From c30dd42d4802020f9e65d52dd2f8f3b9b9b85eb0 Mon Sep 17 00:00:00 2001 From: kasdimos Date: Thu, 21 Nov 2019 15:52:49 +0000 Subject: [PATCH] Add 'README.md' --- README.md | 98 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..b2a9442 --- /dev/null +++ b/README.md @@ -0,0 +1,98 @@ +Secure IOT (NodeJS Server) +---------- + +There are many ways to secure and authenticate a networking communication, but not all solutions will run on a microcontroller, where processing power and memory is a scarce resource. + +How does it work? +~~~~~~~~~~~~~~~~~ + ++Server -> the iot device that will receive the command+ + ++Client -> the command sender+ + + +. The Client connects to the Server. + +. [ Optional: The Client sends a predefined ammount of data for the Server to wake up. (Some libraries need the client to send first data, else they will not recognize that a connection was just made.) ] + +. The Server sends a challenge to be solved. + +. The Client send the solved challenge with the command. + +. The Server extracts the command from the response/solution, executes it [Optional: sends back the response ]. + +. [ Optional: The Client extracs the execution response from the Server response. ] + + + +Implementation +~~~~~~~~~~~~~~ + +Server + Client Requirements +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +- set the same initial data length (0-n) +- set the same hashing function +- set the same symmetric password + +Data +^^^^ + +. [ Optional: Client Sends: 1-n bytes (wake up packet) ] + +. Server: Sends Challenge (1-n bytes) + +. Client: Sends solved challenge ( Len(hash) bytes) + +. [ Optional: Server: Sends Response ( Len(hash) bytes) ] + + +Methodology +^^^^^^^^^^^ + +. [ Optional: The Client after connection, sends a predefined number of bytes. ] + +. The Server generates and sends a random number (bigger -> more secure) for each connection. +. The Client calculates and sends the HMAC of (random server data + command) using the shared secret password + +. The Server tries to find what possible command could the Client have sent +(calculates HMAC of random server data + possible command, using the shared secret password and compares them) +and then calls the corresponding function. [ Optional: The response of that function is then calculated +(HMAC of random server data + response, using the shared secret password) and sent to the Client. ] + +. [ Optional: The Client tries to find what possible response command could the Server have sent +(calculates HMAC of random server data + response command, using the shared secret password) ] + + + +Considerations +~~~~~~~~~~~~~~ + +Pros +^^^^ + +- Minimalistyc nor verbose +- minimal memory usage* +- minimal cpu usage* +- fast** +- authentication +- confidentiality +- replay protection + +*with the use of appropriate hashing functions + +**when a limited ammount of commands is used + +Cons +^^^^ + +- uses symetric cryptography +- is not designed to send multiple bytes (1 byte commands recommended) +- requires a random seed + +Proof of Concept +~~~~~~~~~~~~~~~~ + +Tested and fully working demo is attached! + +This demo was implemented on a pc (Node.JS Client) and an arduino pro mini with an ethernet shield (Server). \ No newline at end of file