Encrypting sensor reading using AES( or other supported schemes)


#1

I am trying to setup two links between the photon-temperature sensor setup, one to the cloud another to a laptop.

  1. Link 1:A secure cloud link that goes to particle cloud (and later to AWS cloud), data sent is encrypted
  2. Link 2: Direct secure link between the photon and a laptop (wifi), data sent is encrypted

I would like both this links to be secure and any data going out through them encrypted.

So far, I have connected a temperature sensor to my photon and I am now able to see the temperature readings in serial monitor and particle dashboard. Is this data sent to particle cloud fully encrypted? If yes, can you link me to the encryption method and handshakes used.

If no can I add AES encryption to it. I found this AES demo and managed to compile and see it working. But I am unsure whether this would be the best choice for a quick secure setup and also I am unsure how I can call it on my temperature sensor output.(Sorry I am super newbie…)


#2

The Particle cloud uses RSA for session key exchange and authentication and then AES for data encryption for all cloud transactions. Each device has its own copy of the Particle cloud public key and its own private key. I don’t know of a doc reference but the source code is all on github for anyone to see.

For you own encryption, if you need it, you will eventually be able to use the same built-in crypto routines used by the cloud (I am just not sure if they have been added to user-visible set of functions in the HAL yet) or you could the community authored HTTPS client. Search the forum here for HTTPS client for details–it uses a slightly differenly licensed crypto library.


#3

So that means link 1 data is always encrypted already by RSA+AES. Whenever I flash my photon with the new firmware, is this also sent encrypted, or is it only certain data exchange(sensor data for my setup)?

For link 2, do you mean I have the option of using either similar RSA-AES to setup connection between the photon and a laptop or I could use HTTPS client? If so, is there any pros and cons of using either of these, in terms of security, ease of setup and features I can explore later? I see both provide “authentication, privacy and integrity”, but I couldnt find resources to compare them.

Searching the forums I saw HTTPS client has been implemented here, and wonder if I would need a server side setup as well with this. I am abit lost on how to get started with setting this up.


#4

Yes, every communication between your device and the Particle cloud is encrypted that way.


SSL/TLS between particle device and particle cloud?
#5

Also, the communication between your local code (running, say, on your laptop) and the Particle cloud servers is also encrypted. The API endpoint is https://api.particle.io, in other words when you request a variable, call a function, or use publish/subscribe, etc. those communications between your computer and the cloud are TLS encrypted.


#6

Hi @newlybee

Everyone’s needs are different in term of required security, so there is not way to say which path is best for you.

I would say that the Particle cloud and the HTTPS client provide approximately the same amount of security. The Particle cloud service is built-in to the firmware on your device and managed for you. The other is more of a toolkit you can use with any server.