Cryptology ePrint Archive: Report 2017/562

Making Password Authenticated Key Exchange Suitable For Resource-Constrained Industrial Control Devices

Björn Haase and Benoît Labrique

Abstract: Connectivity becomes increasingly important also for small embedded systems such as typically found in industrial control installations. More and more use-cases require secure remote user access increasingly incorporating handheld based human machine interfaces, using wireless links such as Bluetooth. Correspondingly secure operator authentication becomes of utmost importance. Unfortunately, often passwords with all their well-known pitfalls remain the only practical mechanism. We present an assessment of the security requirements for the industrial setting, illustrating that offline attacks on passwords-based authentication protocols should be considered a significant threat. Correspondingly use of a Password Authenticated Key Exchange protocol becomes desirable. We review the signif-icant challenges faced for implementations on resource-constrained devices. We explore the design space and shown how we succeeded in tailoring a partic-ular variant of the Password Authenticated Connection Establishment (PACE) protocol, such that acceptable user interface responsiveness was reached even for the constrained setting of an ARM Cortex-M0+ based Bluetooth low-energy transceiver running from a power budget of 1.5 mW without notable energy buffers for covering power peak transients.

Category / Keywords: PAKE, ARM Cortex-M0, Curve25519, ECDH, PACE, Curve25519, ECDH key-exchange, elliptic-curve cryptography, Embedded Devices, Elligator, Process Industry, Bluetooth, Curve19119, X19119, Bluetooth low energy

Original Publication (with minor differences): IACR-CHES-2017

Date: received 6 Jun 2017, last revised 9 Jun 2017

Contact author: bjoern haase at conducta endress com

Available format(s): PDF | BibTeX Citation

Version: 20170614:204502 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]