SecureIoT_ArduinoServer/sec_iot_arduino_server.adoc

Secure IOT (Arduino Server)
---------------------------

There are many ways to secure and authenticate a networking communication, but not all solutions will run on a microcontroller, where processing power and memory is a scarce resource.

How does it work?
~~~~~~~~~~~~~~~~~

+Server -> the iot device that will receive the command+

+Client -> the command sender+


. The Client connects to the Server.

. [ Optional: The Client sends a predefined ammount of data for the Server to wake up. (Some libraries need the client to send first data, else they will not recognize that a connection was just made.) ]

. The Server sends a challenge to be solved.

. The Client send the solved challenge with the command.

. The Server extracts the command from the response/solution, executes it [Optional: sends back the response ].

. [ Optional: The Client extracs the execution response from the Server response. ]


Implementation
~~~~~~~~~~~~~~

Server + Client Requirements
^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- set the same initial data length (0-n)
- set the same hashing function
- set the same symmetric password

Data
^^^^

. [ Optional: Client Sends: 1-n bytes (wake up packet) ]

. Server: Sends Challenge (1-n bytes)

. Client: Sends solved challenge ( Len(hash) bytes)

. [ Optional: Server: Sends Response ( Len(hash) bytes) ]


Methodology
^^^^^^^^^^^

. [ Optional: The Client after connection, sends a predefined number of bytes. ]

. The Server generates and sends a random number (bigger -> more secure) for each connection.
. The Client calculates and sends the HMAC of (random server data + command) using the shared secret password

. The Server tries to find what possible command could the Client have sent 
(calculates HMAC of random server data + possible command, using the shared secret password and compares them)
and then calls the corresponding function. [ Optional: The response of that function is then calculated 
(HMAC of random server data + response, using the shared secret password) and sent to the Client. ]

. [ Optional: The Client tries to find what possible response command could the Server have sent
(calculates HMAC of random server data + response command, using the shared secret password) ]


Considerations
~~~~~~~~~~~~~~

Pros
^^^^

- Minimalistyc nor verbose
- minimal memory usage*
- minimal cpu usage*
- fast**
- authentication
- confidentiality
- replay protection

*with the use of appropriate hashing functions

**when a limited ammount of commands is used

Cons
^^^^

- uses symetric cryptography
- is not designed to send multiple bytes (1 byte commands recommended)
- requires a random seed

Proof of Concept
~~~~~~~~~~~~~~~~

Tested and fully working demo is attached!

This demo was implemented on a pc (Node.JS Client) and an arduino pro mini with an ethernet shield (Server).
Upload files to '' 5 years ago			`Secure IOT (Arduino Server)`
			`---------------------------`

			`There are many ways to secure and authenticate a networking communication, but not all solutions will run on a microcontroller, where processing power and memory is a scarce resource.`

			`How does it work?`
			`~~~~~~~~~~~~~~~~~`

			`+Server -> the iot device that will receive the command+`

			`+Client -> the command sender+`


			`. The Client connects to the Server.`

			`. [ Optional: The Client sends a predefined ammount of data for the Server to wake up. (Some libraries need the client to send first data, else they will not recognize that a connection was just made.) ]`

			`. The Server sends a challenge to be solved.`

			`. The Client send the solved challenge with the command.`

			`. The Server extracts the command from the response/solution, executes it [Optional: sends back the response ].`

			`. [ Optional: The Client extracs the execution response from the Server response. ]`



			`Implementation`
			`~~~~~~~~~~~~~~`

			`Server + Client Requirements`
			`^^^^^^^^^^^^^^^^^^^^^^^^^^^^`

			`- set the same initial data length (0-n)`
			`- set the same hashing function`
			`- set the same symmetric password`

			`Data`
			`^^^^`

			`. [ Optional: Client Sends: 1-n bytes (wake up packet) ]`

			`. Server: Sends Challenge (1-n bytes)`

			`. Client: Sends solved challenge ( Len(hash) bytes)`

			`. [ Optional: Server: Sends Response ( Len(hash) bytes) ]`


			`Methodology`
			`^^^^^^^^^^^`

			`. [ Optional: The Client after connection, sends a predefined number of bytes. ]`

			`. The Server generates and sends a random number (bigger -> more secure) for each connection.`
			`. The Client calculates and sends the HMAC of (random server data + command) using the shared secret password`

			`. The Server tries to find what possible command could the Client have sent`
			`(calculates HMAC of random server data + possible command, using the shared secret password and compares them)`
			`and then calls the corresponding function. [ Optional: The response of that function is then calculated`
			`(HMAC of random server data + response, using the shared secret password) and sent to the Client. ]`

			`. [ Optional: The Client tries to find what possible response command could the Server have sent`
			`(calculates HMAC of random server data + response command, using the shared secret password) ]`



			`Considerations`
			`~~~~~~~~~~~~~~`

			`Pros`
			`^^^^`

			`- Minimalistyc nor verbose`
			`- minimal memory usage*`
			`- minimal cpu usage*`
			`- fast**`
			`- authentication`
			`- confidentiality`
			`- replay protection`

			`*with the use of appropriate hashing functions`

			`**when a limited ammount of commands is used`

			`Cons`
			`^^^^`

			`- uses symetric cryptography`
			`- is not designed to send multiple bytes (1 byte commands recommended)`
			`- requires a random seed`

			`Proof of Concept`
			`~~~~~~~~~~~~~~~~`

			`Tested and fully working demo is attached!`

			`This demo was implemented on a pc (Node.JS Client) and an arduino pro mini with an ethernet shield (Server).`