2.

6- Embedded systems
Vid 87 : Embedded systems constraints
Constraints of Embedded Systems
1- Limited Hardware Capabilities
 Often run on low-cost or purpose-built hardware (e.g., Raspberry Pi).
 Fewer ports, interfaces, or features compared to a regular computer.
 Difficult to upgrade (hardware, storage, or operating system).
2- Communication Limitations
 May only support specific wireless interfaces.
 Not always compatible with standard networks like Ethernet or Wi-Fi.
3- Single-Purpose Design
 Devices are built to perform one specific task.
 No unnecessary memory or features are included.
 This keeps costs low but limits flexibility or expandability.
 Typically low-performance processors.
 Not necessarily a bad thing — they generate less heat, which is a benefit for small, enclosed systems.
4- Power Constraints
 Often powered by batteries or solar energy.
 Physical access may be required to replace or recharge batteries.
 Batteries may need to be manually replaced, requiring physical access to the device.
 Designed for low power consumption.
5- Low Processing Power
 Use low-performance CPUs, which produce less heat.
 This can be an advantage in compact or remote installations.
6- Geographical Limitations
 Device location (e.g., an oil field) may restrict available network types.
 Can limit bandwidth and connectivity options.
7- Weak or Absent Security
 Limited or no encryption capabilities.
 Minimal or no authentication mechanisms.
 Rarely support advanced security features like MFA or directory integration.
 No authentication or very weak authentication for access to the device.
  No support for multi-factor authentication (MFA) or directory services (e.g., Active Directory).
8- Limited Accessibility & Maintenance
 Often lack keyboard, display, or mouse.
 Firmware updates may require physical access (e.g., USB drive).
 No direct access to the operating system in many cases.
9- Reliability and Lifespan
 Low-cost components may reduce the device’s expected lifespan.
 Hard to ensure quality or perform regular security audits.
Cost vs. Quality Trade-off: Lower cost, but at the expense of flexibility and expandability

2.7 – Physical Security Controls

Vid88 : Physical Security Controls
1. Physical Barriers
 Barricades and Bollards:
o Block unauthorized pedestrian or vehicle access.
o Bollards are typically strong concrete posts to stop vehicles.
 Natural Barriers (e.g., moats):
o Act as physical obstacles without mechanical components.

2. Secure Entry Methods

 Access Control Vestibules (aka Mantraps):
o Dual-door systems controlling entry one person at a time.
o Door locking mechanisms vary to prevent tailgating.
 Locks and Entry Devices:
o Traditional keys and deadbolts.
o Electronic/pin-based locks.
o RFID badges, magnetic cards, key fobs.
o Biometric locks (fingerprints, handprints, retina, voice).
o Smart cards often combined with PINs for multifactor authentication.
 Two-Person Integrity:
o Requires two people to access secure areas to prevent misuse by a single individual.
3. Monitoring and Detection
 Alarm Systems: circuit based (circuit is opened or closed : door , window .. ) , motion detection (radio
reflection or passive infrared : useful in areas not often in use ) , duress (triggered by a person : the
big red button )
 Signs : clear and specific instructions : warning signs (chemical , construction … )
 Surveillance (CCTV: closed circuit television ):
o Real-time and historical video feeds.
o Object detection and tracking.
o All feeds often centralized to one recording system.
 Industrial camouflage : refers to the use of camouflage techniques, often for deceptive
purposes, in an industrial or urban setting(ex: Buildings (e.g., data centers) disguised as
normal warehouses or offices to avoid attracting unwanted attention )

 Sensors: Motion detection , noise detection , temperature, moisture detection ( useful to

identifu water leaks ) , RFID, and fire detection sensors.

 Drones:
o Used to monitor large or difficult-to-access areas.
o On-board sensors : motion detection , thermal sensors

 Faraday cage :
o Blocks electromagnetic fields
o A mesh of conductive material
o Ex : the window of a microwave oven
o But not all signal types are blocked

4. Human and Operational Controls

 Security Guards and acces lists :
o Verify identity, manage guest access, and monitor activity.
o Often work in pairs (two-person control).
 Identification Badges ( id badge ) :
o Worn by employees for visibility and access.
o Can be tracked electronically.

 Guards
 o Two-person integrity/control : a security practice requiring at least two authorized individuals
to be present and involved in handling sensitive or critical materials or tasks minimize
exposure to an attack
o Can be replaced by robots

5- Biometrics authentication :
 usually stores a math representation of your biometric
 used in very specific situations
6. Door acces controls :
 conventional : lock and key
 deadbolt : physical bolt
 electronic : pin …
 token-based : magnetic swipe card , RFID badge .
 biometric
 multifactor

7. Anti-Theft and Personal Security

 Cable Locks:
o Secure laptops and other portable equipment temporarily.
o Not designed for long-term protection
 USB Data Blockers:
o Prevent juice jacking by blocking data pins during charging.
o We can use also a power adapter
8. Proper lighting :
 More light -> more security
 Non IR ( infra red ) cameras can see better
 Specialized design : angles may be important for cameras for example
9. Fencing :
 Build a perimeter : transparent / opaque / robust

10. Fire Suppression

 Detection Systems:
o Smoke, flame, and heat sensors.
 Suppression Methods:
o Water (non-electronic areas).
o Clean agents like FM-200 (used instead of Halon wich is no longer manufactured ) in data
centers.
11. A screened subnet (or DMZ) :
 A separate network zone between the internal network and the internet. It's used to host public-facing
services like web or email servers, adding an extra layer of security to protect the internal network

12. Protected Distribution :

 refers to a physically secure setup and monitoring of cabling network’s systems to prevent unauthorized
access or tampering with data as it travels through physical media.
 Prevent cable and fiber cuts ( DoS )

Vid 89 : Secure areas :

 physical security is just as important as logiciel ... If an attacker gains physical access to a device
(like a computer or server), they can bypass digital security measures such as firewalls.

 An air gap is a physical separation between devices or networks. It's used to:
- Prevent any connection (accidental or malicious) between a secure and an insecure
network.
- Provide absolute isolation of sensitive environments.
 aults and Safes :
To protect backups and sensitive equipment, organizations may use:
- Vaults: Secured rooms with controlled access; used to store backup tapes and other critical
assets.
- Safes: Smaller, secure containers with locking mechanisms; more cost-effective and flexible
for smaller facilities.
Vaults and safes protect against: Unauthorized access/
Natural disasters/ Power outages or other emergencies

 Data Center Environmental Control

Data centers house racks of high-performance computing equipment that generate a lot of heat.
Maintaining optimal temperature is crucial.
Hot and Cold Aisles:
- Servers are designed to take in cool air from the front (cold aisle) and expel hot air out
the back (hot aisle).
- This airflow strategy:
o Reduces energy costs
o Improves cooling efficiency
Hot Aisle Containment :
- The hot air is trapped in a confined space and then routed back to the cooling system .
- Cold air is pushed from beneath the floor into the cold aisle, passes through the
equipment, and exits into the hot aisle.
- This creates a controlled cooling loop that keeps hardware operating efficiently.
Vid 90 – Secure data destruction:
Data Destruction and Media Sanitization (Security Focus)
 Some info must not be destroyed but the critical one destroying it is the best solution to avoid
dumpster diving .
  If we want to reuse the storage devices for pther purposes in our organization but we want to
be sure that noone can be able to recover the prevois data -> sanitize the storage device
Protect your rubbish
Shred / burn /pulp the paper ( recycling )
Physical destruction
 Use a shredder or pulverizer : heavy machinery ans complete destruction
 Use a drill / hammer : quik and easy
 Use a strong magnetic field (degaussing ) : detroy the drive and renders the drive unusable
 Incineration : fire hot
Certificate of destruction
 Destruction is often done by a 3rd party : this service should include a certificate that your dara
is destroyed or a paper taril of broken data to know exactly what happened
Sanitizing media
 Purging: Deletes specific data from an exicting data store (e.g., a database record).
 Wiping: Completely and irreversibly removes all data

Data security
 SDelete (Sysinternals tool) – to securely delete individual files.
 DBAN (Darik’s Boot and Nuke) – to wipe entire drives.

2.8 – Cryptographic Concepts

Vid 91 : Cryptography concepts

 The word cryptography comes from the Greek word “kryptos”, meaning hidden or secret.
 In IT security, cryptography helps with:
Confidentiality: Keeping data secret through encryption
Authentication & Access Control: Verifying identities during logins.
Non-repudiation: Ensuring the sender of a message can’t deny sending it.
Integrity: Ensuring data (files, emails) hasn’t been altered
Common Cryptography Terms
Plaintext: Unencrypted, readable message (aka in the clear).
Ciphertext: The encrypted version of the plaintext.
Cipher: The algorithm used to convert plaintext to ciphertext.
Cryptanalysis: The process of trying to break or find vulnerabilities in encryption. This is important to
improve cryptographic systems.
Cryptographic Keys
The cipher process is usually publicly known.
The key is the secret part used with the cipher to encrypt or decrypt data.
Larger keys typically mean stronger encryption.
Using multiple keys can add more layers of protection.
Key Stretching / Strengthening
 If a key is small, we can increase its strength using techniques like hashing repeatedly.
 Example: Hash a password, then hash the hash, and so on.
 This slows down brute force attacks, making it harder for attackers to guess the original data.
Libraries for Key Stretching
bcrypt:
  Based on the Blowfish cipher.
 Builds on the older Unix crypt function.
 Used to securely hash passwords with multiple hashing rounds.
PBKDF2:
 Stands for Password-Based Key Derivation Function 2.
 Part of RSA’s Public Key Cryptography Standards (PKCS).
 Commonly used in secure applications.
Lightweight Cryptography

 Designed for low-power and low-resource devices like IoT (Internet of Things).
 Focuses on efficient encryption without needing powerful CPUs.
 Being heavily researched by NIST (National Institute of Standards and Technology).
 Goal: Maximize security while minimizing resource use

Homomorphic Encryption (HE)

 Lets you perform calculations on encrypted data without decrypting it.

 Steps:
1. Data stays encrypted.
2. You process (calculate) directly on the encrypted data.
3. The result is also encrypted.
 Benefits:

o Ideal for cloud computing.

o Keeps data secure during processing.
o Enables data analysis without exposing raw data.

Vid 92 Symmetric and asymmetric cryptography

Symmetric Encryption

 Definition: Uses a single key to both encrypt and decrypt data.

 If this key is exposed, all encrypted data is compromised and must be re-encrypted with a
new key.
 Also called:
o Secret key algorithm
o Shared secret
 Very fast to use : less overhead than asymmetric encryption
 Challenge: Key distribution and scalability.
o You must securely share the key, which is hard without already having a secure
channel.
o Analogy: like carrying a key in a locked case to share it in person—but that doesn’t
work over a network.

Asymmetric Encryption

 Public key cryptography (2 or more ) mathematiccally related keys( but can’t derive the
private from the public one )
 Deals with 2 types pf keys : public ans private
  The private key is the only key that can decrypt data encrypted with public key
 Solution to symmetric scaling problem: Asymmetric encryption provides a secure way to
share encryption keys.
 More resource-intensive than symmetric encryption, requires more CPU power.
 Often used together with symmetric encryption:
o Asymmetric encryption is used to securely transfer a symmetric key.
o Then, symmetric encryption is used for the actual data exchange.

Key Pair Generation

 Both public and private keys are created together.

 Uses:
o A large random number
o A key generation program
o Prime numbers as input
 Output: two related keys (one becomes public, one private)

Encryption Example: Bob Sends Alice a Message

1. Bob wants to send “Hello Alice” securely.

2. He gets Alice’s public key (from her, a key server, or her website).
3. He encrypts the message with her public key.
4. Alice uses her private key to decrypt it.
5. Only her private key can decrypt what was encrypted with her public key.

ombining Symmetric and Asymmetric Encryption

 Symmetric encryption is faster, but difficult to distribute keys.

 Asymmetric encryption can create shared symmetric keys without transmitting them.
 Example (used in Diffie-Hellman key exchange):
1. Bob and Alice each have a private and public key.
2. Bob combines his private key with Alice’s public key to create a symmetric key.
3. Alice does the same: her private key + Bob’s public key.
4. Result: both sides independently derive the same symmetric key, without sending it
over the network.

Performance Trade-Off

 Asymmetric encryption uses large prime numbers and requires significant CPU power.
 Not ideal for:
o Mobile devices
o IoT (Internet of Things) device

Elliptic Curve Cryptography (ECC)

 Designed for resource-constrained devices.

 Uses elliptic curves instead of large primes.
 Benefits:
o Smaller key sizes
o Less storage required
o Less data transmitted
 o Same security strength as traditional asymmetric algorithms

Vid 93 : Hashing and digital signatures

What Is a Hash?

 A hash is a function that takes any type of input—document, audio, video, large/small files—
and produces a unique string of text called a message digest, checksum, or fingerprint.
 Similar to a fingerprint, a hash uniquely identifies the input but cannot be used to recreate
the original input (one-way function).

Key Properties of Hashing

1. One-Way trip :
o Once data is hashed, it’s not possible to retrieve the original data from the hash.
2. Deterministic ( no collision ):
o The same input always produces the same hash.
3. Fixed Size Output:
o No matter the input size, the hash is always a fixed-length string.
4. Unique Output:
o Different inputs produce different hashes. If not, a collision has occurred, which is undesirabl
5. Avalanche Effect:
o A small change in input (e.g., changing a period to an exclamation mark) produces a drasticall
different hash.

Use Cases of Hashing

1. Password Storage

 Instead of storing passwords in plain text, systems store the hashed version.
 During login, the input password is hashed and compared to the stored hash.
 If hashes match → correct password.

2. File Integrity Verification

 Hashes can verify that a file hasn’t changed during transmission or download.
 Re-hash the downloaded file and compare to the provided hash.

3. Digital Signatures

 Combines hashing and encryption to provide:

o Authentication: Confirms source.
o Non-repudiation: Source cannot deny sending.
o Integrity: Confirms message hasn't been changed.

Salting Password Hashes

 Problem: Same passwords produce the same hash.

 Solution: Add a random value (salt) to each password before hashing.
 This ensures that even if users share a password, the resulting hashes are different.
 Salting prevents rainbow table attacks, where attackers use precomputed hash tables.
 Rainbow tables won’t work woth salted hashes
How Digital Signatures Work
Scenario: Alice hires Bob and sends a message: "You're hired Bob"

1. Alice:
o Hashes the message.
o Encrypts the hash using her private key → this becomes the digital signature.
o Sends the message + digital signature to Bob.
2. Bob:
o Decrypts the digital signature using Alice’s public key to get the original hash.
o Hashes the received message himself.
o Compares both hashes.
o If they match → the message is authentic, from Alice, and hasn’t been altered.

Vid 94 : Cryptographic keys

Why Cryptography Is Interesting

 Cryptography secures data while using publicly known algorithms.

 The only secret is the encryption key.
 You should keep you key private .

Key strength :

 Longer keys = better security, because they’re harder to brute-force.

 Symmetric encryption (same key for encryption and decryption):
 Common key sizes: 128 bits or higher
 Fast and efficient

 Asymmetric encryption (public/private key pairs):

 Much longer keys: 3072 bits , or more
 Uses large prime numbers and complex math

Key Exchange Challenges

 Keys must often be shared over insecure networks ( logistical challenge) .

 Two main options:
1. Out-of-band ( outside the network ) key exchange (e.g., phone call, courier)
2. In-band ( on the network ) key exchange using another method like asymmetric
encryption to deliver a symmetric key

Real-time encryption/decryption
 There is a need for fast security without compromising the security part (the ability to
exchange keys without sending the key in the clear across the network )
 Use asymmetric encryption (e.g., public key) to encrypt a symmetric key. :
- Client encrypts a symmetric session key using the server’s public key
- Server decrypts it using its private key
- Now both share a secure symmetric key for fast data exchange

 Keys and Sessions

o Session key: Temporary symmetric key for a session

 o Ephemeral: Not reused; discarded after session ends
o Ensures unpredictability and security per session

Diffie-Hellman Key Exchange (DH)

 Allows two parties to generate a shared symmetric key without transmitting it

 Each party uses:
o Their own private key
o The other’s public key
 Key created on both sides is identical, even though never directly shared

Vulnerability of Static Keys

 If private keys don't change, someone who intercepts encrypted data + obtains your private
key can decrypt past communications.
 Example: A TLS web server uses the same key pair for all sessions.

Perfect Forward Secrecy (PFS)

 Solves static key vulnerability:

o Uses ephemeral keys for each session
o Based on Ephemeral Diffie-Hellman (DHE) or Elliptic Curve DHE (ECDHE)
o Can’t decrypt with the private server key
 Even if someone gets the server’s private key, they can’t decrypt past sessions
 Requires:
o Server hardware capacity
o Browser compatibility with PFS algorithms
o You must look at the individual browers to make sure that they can suuport the same
ecryption method that you’re using on the web server

Vid 95 : Staganography

 Obfuscation makes information difficult to understand, not impossible.

 The main goal: confuse humans, not machines.
 Common use: source code obfuscation — the code still runs, but it’s hard for humans to read
and understand the logic.

Steganography: Hiding Data in Plain Sight

 From Greek: "steganos" (covered) + "graphein" (to write) = concealed writing.

 Steganography is the practice of hiding secret information inside a non-secret file or
message to avoid detection.(not ecrypt it )
 Security through obscurity: not true security; if someone knows the method, they can extract
the hidden data easily.

How Steganography Works

 The message is invisible but it’s there

  The visible file is called the cover text (e.g., an image).
 Hidden data is embedded inside the cover file — not visible to the human eye.
 If someone knows how to extract it, they might find:
o IP addresses
o Names
o MAC addresses
o Other sensitive data

Steganography techniques

1. Network-based:
o Extra bits hidden in network packets
o Receiver assembles them into a hidden message
2. Image-based:
o Common method; the larger the image, the more data it can hide
o Embed the msg in the image itself
3. Printer tracking dots:
o Laser printers often embed tiny yellow dots on printouts
o These dots reveal metadata (e.g., printer ID, date/time)
4. Audio steganography:
o Data (like documents) can be embedded in audio files
5. Video steganography:
o Video files can hold large amounts of hidden data due to their size

Vid96 : Quantum computing

What Is Quantum Computing?

 Quantum computing is based on quantum physics, unlike traditional computing which relies
on classical physics and binary bits (0s and 1s).
 It's not a replacement for regular computers, but a complementary technology used for
specialized tasks.

Bits vs. Qubits

 Classical bits: only 0 or 1.

 Quantum bits (qubits): can be 0 and 1 simultaneously, a state known as superposition.
 This allows exponential increases in processing power for certain types of problems.

4 Qubits -> 16 combinations

8 Qubits-> 256 combinations
16 Qubits-> 65,536combinations
32 Qubits-> ~4.3 billion combinations

 Takeaway: A small number of qubits can represent a huge amount of data simultaneously,
which enables massive parallelism.

Real-World Applications

 Massive data analysis (e.g., searching big datasets quickly)

 Medical research
  Weather prediction
 Astrophysics
 Machine learning

Impact on Cryptography

 Traditional encryption (e.g., RSA) relies on the difficulty of factoring large prime numbers.
 Quantum computers can break this using Shor’s algorithm (1994), which makes factoring
dramatically faster.
 This could render current encryption useless in a quantum-capable future.

Post-Quantum Cryptography

 Lattice-based encryption (e.g., "NTRU") uses math problems like the Closest Vector Problem,
which are still hard for quantum computers instead of finding the prime factorizations of large
numbers
 These are being studied to future-proof encryption.

Quantum Key Distribution (QKD)

 Unique quantum property: measuring a qubit changes it.

 QKD uses this to securely distribute encryption keys.
o If someone intercepts the key during transmission, the disturbance reveals the
eavesdropping.
o If the key arrives unchanged, it means the transmission was private (because keys in
both sides are identical -> no interruption in the middle )

Vid 97 : Stream and block ciphers

Encryption Basics

 Plaintext → Encrypted into ciphertext using encryption algorithms.

 Two common encryption techniques:
1. Stream Cipher
2. Block Cipher

Stream Cipher

 Encrypts one byte at a time.(encryp every bit of the info )

 Fast and requires less hardware.(using larger groups of data to ecrypt at a single time is not
that fast and requires a complex hardware)
 Often used with symmetric encryption (same key for encryption and decryption).
 Not ideal for asymmetric encryption due to performance overhead.
 Problem: Repeated bytes in input produce repeated encrypted output.
 Solution: Add Initialization Vector (IV) for randomization.

Block Cipher

 Encrypts fixed-size blocks (e.g., 64-bit or 128-bit).

  If the data doesn't fill the block, padding is added.
 Also typically uses symmetric encryption.
 Can use different modes of operation for added security and flexibility.

Modes of Operation for Block Ciphers

For each mode of these modes , we nees a similar type of input (fixed-length block of data )
We will split plaintext into smaller blocks and if we end up with a block with different fixed size we
use padding .

1. ECB (Electronic Codebook)

 Simplest mode.
 Each block encrypted independently using the same key.
 Problem: Identical plaintext blocks → identical ciphertext blocks.
o Example: Encrypting an image with ECB still reveals recognizable patterns.
 Not recommended for encrypting large, structured data.

2. CBC (Cipher Block Chaining)

 Adds randomization by XORing ( xor : 2 inputs indetical the output is 0 ) each plaintext block
with the previous ciphertext block before encrypting.
 First block uses an Initialization Vector (IV).
 Solves the pattern problem in ECB.
 Each block's encryption depends on the previous block: the previous result ciphertext is used
as an iv for the next block
 Commonly used and more secure than ECB.

3. CTR (Counter Mode)

 Uses a counter that increments with each block.

 Encrypts the counter and then XORs the result with the plaintext.
 No need for chaining—blocks can be encrypted in parallel (very fast).
 Adds randomization via the changing counter value.
4. GCM (Galois/Counter Mode)

 Combines CTR mode with Galois authentication.

 Minimum latency , minimum operation overhead
 Provides:
o Encryption and
o Authentication (verifies data integrity and source).
 Used in:
o Wireless (e.g., Wi-Fi)
o IPSec
o SSH/TLS connections
Vid 98 : Blockchain technologies

What is a Blockchain?

 A blockchain is a distributed ledger used to record transactions across multiple devices.

 All participants (nodes) share the ledger, allowing for transparency, security, and
decentralized control.

Common Uses of Blockchain

 Cryptocurrency payments (e.g., Bitcoin)

 Digital identity verification
 Supply chain tracking
 Secure voting systems

How Blockchain Works

1. Transaction Initiation

 A transaction is created (e.g., vote cast, product added, payment made).

2. Distribution to the Network

 The transaction is broadcast to all devices (nodes) participating in the blockchain.

3. Verification

 Each node checks details (e.g., balances, authenticity).

 Once verified, the transaction is approved.

4. Block Formation

 Verified transactions are grouped into a block.(block of blockchain)

 This allows for batch processing of multiple transactions at once.

5. Hashing

 The entire block is processed through a hashing function.

o The hash serves as a digital fingerprint.
o Any change in the block data results in a completely different hash.
 This ensures data integrity.

6. Adding to the Blockchain

 The new block (with its hash) is added to the chain of previous blocks.
 This full chain is replicated across all nodes in the network.
Security via Hashing

 Every block contains a hash that:

o Confirms the block's content hasn’t been altered.
o Links the block to the previous one.
 If a node tries to alter a block:
o The hash won’t match.
o The tampered block is rejected by the network.
 Since all devices have a copy of the ledger:

o Any unauthorized change is immediately detected.

o Nodes discard invalid or mismatched blocks.

This is just an overview of the process of blockchain , every blockchain technology has different minor
nuances , differents features and capabilities

Vid 99 : Cryptography use cases

What Is Cryptography Used For?

Cryptography helps secure data, ensure integrity, provide authentication, and even hide malicious
code. It is widely used across devices and applications.

Mobile & Low-Resource Devices

 We depend on mobile phones, tablets, and other small devices for daily tasks.
 These devices have:
o Limited storage
o Limited CPU power
o Limited battery life
 Encryption is essential to protect data on them.
 But due to resource limits, we use:
o Smaller symmetric keys
o Elliptic Curve Cryptography (ECC):
 Designed for low-power, resource-constrained environments.
 Provides strong encryption without consuming much power or space.
 We should ensure a low latency by using a symmetric encryption ans smaller key sizes , and
high resiliency by hashing and using a larger key sizes (so finding the balance is critical)

Use cases

1- Confidentiality: secrecy and privacy

2- Integrity : prevent modification of data , validate the contents with hashes
3- Obfuscatoion
4- Authentication : password hashing , add salt to randomize the stored password hash
5- Non-repudiation : combining hashing + assymetric encryption to create a non-repudiation to
confirm the authenticity of data this is implemented as a digital signature wich provides both
integrity and non-repudiation
Vid 100: Crypto limitations

 Crypto is not a perfect solution

 Can’t fix bad technique ( ex : hashing a password without using a salt )
 We should implement the proper crypto solution for each situation
 Limitation :

Speed : we should ensure that the app can perform quick enough with the crypto algo used
(CPU , power , battery life … can handle this algo)

Size : consider storage while using block ciphers for example because it use padding

Weak keys : Larger keys are more resistant to brute-force attacks./ A famous failure: WEP
(Wired Equivalent Privacy) used a weak initialization vector with RC4,this introduced
vulnerabilities, making it easy to crack wireless traffic

 Time : encryption and hashing taked time so larger files take longer / asymmetric is
slow than symmetric
 Longevity : how long this encryption type is able to be used as time goes

o CPUs get faster → brute-force attacks become easier.

o Example:

DES (Data Encryption Standard) was secure in 1977, by 1999, it was brute-forced in
22 hours.

o Use larger key sizes to extend the usable life of your encryption algorithms.

 Predictability and entropy : Random numbers are critical for secure cryptography but
hardware ranadom generators can be predictable so weak or guessable passphrases
make even strong crypto useless.
 Key reuse : reusing the same key reduces complexity (less cost , effort … ) but if the
key is compromised , everything using thet key is at risk . Changing keys in IoT devices
requires a firmware update
 Ressource vs security constraints : IoT devices have limited CPU , memory and power ,
and there is a little room for encryptiondecryption so there is a trade-off between
security and functionality -> security is often left to the user : manage security updates
and choose implementation strategies to properly secure the device