International Association for Cryptologic Research

International Association
for Cryptologic Research


Making Password Authenticated Key Exchange Suitable for Resource-Constrained Industrial Control Devices

Björn Haase
Benoît Labrique
DOI: 10.1007/978-3-319-66787-4_17
Search ePrint
Search Google
Conference: CHES 2017
Abstract: Connectivity becomes increasingly important also for small embedded systems such as typically found in industrial control installations. More and more use-cases require secure remote user access increasingly incorporating handheld based human machine interfaces, using wireless links such as Bluetooth. Correspondingly secure operator authentication becomes of utmost importance. Unfortunately, often passwords with all their well-known pitfalls remain the only practical mechanism.We present an assessment of the security requirements for the industrial setting, illustrating that offline attacks on passwords-based authentication protocols should be considered a significant threat. Correspondingly use of a Password Authenticated Key Exchange protocol becomes desirable. We review the significant challenges faced for implementations on resource-constrained devices.We explore the design space and shown how we succeeded in tailoring a particular variant of the Password Authenticated Connection Establishment (PACE) protocol, such that acceptable user interface responsiveness was reached even for the constrained setting of an ARM Cortex-M0+ based Bluetooth low-energy transceiver running from a power budget of 1.5 mW without notable energy buffers for covering power peak transients.
  title={Making Password Authenticated Key Exchange Suitable for Resource-Constrained Industrial Control Devices},
  booktitle={Cryptographic Hardware and Embedded Systems – CHES 2017},
  series={Lecture Notes in Computer Science},
  author={Björn Haase and Benoît Labrique},