diff --git a/sec_iot_njs_client.html b/sec_iot_njs_client.html new file mode 100644 index 0000000..7e5cb7c --- /dev/null +++ b/sec_iot_njs_client.html @@ -0,0 +1,941 @@ + + + + + + + + + + + +
+
+

Secure IOT (NodeJS Client)

+
+

There are many ways to secure and authenticate a networking communication, but not all solutions will run on a microcontroller, where processing power and memory is a scarce resource.

+
+

How does it work?

+

Server → the iot device that will receive the command

+

Client → the command sender

+
    +
  1. +

    +The Client connects to the Server. +

    +
  2. +
  3. +

    +[ Optional: The Client sends a predefined ammount of data for the Server to wake up. (Some libraries need the client to send first data, else they will not recognize that a connection was just made.) ] +

    +
  4. +
  5. +

    +The Server sends a challenge to be solved. +

    +
  6. +
  7. +

    +The Client send the solved challenge with the command. +

    +
  8. +
  9. +

    +The Server extracts the command from the response/solution, executes it [Optional: sends back the response ]. +

    +
  10. +
  11. +

    +[ Optional: The Client extracs the execution response from the Server response. ] +

    +
  12. +
+
+
+

Implementation

+
+

Server + Client Requirements

+
    +
  • +

    +set the same initial data length (0-n) +

    +
  • +
  • +

    +set the same hashing function +

    +
  • +
  • +

    +set the same symmetric password +

    +
  • +
+
+
+

Data

+
    +
  1. +

    +[ Optional: Client Sends: 1-n bytes (wake up packet) ] +

    +
  2. +
  3. +

    +Server: Sends Challenge (1-n bytes) +

    +
  4. +
  5. +

    +Client: Sends solved challenge ( Len(hash) bytes) +

    +
  6. +
  7. +

    +[ Optional: Server: Sends Response ( Len(hash) bytes) ] +

    +
  8. +
+
+
+

Methodology

+
    +
  1. +

    +[ Optional: The Client after connection, sends a predefined number of bytes. ] +

    +
  2. +
  3. +

    +The Server generates and sends a random number (bigger → more secure) for each connection. +

    +
  4. +
  5. +

    +The Client calculates and sends the HMAC of (random server data + command) using the shared secret password +

    +
  6. +
  7. +

    +The Server tries to find what possible command could the Client have sent +(calculates HMAC of random server data + possible command, using the shared secret password and compares them) +and then calls the corresponding function. [ Optional: The response of that function is then calculated +(HMAC of random server data + response, using the shared secret password) and sent to the Client. ] +

    +
  8. +
  9. +

    +[ Optional: The Client tries to find what possible response command could the Server have sent +(calculates HMAC of random server data + response command, using the shared secret password) ] +

    +
  10. +
+
+
+
+

Considerations

+
+

Pros

+
    +
  • +

    +Minimalistyc nor verbose +

    +
  • +
  • +

    +minimal memory usage* +

    +
  • +
  • +

    +minimal cpu usage* +

    +
  • +
  • +

    +fast** +

    +
  • +
  • +

    +authentication +

    +
  • +
  • +

    +confidentiality +

    +
  • +
  • +

    +replay protection +

    +
  • +
+

*with the use of appropriate hashing functions

+

**when a limited ammount of commands is used

+
+
+

Cons

+
    +
  • +

    +uses symetric cryptography +

    +
  • +
  • +

    +is not designed to send multiple bytes (1 byte commands recommended) +

    +
  • +
  • +

    +requires a random seed +

    +
  • +
+
+
+
+

Proof of Concept

+

Tested and fully working demo is attached!

+

This demo was implemented on a pc (Node.JS Client) and an arduino pro mini with an ethernet shield (Server).

+
+
+
+
+

+ + +