concerning versions 2.2.2 and 2.3.0 of TI Z-Stack
and a fix of the ZigBee Smart Energy Profile ECC vulnerability.
Texas Instruments has released version 2.3.0 of Z-Stack, their ZigBee stack for the TI/Chipcon CC2530, MSP430, and CC430 chips. The new version adds a variety of new features, but chief among them is a fix to the random number generator which used to be utterly insufficient for cryptographic use. Technical details on the vulnerability were first revealed publicly in my last article. (Nate Lawson's translation is here.)
Source code for the new generator is not included, but rather references as a Security Service Provider (SSP). Since 2.2.3, they have extended the SSP API to include SSP_GetTrueRandAES() for generating random numbers by an AES key.
This is then called in zclGeneral_KeyEstablishment_GetRandom(), which in previous versions used the 16-bit LFSR.
Authors of firmware for ZigBee Smart Energy devices that have used this code should patch their source code and issue firmware upgrades as quickly as possible. Those with independent crypto implementations should check to ensure that they have not made similar mistakes. Programmers should also note that
Electric utilities with equipment using the MSP430 or Chipcon CC2530 should contact their vendors for such updates. Unlike Windows and Linux, there's no easy way to perform an upgrade of a fragment of microcontroller firmware to which you haven't got the source.
This fix only applies to the remote recovery of keys by PRNG attacks; local key extraction is still possible by the methods that I outlined in Extracting Keys from Second Generation ZigBee Chips.
18 comments:
In a future release, the cert and root key will be stored in flash and only accessed from the created partitions. The debug lock bit will then protect any access through the debug interface.
As we I can see, cyber-crime became more spreader by day. Data security developers’ next challenge is to renew methods of data encryption in order to restrict cyber-criminals from stealing important information. The solution may be found in collaboration with the virtual data room providers.
If you want your ex-girlfriend or ex-boyfriend to come crawling back to you on their knees (no matter why you broke up) you gotta watch this video
right away...
(VIDEO) Get your ex CRAWLING back to you...?
Interference Analysis
Interference Analysis in USA
You truly helped me understand this topic with your well researched post, thanks for all the good work.
This is Very very nice article. Everyone should read. Thanks for sharing. Don't miss WORLD'S BEST TrainDrivingSimulatorFreeGames
I appreciate the advice on how to design a package that perfectly matches your product. I never knew that the packaging is just as important as the product itself — that is unbelievable. i have lots of question in my mind regarding gift packing design after reading this post lot’s of question clear on my mind.virtual data room software
This is actually quite pleasant post you dispersed, I generally want to peruse the character and happy I discovered this thing in your post. Much obliged to you for posting such an extraordinary article. Reston Dentistry.
This blog very informative for me, i read every blog post daily, i love this blog thanks for sharing. Contract Advantage isbest Contract Management solution with a good set of features and a broad number of pricing options.
4-12 Week Weight Loss Workout Plan | Home Exercise Program (Week 6) Welcome to my 12 week weight loss program. Lean Muscle Program: How the Plan Works.
Helpful InformationCRM Software in Mumbai
Espresso can be found in non-seasoned choices such an as Columbian Supreme, French Mocha Java, Kenya Blend and Major's Breakfast Blend, coffee bag manufacturer just to recognize a couple.
Excellent Blog! I would like to thank you for the efforts you have made in writing this post.refurbished gpu
샌즈카지노(예스카지노) - 바카라사이트 우리카지노 추천업체 카지노사이트
I would like to thank you for the efforts you had made for writing this awesome article, really explains everything in detail, The article is very interesting and effective. Thank you and good luck for the upcoming articles.
Sell Sony Phones Online
Thanks for the blog very nice keep it up.
phone battery replacement
Because you make so many excellent points, I read your essay numerous times. Your views of view are, for the most part, comparable to mine. This is fantastic content for your readers.
New Computer Parts
Very nice post. I simply stumbled upon your blog and wanted to say that I have really enjoyed browsing your weblog posts. I’m hoping you write once more very soon! for More Information Visit Here:- Roadrunner Email Not Working
Project management is a very tedious task in the construction sector because there are many aspects that need to be managed. Zepth is an effective construction project management software that provides a complete solution for project management.
Post a Comment