Join Log in
Score:1
BAO avatar Crypto

Encrypting Small messages (BLE Beacon) - with little entropy - symmetric

cf flag
BAO

I want to encrypt Bluetooth Beacon data. I was wondering if having very little entropy in the clear text would make the key easier to guess? The maximum data length is 31 bytes

An example of the data (packed struct): where sequence monotonically increases, all other measurements have small variations between readings (nature of what's being measured, think 25.00 -> 25.01 -> 25.02 -> 25.00)

const uint8_t id;
uint32_t sequence;
int16_t batteryV;
float32 measuredTemperature;
float32 internalTemperature;
float32 atm-pressure;
float32 ambient-Light;

This makes clear patterns using AES-CTR, but I have no idea if that matters. Does it?

Edit: removing useless display.

Extra notes: No nonce is used because - all 31 bytes need to be used for sending data. CTR only because it was a stream - absolutely open to other algorithm ideas.

I guess the question is, there is a clear pattern. Does this weaken the encryption to the point of 'why even bother' ?

84
2 + 5
aes
kodlu avatar
sa flag
kodlu
What is a your display showing
0
Reply
BAO avatar
cf flag
BAO
Sorry the display is just visualizing the data - where each horizontal line is one "BLE Advertisement". This is using simulated data - random dither to the temperatures, and an ever increasing 'sequence number' I wasn't sure if seeing the patterns would help
0
Reply
SAI Peregrinus avatar
si flag
SAI Peregrinus
Are you re-using the nonce? It's called a nonce because it's a Number used ONCE, if it's re-used you'll see patterns like this. AES-CTR mode with repeated nonce provides no security.
0
Reply
BAO avatar
cf flag
BAO
Yeah, the issue - there isn't enough space for a nonce in the data. Because BLE beacons don't have an ACK - data only goes in one direction - so we don't have any handshake
0
Reply
kodlu avatar
sa flag
kodlu
So my answer is correct
0
Reply
Score:2
fgrieu avatar Crypto
ng flag
fgrieu

Apparently it is used AES-CTR with fixed IV, which reduces to XOR with a constant bitstring (one that looks random for an observer without the key). That this bitstring is constant dramatically weakens the encryption, right next to the 'why even bother' point. To cite a few issues:

  • One knowing a single plaintext/ciphertext pairs can decipher all the other ciphertexts.
  • Identical values of a field in two plaintexts is detectable from ciphertexts.
  • Fields which vary slowly (here, most) and which approximate value can be easily guessed, can be deciphered from ciphertext only.

There is an easy solution if really sequence monotonically increases and never cycles or resets‡: do not encipher sequence, and use it as the most significant bits of the Initialisation Vector for AES-CTR encryption of the rest (with the low-order bits of the IV set to some constant, e.g. all-zero).

If sequence can repeat, there still are very secure solutions using Format Preserving Encryption; we have questions about that. We could fill whatever unused field there is in the 31 bytes with random data, and encipher that with a 31-byte block cipher, e.g. like 6 rounds of a Feistel cipher built using AES. With this, the best adversaries can do (without the key) is recognize that two plaintexts are exactly identical (including the random fields).

‡ Ah, pesky battery changes!

+ 2
Eugene Styer avatar
dz flag
Eugene Styer
Depending on the meaning of the id field, you could probably include it as part of the IV as well
2
Reply
BAO avatar
cf flag
BAO
Oh thats a wonderful idea, about the sequence number being part of the IV. I keep forgetting the IV isn't secret, since its in clear text I don't have to worry about falling out of sync.
2
Reply
Score:2
kodlu avatar Crypto
sa flag
kodlu

Based on comments under the question my answer below seems correct.

Since each horizontal line is one stream of CTR encrypted BLE advertisement and your IV/noncefor each CTR stream (across rows) is fixed, of course there will be patterns given almost constant readings.

Ignoring your unclear display, given that there is little entropy in the inputs, and things like temperature are eminently guessable, this is most likely weak in some sense.

I wonder if you have a problem with your encryption function. Try a few different modes and see if the patterns remain.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.