To improve the accessibility of our content, please find the audio version of this blog post.
A MOOC on Cryptography or Why We Care
We recently updated our MOOC on Cryptography for newcomers and seasoned engineers by diving deeper into the most common algorithms used today. The video below starts by talking about symmetric cryptography, meaning that the system only uses one secret key for both encryption and decryption operations. The video explains the significant characteristics of symmetric encryption, such as the algorithm, block size, and key size, as well as why these methods are so popular on microcontrollers. Since they use permutations, substitutions, shifts, or XOR, which all run very efficiently on Cortex architectures, it is common to use them in embedded systems. The course also looks into their limitations and their use in the industry. For instance, encrypting identical blocks with AES, without using salt, always gives the same result, which represents a vulnerability. The course, therefore, explains how to deal with it and make an application more secure.
Security remains an important topic in 2020 because the number and sophistication of attacks force engineers to be vigilant and proactive. One of the advantages of the STM32 series of MCUs is that many models offer a crypto core to accelerate AES algorithms, thus ensuring developers can use this method without a negative impact on performance. Additionally, the increasing popularity of secure element help protects the keys used in encryption and decryption operations, opening the door to features such as the Secure Module Install on the latest STM32H7. To better take advantage of the hardware and software security features we offer, we combined our tools under our STM32 Trust initiative.
Asymmetric Encryption or How to find a Public Key Within a Private Key
The other half of the video pertains to asymmetric cryptography, meaning that it uses a pair of public and private keys. This type of method is prevalent when dealing with services and technologies that rely on the web. The course looks at the two significant algorithms from this category, RSA and ECC, as well as their advantages in terms of security, but also their broader impact on computational resources, which explains why it is very rare to employ these methods when dealing with big data and IoT. At each step of the lesson, the instructor also goes to a command-line interface to ensure users and students can visualize the concepts at hand. For instance, the instructor shows what the private and public keys contain, before using OpenSSL to generate a private key to show how it’s possible to extract a public key from it.
Encryption in Transport Layer Security or Applying the ST MOOC to the Web
There are currently six videos in the MOOC, the last three going into practical considerations. For instance, the last video takes all the fundamentals covered by the coursework and uses them to explain TLS (Transport Layer Security) management, which is so ubiquitous on the web. The instructor looks more specifically at the handshake between two terminals to understand what happens before the exchange of encrypted data. Put simply, it’s an excellent example of how the multiple use of public and private keys protects the exchange of certificates to help keep the web safe. The class comes with a PDF containing the slides used by the presenter as well as hands-on code, which makes it easy to replicate the demonstrations.