kasdimos
/
SecureIoT_ArduinoServer
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

Update 'README.adoc'

master
kasdimos 5 years ago
parent
384e285392
commit
115edfe14e
1 changed files with 98 additions and 98 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 196
      README.adoc

196
sec_iot_arduino_server.adoc → README.adoc
View File

@ -1,98 +1,98 @@
Secure IOT (Arduino Server) Secure IOT (Arduino Server)
--------------------------- ---------------------------
There are many ways to secure and authenticate a networking communication, but not all solutions will run on a microcontroller, where processing power and memory is a scarce resource. There are many ways to secure and authenticate a networking communication, but not all solutions will run on a microcontroller, where processing power and memory is a scarce resource.
How does it work? How does it work?
~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~
+Server -> the iot device that will receive the command+ +Server -> the iot device that will receive the command+
+Client -> the command sender+ +Client -> the command sender+
. The Client connects to the Server. . The Client connects to the Server.
. [ Optional: The Client sends a predefined ammount of data for the Server to wake up. (Some libraries need the client to send first data, else they will not recognize that a connection was just made.) ] . [ Optional: The Client sends a predefined ammount of data for the Server to wake up. (Some libraries need the client to send first data, else they will not recognize that a connection was just made.) ]
. The Server sends a challenge to be solved. . The Server sends a challenge to be solved.
. The Client send the solved challenge with the command. . The Client send the solved challenge with the command.
. The Server extracts the command from the response/solution, executes it [Optional: sends back the response ]. . The Server extracts the command from the response/solution, executes it [Optional: sends back the response ].
. [ Optional: The Client extracs the execution response from the Server response. ] . [ Optional: The Client extracs the execution response from the Server response. ]
Implementation Implementation
~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~
Server + Client Requirements Server + Client Requirements
^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- set the same initial data length (0-n) - set the same initial data length (0-n)
- set the same hashing function - set the same hashing function
- set the same symmetric password - set the same symmetric password
Data Data
^^^^ ^^^^
. [ Optional: Client Sends: 1-n bytes (wake up packet) ] . [ Optional: Client Sends: 1-n bytes (wake up packet) ]
. Server: Sends Challenge (1-n bytes) . Server: Sends Challenge (1-n bytes)
. Client: Sends solved challenge ( Len(hash) bytes) . Client: Sends solved challenge ( Len(hash) bytes)
. [ Optional: Server: Sends Response ( Len(hash) bytes) ] . [ Optional: Server: Sends Response ( Len(hash) bytes) ]
Methodology Methodology
^^^^^^^^^^^ ^^^^^^^^^^^
. [ Optional: The Client after connection, sends a predefined number of bytes. ] . [ Optional: The Client after connection, sends a predefined number of bytes. ]
. The Server generates and sends a random number (bigger -> more secure) for each connection. . The Server generates and sends a random number (bigger -> more secure) for each connection.
. The Client calculates and sends the HMAC of (random server data + command) using the shared secret password . The Client calculates and sends the HMAC of (random server data + command) using the shared secret password
. The Server tries to find what possible command could the Client have sent . The Server tries to find what possible command could the Client have sent
(calculates HMAC of random server data + possible command, using the shared secret password and compares them) (calculates HMAC of random server data + possible command, using the shared secret password and compares them)
and then calls the corresponding function. [ Optional: The response of that function is then calculated and then calls the corresponding function. [ Optional: The response of that function is then calculated
(HMAC of random server data + response, using the shared secret password) and sent to the Client. ] (HMAC of random server data + response, using the shared secret password) and sent to the Client. ]
. [ Optional: The Client tries to find what possible response command could the Server have sent . [ Optional: The Client tries to find what possible response command could the Server have sent
(calculates HMAC of random server data + response command, using the shared secret password) ] (calculates HMAC of random server data + response command, using the shared secret password) ]
Considerations Considerations
~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~
Pros Pros
^^^^ ^^^^
- Minimalistyc nor verbose - Minimalistyc nor verbose
- minimal memory usage* - minimal memory usage*
- minimal cpu usage* - minimal cpu usage*
- fast** - fast**
- authentication - authentication
- confidentiality - confidentiality
- replay protection - replay protection
*with the use of appropriate hashing functions *with the use of appropriate hashing functions
**when a limited ammount of commands is used **when a limited ammount of commands is used
Cons Cons
^^^^ ^^^^
- uses symetric cryptography - uses symetric cryptography
- is not designed to send multiple bytes (1 byte commands recommended) - is not designed to send multiple bytes (1 byte commands recommended)
- requires a random seed - requires a random seed
Proof of Concept Proof of Concept
~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~
Tested and fully working demo is attached! Tested and fully working demo is attached!
This demo was implemented on a pc (Node.JS Client) and an arduino pro mini with an ethernet shield (Server). This demo was implemented on a pc (Node.JS Client) and an arduino pro mini with an ethernet shield (Server).
Write Preview
Loading…
Cancel
Save