Hi @bko. We are developing a Raspberry Pi + Photon project, both devices connected to the Particle IO Cloud. We are in the process of tamper proofing i)the firmware, and ii)the communications on each device.
A few questions:
The firmware that is flashed to the Raspberry trough Particle io, is encrypted at Particle io and decrypted at the Raspberry?
The firmware that is flashed to the Photon trough Particle io, is encrypted at Particle io and decrypted at the Photon?
Where are located the keys for encryption in each device?
I canât answer for the Raspberry PiâI would guess it is similar to the Photon but have never tried it myself. The RPi is a more capable device and many more things are possible there.
For the Photon, all communication to/from the Particle cloud is encrypted. The encryption starts off using RSA keys with a handshake message. The Photon holds a copy of the cloudâs public key and itâs own public and secret private keys. The cloud has itâs own secret private key and holds the public keys of the devices it talks to. Using RSA encryption, the cloud and the Photon agree upon a session key used for AES encryption of the remainder of the cloud data.
Since the Photon has the cloudâs public key, it can make sure that only the Particle cloud could have sent the RSA handshake message. Similarly since the cloud holds the Photonâs public key, it knows that only that particular Photon could have sent that handshake message. Once they agree on a session key, it is used until the Photon is reset/rebooted.
The security provided is about the same as that provided by HTTPS, the secure protocol for web pages, but without the certificates. You donât need the certificates since the public is loaded in the Particle factory (and can be verified).
The locations of the keys are listed in the doc memory map: