NIST Helps You With Cryptography

Getting cryptography right isn’t easy, and it’s a lot worse on constrained devices like microcontrollers. RAM is usually the bottleneck — you will smash your stack computing a SHA-2 hash on an AVR — but other resources like computing power and flash code storage space are also at a premium. Trimming down a standard algorithm to work within these constraints opens up the Pandora’s box of implementation-specific flaws.

NIST stepped up to the plate, starting a lightweight cryptography project in 2013 which has now come out with a first report, and here it is as a PDF. The project is ongoing, so don’t expect a how-to guide. Indeed, most of the report is a description of the problems with crypto on small devices. Given the state of IoT security, just defining the problem is a huge contribution.

Still, there are some concrete recommendations. Here are some spoilers. For encryption, they recommend a trimmed-down version of AES-128, which is a well-tested block cipher on the big machines. For message authentication, they’re happy with Galois/Counter Mode and AES-128.

I was most interested in hashing, and came away disappointed; the conclusion is that the SHA-2 and SHA-3 families simply require too much state (and RAM) and they make no recommendation, leaving you to pick among less-known functions: check out PHOTON or SPONGENT, and they’re still being actively researched.

If you think small-device security is easy, read through the 22-question checklist that starts on page twelve. And if you’re looking for a good starting point to read up on the state of the art, the bibliography is extensive.

Your tax dollars at work. Thanks, NIST!

And thanks [acs] for the tip!

These Engineering Ed Projects are Our Kind of Hacks

Highly polished all-in-one gear for teaching STEM is one way to approach the problem. But for some, they can be intimidating and the up-front expenditure can be a barrier to just trying something before you’re certain you want to commit. [Miranda] is taking a different approach with the aim of making engineering education possible with junk you have around the house. The point is to play around with engineering concepts with having to worry about doing it exactly right, or with exactly the right materials. You know… hacking!

Continue reading “These Engineering Ed Projects are Our Kind of Hacks”

Radar Sensors Put to the Test

[Andreas Spiess] picked up a few inexpensive radar sensors. He decided to compare the devices and test them and–lucky for us–he collected his results in a video you can see below.

The questions he wanted to answer were:

  • Are they 3.3 V-compatible?
  • How much current do they draw?
  • How long to they show a detection?
  • How far away can they detect the motion of a typical adult?
  • What is the angle of detection?
  • Can they see through certain materials?
  • Can the devices coexist with other devices in the same area? What about WiFi networks?

Good list of questions, and if you want to know the answers, you should watch the video.

Continue reading “Radar Sensors Put to the Test”

What Lies Within: SMT Inductor Teardown

Ever wonder what’s inside a surface-mount inductor? Wonder no more as you watch this SMT inductor teardown video.

“Teardown” isn’t really accurate here, at least by the standard of [electronupdate]’s other component teardowns, like his looks inside LED light bulbs and das blinkenlights. “Rubdown” is more like it here, because what starts out as a rather solid looking SMT component needs to be ground down bit by bit to reveal the inner ferrite and copper goodness. [electronupdate] embedded the R30 SMT inductor in epoxy and hand lapped the whole thing until the windings were visible. Of course, just peeking inside is never enough, so he set upon an analysis of the inductor’s innards. Using a little careful macro photography and some simple image analysis, he verified the component’s data sheet claims; as an aside, is anyone else surprised that a tiny SMT component can handle 30 amps?

Looking for more practical applications for decapping components? How about iPhone brain surgery?

Continue reading “What Lies Within: SMT Inductor Teardown”

Only 90s Kids Will Appreciate This Prototype

[Madox] is a trackball user, which is fine; we at Hackaday respect and appreciate those who live alternative lifestyles. As you would expect, there aren’t many makes and models of trackballs being sold, and [Madox] wanted something ergonomic. A DIY solution was necessary, but how to you model something ‘ergonomic’ before printing it out? Floam, apparently.

Highly advanced 3D prototyping skills

Floam is a sticky, moldable goo originally sold as the follow-up to Nickelodeon’s Gak in the early 1990s. It consists of styrofoam pellets held together with a colored binder that doesn’t leave a mess and doesn’t dry out. While the Nickelodeon version is lost to the sands of time, a Floam-like substance is available at any toy store. [Madox] picked up a few blister packs and began modeling his ideal trackball.

With the proper shape in hand, [Madox] needed a way to get this design into a computer. Photogrammetry is the solution, and while earlier experiments with Autodesk Catch were successful, Autodesk has morphed and rebranded their photogrammetry software into Autodesk ReMake. Turing a pile of styrofoam balls into a 3D model is as simple as taking a bunch of pictures and uploaded to Autodesk’s ‘cloud’ service.

In just a few minutes, a proper 3D mesh arrived from the Autodesk mothership, and [Madox] took to importing this model into Fusion 360, fiddling with chamfers, and eventually got to the point where a 3D printer was necessary. It took a few revisions, but now [Madox] has a custom designed trackball that was perfectly ergonomic.

Fooling Samsung Galaxy S8 Iris Recognition

We have a love-hate relationship with biometric ID. After all, it looks so cool when the hero in a sci-fi movie enters the restricted-access area after having his hand and iris scanned. But that’s about the best you can say about biometric security. It’s conceptually flawed in a bunch of ways, and nearly every implementation we’ve seen gets broken sooner or later.

Case in point: prolific anti-biometry hacker [starbug] and a group of friends at the Berlin CCC are able to authenticate to the “Samsung Pay” payment system through the iris scanner. The video, embedded below, shows you how: take a picture of the target’s eye, print it out, and hold it up to the phone. That was hard!

Sarcasm aside, the iris sensor uses IR to recognize patterns in your eye, so [starbug] and Co. had to use a camera with night vision mode.  A contact lens placed over the photo completes the illusion — we’re guessing it gets the reflections from room lighting right.  No etching fingerprint patterns into copper, no conductive gel — just a printout and a contact lens.

Continue reading “Fooling Samsung Galaxy S8 Iris Recognition”

Hackaday Prize Entry: Underwater Glider Offers Low-Power Exploration

[Alex Williams] created his Open Source Underwater Glider project as an entry to The Hackaday Prize, and now it’s one of our twenty finalists. This sweet drone uses motor-actuated syringes to serve as a ballast tank, which helps the glider move forward without the use of traditional propellers.

Unlike most UAVs, which use motors to actively move the craft around, [Alex]’s glider uses the syringes to change the buoyancy of the craft, and it simply glides around on its wings. When the craft starts getting too deep, the syringes push out the water and the glider rises toward the surface until it’s ready for another glide.

This low-power solution allows for long-term science projects and research. In addition to conserving power, the glider’s slow travel does not disturb the water or sea life.

[Alex]’s goal is to make his glider open source and 3D printable, combined with off-the-shelf hardware and ArduSub under the hood.

Continue reading “Hackaday Prize Entry: Underwater Glider Offers Low-Power Exploration”