I need a solution to encrypt USB communication between device A and device B. I

Question

I need a solution to encrypt USB communication between device A and device B. I was thinking about configuring each device with a secret RSA-2048 key, which would be used to exchange an AES-256 session key.

1. A and B are pre-configured with secret RSA-2048 asymmetric keys.
2. A sends an unencrypted message to B indicating that encryption should be used.
3. B uses its RSA-2048 key to encrypt an AES-256 symmetric session key and sends it to A.
4. A uses its RSA-2048 key to decrypt the message and obtain the AES-256 session key.
5. The AES-256 session key is used for encrypting/decrypting communication going forward.

Since the RSA-2048 keys are both secret, is there any point in using RSA over AES for encrypting the session key exchange? In other words, is it acceptable for both A and B to be pre-configured with a secret AES-256 key (instead of secret RSA-2048 keys) that is used to generate an AES-256 session key?

Explanation / Answer

It depends.

If A and B are configured with secret AES keys, then A and B's previously intercepted communications can be trivially decrypted after the AES key comes to light (B is pulled out of the trash can your SO threw it in next year).

If you use secret RSA keys, then it's very similar, though each intercept must have the packets containing the cryptographically randomly generated AES key for that "session" to decrypt data previously intercepted from that session.

If you use something like TLS-DHE-* or TLS-ECDHE-*, then retrieving the device later does NOT help decrypt previously intercepted communications; this is the big deal about forward secrecy using ephemeral keys.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.