1 changed files with 97 additions and 3 deletions
@ -1,4 +1,98 @@ |
|||||
# SecureIoT_ArduinoServer |
Secure IOT (Arduino Server) |
||||
|
--------------------------- |
||||
|
|
||||
Secure IoT command sending (Arduino Server). |
There are many ways to secure and authenticate a networking communication, but not all solutions will run on a microcontroller, where processing power and memory is a scarce resource. |
||||
There are many ways to secure and authenticate a networking communication, but not all solutions will run on a microcontroller, where processing power and memory is a scarce resource. |
|
||||
|
How does it work? |
||||
|
~~~~~~~~~~~~~~~~~ |
||||
|
|
||||
|
+Server -> the iot device that will receive the command+ |
||||
|
|
||||
|
+Client -> the command sender+ |
||||
|
|
||||
|
|
||||
|
. The Client connects to the Server. |
||||
|
|
||||
|
. [ Optional: The Client sends a predefined ammount of data for the Server to wake up. (Some libraries need the client to send first data, else they will not recognize that a connection was just made.) ] |
||||
|
|
||||
|
. The Server sends a challenge to be solved. |
||||
|
|
||||
|
. The Client send the solved challenge with the command. |
||||
|
|
||||
|
. The Server extracts the command from the response/solution, executes it [Optional: sends back the response ]. |
||||
|
|
||||
|
. [ Optional: The Client extracs the execution response from the Server response. ] |
||||
|
|
||||
|
|
||||
|
|
||||
|
Implementation |
||||
|
~~~~~~~~~~~~~~ |
||||
|
|
||||
|
Server + Client Requirements |
||||
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
||||
|
|
||||
|
- set the same initial data length (0-n) |
||||
|
- set the same hashing function |
||||
|
- set the same symmetric password |
||||
|
|
||||
|
Data |
||||
|
^^^^ |
||||
|
|
||||
|
. [ Optional: Client Sends: 1-n bytes (wake up packet) ] |
||||
|
|
||||
|
. Server: Sends Challenge (1-n bytes) |
||||
|
|
||||
|
. Client: Sends solved challenge ( Len(hash) bytes) |
||||
|
|
||||
|
. [ Optional: Server: Sends Response ( Len(hash) bytes) ] |
||||
|
|
||||
|
|
||||
|
Methodology |
||||
|
^^^^^^^^^^^ |
||||
|
|
||||
|
. [ Optional: The Client after connection, sends a predefined number of bytes. ] |
||||
|
|
||||
|
. The Server generates and sends a random number (bigger -> more secure) for each connection. |
||||
|
. The Client calculates and sends the HMAC of (random server data + command) using the shared secret password |
||||
|
|
||||
|
. The Server tries to find what possible command could the Client have sent |
||||
|
(calculates HMAC of random server data + possible command, using the shared secret password and compares them) |
||||
|
and then calls the corresponding function. [ Optional: The response of that function is then calculated |
||||
|
(HMAC of random server data + response, using the shared secret password) and sent to the Client. ] |
||||
|
|
||||
|
. [ Optional: The Client tries to find what possible response command could the Server have sent |
||||
|
(calculates HMAC of random server data + response command, using the shared secret password) ] |
||||
|
|
||||
|
|
||||
|
|
||||
|
Considerations |
||||
|
~~~~~~~~~~~~~~ |
||||
|
|
||||
|
Pros |
||||
|
^^^^ |
||||
|
|
||||
|
- Minimalistyc nor verbose |
||||
|
- minimal memory usage* |
||||
|
- minimal cpu usage* |
||||
|
- fast** |
||||
|
- authentication |
||||
|
- confidentiality |
||||
|
- replay protection |
||||
|
|
||||
|
*with the use of appropriate hashing functions |
||||
|
|
||||
|
**when a limited ammount of commands is used |
||||
|
|
||||
|
Cons |
||||
|
^^^^ |
||||
|
|
||||
|
- uses symetric cryptography |
||||
|
- is not designed to send multiple bytes (1 byte commands recommended) |
||||
|
- requires a random seed |
||||
|
|
||||
|
Proof of Concept |
||||
|
~~~~~~~~~~~~~~~~ |
||||
|
|
||||
|
Tested and fully working demo is attached! |
||||
|
|
||||
|
This demo was implemented on a pc (Node.JS Client) and an arduino pro mini with an ethernet shield (Server). |
||||
|
|||||
Loading…
Reference in new issue