512-bit length hash values
  5. ripemd-160 (160 bits)
    • based on a 128-bit hash functions optimized for 32-bit processors


SYMMETRIC ENCRYPTION (Secret Key Cryptography - SKC)

  • uses a single key for encrypting and decrypting data
  • advantage:
    • relatively fast
  • disadvantage:
    • to be able to share encrypted data, you have to share your key
  • schemes:
    • Stream Ciphers
    • Block Ciphers

STREAM CIPHERS
  • operate on a single bit (byte or word) at a time to implement some form of feedback mechanism so the key is constantly changing
  • same cleartext will produce different ciphertext
  1. Self-Synchronizing Stream Ciphers
    • calculate each bit in the keystream as a function of the previous n bits in the keystream
    • advantage:
      • decryption process can stay in sync with the encryption process by just knowing how far into the n-bit keystream it is
    • disadvantage:
      • error propagation, a lost or destroyed bit during transmission will cause n destroyed bits at the receiving side
  2. Synchronous Stream Ciphers
    • generates the keystream in a fashion independent of the message stream, however the same keystream generation function is used by both sender and receiver

BLOCK CIPHERS
  • operates on one block of data at a time using the same key on each block
  • same cleartext block will always produce the same ciphertext
  1. Electronic Codebook (ECB) Mode
    • simplest and most obvious application
    • the secret key will be used for encryption, thus, 2 identical cleartext blocks will produce the same ciphertext block
  2. Cipher Block Chaining (CFB) Mode
    • adds a feedback mechanism to the encryption scheme
    • cleartext is XORed with the previous ciphertext block prior to encryption
    • advantage:
      • two identical plaintext blocks will never encrypt to the same ciphertext
  3. Cipher Feedback (CFB) Mode
    • block cipher implementation of the self-synchronizing stream cipher
    • allows data to be encrypted in units smaller than the block size
  4. Output Feedback (OFB) Mode
    • block cipher implementation similar to a synchronous stream cipher
    • prevents the same cleartext block from generating the same ciphertext block by using internal feedback mechanism which is independent of both cleartext and ciphertext bitstream

SOME SKC ALGORITHMS USED

  1. Data Encryption Standard (DES)
    • most common
    • designed by IBM in the 70s
    • adopted by the National Institute for Standards and Technology (NIST) in 1977 for commercial and unclassified government applications
    • a block cipher employing a 56-bit key that operates on 64-bit blocks
    • composed of a complex set of rules and transformations designed specifically for fast hardware implementation but slow software implementations. However, since speed of computers today have dramatically increased, slow software implementations is not an issue.
    • defined in American National Standard X3.92 and 3 Federal Information Processing Standards (FIPS)
      • FIPS 46-3: DES
      • FIPS 74: Guidelines for Implementing and Using the NBS Data Encryption Standard
      • FIPS 81: DES Modes of Operation
    • Variants that strengthen DES:
      • Triple-DES (3DES) : uses up to 3 56-bit keys and makes 3 encryption/decryption passes over the block
      • DESX : devised by Ron Rivest, combines 64 additional key bits to the cleartext prior to encryption, effectively increases keylength to 120 bits
  2. Advanced Encryption Standard (AES)
    • initiated by NIST in 1997, to develop a new secure cryptosystem for US government applications
    • official successor of DES in 2001
    • adopted an SKC scheme called "Rijndael" (block ciphers designed by Belgian cryptographers)
      • the algorithm can use a variable block length and key length
      • allowed any combination of key lengths of 128, 192, or 256 bits and block lenghts of 128, 192, or 256 bits
    • AES Standard describes a 128-bit block cipher employing a 128-, 192-, or 256-bit key
  3. CAST-128
    • a DES-like substitution-permutation crypto algorithm, using a 128-bit key operating on 64-bit block
  4. CAST-256
    • extension of CAST-128 using 128-bit block and a variable length key. Key length may be 128, 160, 192, 224, or 256 bits)
  5. International Data Encryption Algorithm (IDEA)
    • patented by Ascom in 1992
    • a 64-bit SKC block cipher using a 128-bit key
  6. Rivest Ciphers (Ron's Code)
    • a series of SKC algorithms
  7. Blowfish
    • symmetric 64-bit block cipher optimized for 32-bit processors with large data caches
    • significantly faster than DES on Pentium machines
    • key lengths may vary from 32-448 bits
    • available freely and intended as a substitute for DES or IDEA

ASSYMETRIC ENCRYPTION (Public Key Cryptography - PKC)

  • uses 2 different keys:
    1. public key - for encryption
    2. private key - for decryption
  • advantage:
    • you don't have to share your key to share your encrypted data
  • disadvantage
    • very slow, not recommended for data more than 1kb in size
  • uses mathematical functions that are easy to compute but very difficult to reverse
    • i.e., Multiplication vs. Factorization, Exponentiation vs. Logarithms
  • mathematical trick: find a "trap door" in the one-way function such that the inverse calculation becomes easy given a few items of information

SOME PKC ALGORITHMS USED
  1. 1. RSA
    • widely used for key exchange and digital signatures
    • uses variable size encryption block and variable size key
    • key pair is derived from a very large number "n", where n = product of 2 prime numbers chosen accdg to special rules
      • primes may be 100 or more digits in length each
    • public key information includes "n" and a derivative of one of the factors of "n"
      • such that an attacker cannot determine the prime factors of "n"
    • advantage:
      • hard to crack due to the difficulty of factoring large prime numbers (wherein, in fact, prime factors have only 2 factors)
    • disadvantage:
      • modern computers now have the ability to find prime factors with more than 200 digits
      • however, if a large number is derived from 2 prime factors with roughly the same size, there is yet no known factorization algorithm that can solve the problem in a reasonable amount of time
      • a presumed protection of RSA is to increase the key size to always stay ahead of the computer processing curve
  2. Digital Signature Algorithm (DSA)
    • specified in NIST's Digital Signature Standards
  3. Elliptical Curve Cryptography (ECC)
    • algo is based on elliptic curves
    • offers levels of security with smaller keys comparable to RSA
    • designed for devices with limited computer power and memory (i.e., smartcards, PDAs)
  4. Public Key Cryptography Standards (PKCS)
    • a set of interoperable standards and guidelines for public-key cryptography

Sources:
Overview of Cryptography, by Gary Kessler
.NET Encryption Simplified, by Jeff Atwood
An Illustrated Guide to Cryptographic Hashes, by Steve Friedl