Addressing SSL/TLS vulnerabilities in IoT Device client side implementation

I understand SSL/TLS is the most commonly data transmission protocol for a secured communication. I need to implement the same in one of the IoT device (ARM® Cortex®-M4 Core at 80 MHz). This will be TLS Client implementation.

Since the device is a small scale device, I am looking for a light weight SSL Library (bearSSL, mbedSSL, ..) to use.

Device needs to store as well as transmit data to server; and I need to ensure a secured communication with data confidentiality and integrity; avoiding any possible attack (MITM,..).

However as I got to read, there are vulnerabilities/pitfalls in SSL/TLS also, does just using a right library will ensure addressing them? Or there are specific things I need to do in my code implementation to address them?

Like right ciphersuite selection; generating and securely storing the keys (key management); …

request for some insight into this.

Memory Addressing – Alignment Clarification

I’m reading “Computer Architecture A Quantitative Approach” (5th edition) and I’m having a hard time understing this table:

enter image description here

I understand how Misalignment happens, i.e., some byte, half-word, word, or double word it’s not a multiple of the address where the element is being stored or accessed. The part that I don’t understand is that it says in the caption: “that the byte offsets that label the columns specify the low-order 3 bits of the address”

My question is why are the low-order 3 bits of the address important or relevant in this situation? I’m assuming that the low order bits are the lowest binary values in the address. My intuition is that the 3 low order bits can tell us if the address is a multiple(2,4, or 8) of whichever data is being accessed, but I’m not sure.

how pseudo direct addressing works?

In pseudo direct addressing mode the 26 bit of the jump instruction are joined to the upper 4 bits of the PC .

  • how could this help in jumping to relative positions suppose I want to jump backward instead of forward ( i.e. if i want to jump to the beginning of a loop after executing it’s body ),

  • What I get is this will limit the jump to be 2^28 from the following instruction but Is this applicable backward too ? I am really confused by this so excuse me for such a silly question…

Independence of order of insertion hashtable with open addressing

I’m taking a data-structure class, and the lecturer made the following assertion:

the number of attempts needed to insert n keys in a hash table with linear probing is independent of their order.

No proof was given, so I tried to get one myself. However, I’m stuck.

My approach at the moment: I try to show that if I swap two adjacent keys the number of attempts doesn’t change. I get the idea behind it, and I think it’s going in the right direction, but I can’t manage to make it into a rigorous proof.

Aside, does this fact also hold for other probing techniques such as quadratic or double hashing?

confusion with worst case for direct addressing

In CLRS there is an exercise for direct addressing data structure

Suppose that a dynamic set S is represented by a direct-address table T of length m. Describe a procedure that finds the maximum element of S. What is the worst-case performance of your procedure?

for this question i have seen a lot of websites indicating the worst case possibility is O(m) by starting and examining every non null slot up to end and then returning the maximum index, but i think it can be done in a faster way than that. If direct addressing tables has m slots , then obviously the highest value should be in the end (i thought keys are treated as indexes in direct addressing,correct me if i am wrong) , so if we start iterating from the end then worst case would be O(m-n) where n is the number of elements examined by our iterator before reaching non null value from end of the direct addressing table

is something wrong with my approach? Can any one clear this topic?

Addressing security issues for documenting internal systems

The Situation

I’m presently a member of a healthcare records team that is sorely understaffed and has an incredibly low bus factor, with only two people with the majority of system knowledge, myself – allocated temporarily, and a consultant – also allocated temporarily. As a result I’m aware the system must be documented or face clinical risk.

Why it’s being documented

There is an incredible amount of system sprawl, complex processes with very little documentation, and I’ve taken it upon myself to start documenting the internal systems (including IPs, ports and database names, but no usernames, passwords or personally identifiable information) on an internal Wiki which the entire organisation can view (which if kept behind a username/password, might be lost in the event of either or both of us leaving).

The issue

The consultant has reasonably raised that they are not comfortable with the idea of IPs and ports for databases etc being found in a central location accessible by the entire organisation.

Whilst I acknowledge that could be useful information for an attacker, my counter-argument is a simple IP and port scan would reveal the same information (if not more), that no usernames or passwords are included on the Wiki, and if they can get in with an IP/port, then that process wasn’t secure to begin with.

My greater concern, on balance of best interests, is to document the system in a transparent manner such the organisation is able to train replacements, which otherwise, if left undocumented, could become an unmaintainable mess and cause all sorts of clinical risks and issues.

The question

Is the approach I’m using for the current situation the correct approach security wise, or is there a better way of handling it?

[It’s worth noting this organisation has no coherent usable system of documentation of available skills, knowledge etc with similar situations in other departments, and I’m trying to encourage an organisation-wide adoption of a Wiki to help mitigate this problem.]

Memory addressing

What does the following sentence mean?

“The 8085 micropressor has the capability of addressing 64KB of RAM?”

In general, what is the meaning of a CPU’s ability to address a given amount of memory? Is there any mathematical relation?

Moreover, how does the CPU make use of the address bus to access a memory? What does the CPU send/do that makes it get the data from a given word address?

How to deal with online position errors in Alberta Rural Addressing system in Google Maps, Bing Maps, Apple Maps, Waze Maps

Alberta has a system for rural addresses described here:

Alberta Rural Addressing System

This system allows a location to be calculated from the address and the dominion survey, and the name of a local municipality. E.g. The address

50042 Range Road 31, Warburg, Alberta is 42/80 of a mile north of township road 500, near Warburg. (The addresses are unique only within roughly a 60-mile radius)

If this address corresponds to an address that the mapping service knows about, all of them seem to plot it correctly. However, if you give an address that is unknown to the system, each plots a location in an arbitrary location on a segment of the road near the municipality.

This can be extreme: E.g.

  • 52420 Range Road 12, Stony Plain, Alberta

  • 51020 Range Road 12, Stony Plain, Alberta (10 miles south of the first location)

  • 62420 Range Road 12, Stony Plain, Alberta (60 miles north of the first location)

all plot at the wrong place.

Worst: None of the 4 services mentioned tell you that the address couldn’t be found.

I have sent feedback to Google and to Bing about this on several occasions.