• State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 74 subscribers
  • Views 1659 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 282824
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Which elliptic curves are supported by the nrf9160 modem?

Dan H

Hi,

We are currently looking into using the nrf9160 for a smart meter gateway like solution. It is of particular interest to us to know if we would be able to achieve compliance with Germany BSI’s TR-03116.

The mandatory cipher suites for our application scenario (TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) are support by the nrf9160 modem according to this.

However, I did not find any information on which elliptic curves the modem uses with this cipher suites. TR-03116 requires BrainpoolP256r1, BrainpoolP384r1 and NIST P-256.

Are they supported by the modem?

Parents
  • 0

    Hello Dan,

    The nRF9160 has hardware accelerator ARM TrustZone Cryptocell 310 which is a security subsystem provides root of Trust (RoT) and cryptographic services. The supported elliptic curves of this peripheral can be found in the product specification (https://infocenter.nordicsemi.com/pdf/nRF9160_PS_v2.1.pdf) page 84-85. 

    This peripheral is mainly used for cryptographic operations when required but the software implementation can be used as well( Cryptography samples — nRF Connect SDK 1.8.99 documentation (nordicsemi.com) ). These examples are not related to Modem. This is basically handled by application core and the CC310 peripheral.

    For modem you can find AT command list here in this link https://infocenter.nordicsemi.com/topic/ref_at_commands/REF/at_commands/security/security.html. Security command can be used for device and data security. 

    Hope it helps. 

    Thanks.

    Best Regards,

    Kazi Afroza Sultana

  • 0 in reply to Kazi Afroza Sultana

    Hi Kazi,

    Thanks a lot for taking the time to reply to my question and to compile all the information above.

    Just to be clear: At this point, I am confident TR-03116’s requirements could be met by using some combination of the Nordic Security Module’s backends. I have not tried this so far but that is my understanding of the documentation. For clarity, let us call this approach an application core based implementation.

    However, what I was wondering about was a modem-based implementation. To put it simple: I want to open a secure TLS/DTLS socket with the nrf9160’s modem, configure the required cipher suites and then use it to send my metering data. I want the modem to take care of protocols and crypto so I do not have to worry about it on the application side.

    I have successfully run a small test application on my nrf9160-DK that takes this approach. Now I struggle to verify if this approach will lead to a TR-03116 conform implementation. So it boils down to a couple of questions:

    • Which elliptic curve does the modem use by default?
    • Does the modem support different elliptic curves for its ECC based cipher suites?
    • If yes, which elliptic curves and how do I configure them?
    • If no, will there ever be the option to choose the elliptic curve in use?

    Or to look at it from another angle:

    • Does the modem use the ARM TrustZone Cryptocell 310?
    • Or does it itself run some software implementation of the cryptographic algorithms?

    Since TR-03116 requires the brainpool curves and the ARM TrustZone Cryptocell 310 does not support them, a modem that solely relies on the ARM TrustZone Cryptocell 310 will not be able to satisfy the requirements in question.

    I hope my question got a bit clearer by the above explanation.

     

    Kind regards,

    Dan


    EDIT:

    Thinking about this problem, I just realized I could partially answer one of the questions myself. I recorded a DTLS handshake between the modem-based test application (client) I mentioned above and some test server. In it, the nrf9160's modem announces support for the following cipher suites:
    secp521r1, brainpoolP512r1, secp384r1, brainpoolP384r1, secp256r1, secp256k1, brainpoolP256r1, secp224r1, secp224k1, secp192r1, secp192k1.

  • 0 in reply to Dan H

    Hi again,

    Taking the time to think about the above questions helped to clear up some misconceptions I had. If anyone else will look at this problem, here is what I realized.

    The elliptic curve used by the modem is determined by the key material you decide to use. So first, you create your keys and certificates. In the case of TR-03116, this could be a key on BrainpoolP256r1. Then you follow these instructions to store the credentials in the modem and open a socket referring to the credentials by its sec_tag. One may also want to specify the desired cipher suites using nrf_setsocketopt accordingly. Of corse, the server must also be configured to use the created key and certificates.

    In that way, you should be able to use any of the elliptic curves the modem claims to support and which I mentioned in the edit above. However, I have not tried all of them yet and cannot be certain until then.

    It would still be interesting to know if the modem at all uses the ARM TrustZone Cryptocell 310 for HW acceleration. And if the modem does use it: for all or only some of the curves in question?

     

    Kind regards,

    Dan

  • +1 in reply to Dan H

    The modem does not have a HW accelerator for asymmetric key operations.

Reply Children
No Data
Related
Terms of service