Things have been a little quiet on the blog lately; that’s mainly because the past week or so have been used to do some research into the security landscape, and to figure out the exact direction of this project.
As it stands, this project is going to have a more definite focus on security, specifically implementing some form of TLS, as well as addressing the chromecast vulnerability.
The initial focus will be to implement TLS, starting off with a basic implementation that achieves encrypted communications, which will then be developed to produce an implementation of TLS that could be considered secure. The initial implementation won’t use TLS records, but these will be implemented.
A tested version of AES will be implemented. Different implementations are being looked at at the moment, such as these:
The initial basic implementation will feature Basic TLS handshake, with self-signed certificate, and allow sending encrypted messages. Following this, a mock CA will be created, and authenticating the server, and possibly the WiFi chip will be implemented.