Security Considerations

[adelyte-chris]

This is an open discussion of security considerations between a Crestron processor and Crescendo Cloud.

Communication

All servers, production and development, accept IPSec connections. A demonstration of IPSec will be available for download in a few weeks (posted 2016-03-16) whenever our standalone virtual machine router is finished. Our IPSec tunnels have been live for months (posted 2016-09-02).

Authentication

Authentication is the process of a processor proving that it is the processor it purports to be. Presently, Crescendo Cloud uses open registration and authentication of any processor (or service spoofing a processor) based on model, serial number, and MAC address.

Password Authentication

There is no sense having a password and its consequent inconveniences (loss, change, retrieval) only to transmit the password in plaintext. Therefore, a zero-knowledge password proof should be used.

SRP

The obvious solution is to use Secure Remote Password protocol, which would allow processors to manage passwords themselves. However, implementing public-key encryption in SIMPL+ will be onerous, perhaps impossible (definitely not impossible with arbitrary-precision arithmetic).

SRP would provide an optional secure channel using the session key. Processor-side encryption is probably not a good idea, especially since SIMPL+ does not use compiler optimization.

Nonce

If Crescendo Cloud manages passwords instead of processors, a less technically challenging solution is to use a cryptographic nonce. Writing a cryptographic hash function in SIMPL+ will be easier than implementing SRP. MD5 is used for Digest Access Authentication, but Mawka might be the best password hash function for this purpose since most of the computation could be delegated to the server.

[adelyte-chris]

Digest Access Authentication will be implemented in Crescendo Cloud v3.0 along with WebSockets. See Issue #7.