Enhanced Device-Specific Encryption for IoT: Leveraging Microcontroller UIDs and Dedicated Cryptographic Hardware

Abstract

In this research, we introduce an advanced encryption system that aligns with global cryptographic standards, emphasizing device identification and adherence to the PKCS#5 standard. Instead of relying on pseudorandom numbers, our innovative key expansion approach capitalizes on the microcontroller’s UID, merged with the session key, and subjected to a repetitive Digest algorithm, thus achieving a dimension apt for asymmetric encryption protocols. Leveraging the dedicated hardware support for the SHA-256 algorithm, we compute a distinctive digest through varying iteration counts, gauging computational prowess. We employ AES128 for data encryption, given its ubiquity and its hardware inclusion in the NXP FDRM-K82F device. This device boasts a Cryptographic Acceleration Unit (CAU), optimizing processing durations and memory consumption, paving the way for autonomous cryptographic systems with viable throughput rates tailored for IoT scenarios. The microcontroller’s specialized LP Trusted Cryptography (LTC) hardware champions diverse algorithms, enriched with atomic directives. We integrate Physical Unclonable Functions (PUFs) into our design, harnessing inherent manufacturing disparities to spawn unique, hard-to-replicate keys. The key expansion is rooted in the PKI infrastructure, sourcing a distinct number per device from the FRDM-K82F’s UID and culminating in a 256-bit Digest, employed as the AES-CBC key and Initialization Vector (I.V.). Our empirical assessment underscores the superior efficiency of the CAU against counterparts lacking such modules, showcasing remarkable boosts in performance and diminished encryption/decryption intervals. Consequently, our pioneering approach emerges as a prime candidate for fortifying IoT applications.