[NTLUG:Discuss] What is the best method to communicate between a device and a server?

Sun Apr 6 09:17:29 CDT 2008

On Sat, 2008-04-05 at 01:28 -0600, Leroy Tennison wrote:
> 
> If it does ssh then use it, if it doesn't then answer the question "Does 
> security matter?"  I realize that's almost heretical to say in an age of 
> malware but there are some things that just don't need encryption.  If 
> the data being delivered is mundane or if it provides no context 
> allowing it to be understood then you may be OK.
> 
> You may need to change the design of your messages (deliver numeric 
> codes instead of actual text messages so that a potential attacker gets 
> only a string of numbers that's meaningless to them).  You can make up 
> for some of the insecurity on the server end by increasing your due 
> diligence there.  Examples are: very stringent validation of incoming 
> data to assure that it comes from the right source and hasn't been 
> tampered with, stringent limits on what machines can deliver data and 
> how much/how often to prevent trashing the server disk, writing 
> table-driven client code so that downloaded instructions are delivered 
> as a table of values (again, numbers or non-meaningful text unless 
> someone has the context allowing understanding).
> 
> I'm not advocating "security by obscurity" as a standard practice but in 
> cases where the data doesn't require that high of a security it may be 
> good enough.
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
> 

You make a good point.

The data is very mundane. It will most likely be the data in a
structure.  It would be very hard to figure out what it means unless you
were looking at the display, and converting the numbers to hex. 

Another option is to encode the mundane data with a very simple look-up
substitution. Both sides have a 256 byte table and substitute each byte
value with the table value. Since the data is obscure to begin with, it
would be very difficult to try to break the code, and the value of the
data is almost worthless. So it is not of any value if you try and
succeed in breaking the code.

The monetary value of the data is the same level as the data on your
neighbor's water or electrical meter.  You can look at the water meter
in front of his house or the electrical meter on the side of his house,
but it is not much value to you or anyone else other than your neighbor
and the water or electrical company.

Currently the micro-controller does not support ssh on its Ethernet
stack. I am certain I could get the source code and recompile it for
this computer. Is it worth it? Would it fit? I do not know, I have not
looked at it.

It is a 16-bit RISC machine with 256K Flash and 16K SRAM and will be
running at 8 MIPS. The application could probably operate at <0.1 MIPS.
(Things don't change very fast in a 500 - 1000 gallon tank of water.
Sampling once a second is probably overkill.)  The communications is the
reason we went bigger and faster.

Kip

-- 
Kipton Moravec KE5NGX
"Always do right; this will gratify some people and astonish the rest."
--Mark Twain