Cryptography involved in IOT device end

The main algorithms in cryptography ：

1. Single hash （md5,sha1,sha256）： Ensure message integrity .
2. Message authentication （hmac）： Ensure the integrity and authenticity of the message .
3. digital signature ： Ensure message integrity 、 Authenticity and non repudiation .
4. Pseudo-random number generation （ctr_drbg）： Generating random numbers increases security .
5. Symmetric encryption （aes）： Encrypted communication message .
6. Asymmetric encryption （ecc,rsa,dh）： Encrypted communication message .
7. Public key password （ecdh,rsa）： Exchange key .

Internet of things device end application ：

1. ota Firmware verification ： adopt Single hash algorithm （md5） Verify that the firmware is complete .
2. mqtt Connect ：
   1. certificate ： adopt Public key cryptography obtain Secret key encryption , Conduct Symmetric encryption aes-cbc.
   2. psk： Find the key through the authentication message , Conduct Symmetric encryption signal communication .
3. Dynamic registration ： adopt Message authentication code algorithm Send dynamic registration message , adopt Symmetric encryption Decrypt the device information .
4. tls： follow tls standard , Use the appropriate cryptographic suite .

common problem ：

1. The difference between certificate encryption and key encryption ？

Certificate encryption consumes more resources （rom,ram）, But because of the temporary key , It ensures forward safety .

2. What to do if the device key is leaked ？

The key should be properly and securely stored in the device , Soft reinforcement can be used according to safety 、TEE And security chip . If the device key is leaked , You need to delete the device information in the background , To protect data security .