Cloud IoT Security Analysis

Security analysis of Cloud IoT services Below is my analysis of Google’s “Cloud IoT Core” and Amazon’s “AWS IoT Core”, from a security perspective. The “Core” service from both of these providers is very similar, and consists of a message broker that supports a publish/subscribe model. In both cases, it is possible for an external host to subscribe to messages, as well as to have messages sent to various compute resources within the respective provider’s cloud offerings.

TLS is Hard

This is a bit unusual of a post, as it is more of a brain dump than a nicely written prose. I may fill this in over time. TLS and why it is hard Introduction In an ideal magical world, TLS is a thing you drop into a connection and it becomes secure. Both parties just communicate as if they were read/write send/recv packets, but everything is secured.

Glacier vs Tape

Recently, I’ve been looking at using Amazon Glacier for some of my off-site backup needs. I already have a small amount of my data being stored in s3, and the lower cost of Glacier ($0.004/GB-month) make it a possibility for backing up even more data. Since I intend for these backups to be fairly long time, I wanted to do a little analysis, comparing it with something like LTO-6. A LTO-6 tape drive looks to cost about $3000.

Go and Rust

My regular job has me working, from time to time, with both Go and Rust. Both of these languages have a good following, and strong communities behind them, and there are things I enjoy about both languages. For the most part, if I am writing a utility for personal purposes, I will choose one of these two languages (notably, not Python). Several of my projects, I find myself maintaining in both Go and Rust, because I can’t make up my mind as to which I prefer, or which is a better fit for the problem.

After Effects and Nuke

I have been paying for an Adobe Creative Cloud subscription for around a year now. In order to help justify this expense, I’ve given myself a goal to learn the other programs in the suite that I don’t yet use (I primarily use Illustrator, Photoshop and Acrobat). I started with Premiere. Coming from Final Cut (before the “X” version which seems to have turned it into a toy), the user interface initially felt very different.

Unhelpful Support

I am unable to access the Adobe forums, at least if I am logged in with my Adobe account. I thought I’d start by contacting Adobe Support. It seems that their support is only set up to help people with their applications, and they have nothing in place to help someone that is having a problem with their website. Vinay Pratap: Hello! Welcome to Adobe support. Vinay Pratap: We appreciate your patience and apologize for the wait.

First Animation

After going through a bunch of tutorials for the various Adobe Creative Cloud Suite, I have made my first animation. I drew the clock in Illustrator (which I’ve known for many years, at least 30), with each hand on a separate layer. This took about 20 minutes. Then, I animated the hands using After Effects. This took maybe another 20 minutes. Then, I brought that animation into Premiere Pro and made a sequence that repeated for 2 minutes.

Crypto and Firmware RFCs

This post summarizes the relevant RFCS (and other standards) related to cryptography and, specifically, relevant to MCUboot. I intend to update this post with more RFCs as I refer to them in my work. Cryptography The following documents describe protocols and encodings relevant to digital signatures. RFC3447: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 RFC4279: Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) RFC5208: Public-Key Cryptography Standards (PKCS) #8: Private-Key Information Syntax Specification Version 1.

Key Formats

Update: After a little digging, I understand where the leading 0x00 comes from on the EC public key. I’ve recently been working on the MCUboot project. A key feature of this bootloader is its use of digital signatures to verify images both before performing upgrades, and optionally, also before running them. The code currently supports RSA and ECDSA signatures, and we are working on adding support for EdDSA signatures (specifically Ed25519).

T2 Credits

I’ve now been using an Amazon “t2.nano” EC2 instance for my web hosting. These are designed to allow “Burstable Performance”. Amazon has a few different descriptions from the simplistic: T2 instances accrue CPU Credits when they are idle, and use CPU credits when they are active. to a much more detailed explanation. The later document says that the credits are processed at millisecond resolution. But, the free monitoring tools only sample at 5-minute granularity, so it is difficult to see anything of finer granularity than that.