darconeous
commented
7 years ago I guess the first consideration would be regarding using DTLS or instead using some sort of bespoke protocol. Often times DTLS is tied very closely to the IP networking stack, so it might not be the easiest thing to use.
For a simple high-entropy shared-secret (128 random bits shared between the chips) type of thing, we could pretty easily negotiate a shared key that we could then use to secure the channel with AES-CCM*, which is the same stream cipher that is used in 802.14.5. We would need to renegotiate the keys at every boot and every couple billion packets, but that shouldn't be too difficult.
I'd recommend we avoid using the shared secret directly as the key, since that would require the use of a key counter. It is easy to avoid using such a counter, as long as each chip has a way of generating strong random numbers.
This issue is tracking the consideration and potential designs of a point-to-point security layer for protecting the Spinel stream from from evesdropping or manipulation in case of physical compromise.