Anelok security model

Werner Almesberger werner at
Fri May 30 20:17:57 EDT 2014

I drew a little diagram of the security model I plan to use in Anelok:

The "trusted core" is the MCU, in our case a Freescale Kinetis KL26.
It has protection against altering the Flash (including a bulk erase)
and against reading any memories or running the chip under a debugger.

It communicates with the various entities in the system. The MCU and
the RF SoC are also sealed against physical tampering in some way,
e.g., with the transparent silicone plus paint seal we discussed

The MCU contains the (trusted) code and the master keys. The master
keys are weakly encrypted with the user's PIN and there's also a
retry limit against brute-force attacks.

The master keys unlock the encryption of objects in the password
database on the memory card. The memory card also contains trusted
code updates and maybe some large data (fonts, etc.), which is
signed. The corresponding credentials (not shown) are also stored in
the MCU.

The various communication channels - Bluetooth LE or USB - are all
usually be encrypted but there may also be some insecure modes. In
the case of Bluetooth, the encrypted channel would terminate in the
MCU and not, as is commonly done, in the insecure RF SoC.

The code in the RF SoC is weakly trusted, so it would still be signed
on the memory card, but a reasonably determined attacker could alter
what runs on the RF SoC.

- Werner

More information about the discussion mailing list