Re: Need help securing RF telemetry

Sean wrote:
I am developing a small scale SCADA system for a client who needs
to secure RF signals between base units and RTU's. He uses
frequency-shifting RF transceivers, but physical security for
the RTU's can't be guaranteed, and an attacker stealing one would
have access to the encrypted traffic.

I'm programming the micro on the RTU, an MSP430F2121 (4k bytes
code, 256 bytes RAM). There's not much room to implement a standard
algorithm such as SHA-1 or XTEA. What's the best I can hope to do
with such a tiny processor? He may be convinced to use the F2131
(with 8k code space) but above that per unit cost gets to be an issue.
Any help appreciated,

Sean_Q_
ps. The world's first(?) cyber attack on a community's infrastructure
through RF telemetry was an inside job:
http://ddanchev.blogspot.com/2006/10/scada-security-incidents-and-critical.html

http://www.theage.com.au/articles/2003/06/21/1056119529509.html
http://www.mail-archive.com/cybercrime-alerts@xxxxxxxxxx/msg00577.html

Skipjack is small and easy because of it needing only 8 bit functions and a simple key schedule.

A TEA (simple key schedule) implementation might be smaller than Skipjack on account of no S-Box - but depends on whether you can implement the 32 bit functions in less than 256 bytes and have some spare bytes of ram for the extra key material.

Treyfer will be the smallest but requires some "kludges" to make it worthwhile. If you can live with a non optimal S-box scavenged from the machine code, a 64-bit key, and can add a counter to the round keys to give some uniqueness to them, Treyfer might be OK.

You can increase the block and key size of Treyfer in a straight forward way but you need to be careful with encryption modes. Treyfer only has good avalanche in the encryption direction. One way to live with this is to use counter mode for data encryption/decryption and CBC mode for a MD.
.