Velciu Veronica-Mihaela - AAC

Nowadays, security becomes a great concern, as the devices start to process more and more sensitive data, leading to an increased number of attacks. The nodes in an wireless sensors network usually collect environment-related information and then send the data to a gateway, in order to be processed. There might be cases when the collected information leaks sensitive user data, so encrypting the communication would be a good practice is this cases. This project proposes and implements a method of securing the radio communication using symmetric cryptography on Sparrow v4 nodes.

The security module (AES) is characterized by:

• Hardware accelerated encryption and decryption;
• Compatible with AES-128 standard (128 bit key and data block size);
• ECB (encryption/decryption) mode and CBC (encryption) mode support;
• Stand-alone operation, independent of other blocks;
• Uses 16MHz crystal clock of the transceiver;

Controlling the security block is possible over 5 Registers within AVR I/O space:

• AES_STATUS - AES status register
• AES_CTRL - AES control register
• AES_KEY - Access to 16 Byte key buffer
• AES_STATE - Access to 16 Byte data buffer

The use of the security module requires a configuration of the security engine before starting a security operation. The following steps are required:

1. Key Setup - Write encryption or decryption key to KEY buffer (16 consecutive byte writes to AES_KEY)
2. AES configuration:
   • Select AES mode: ECB or CBC
   • Select encryption or decryption
   • Enable the AES Encryption Ready Interrupt AES_READY, if needed
3. Write Data - Write plain text or cipher text to DATA buffer (16 consecutive byte writes to AES_STATE)
4. Start operation - Start AES operation
5. Wait until AES encryption/decryption is finished: AES_READY IRQ or polling AES_DONE bit (register AES_STATUS)
6. Read Data - Read cipher text or plain text from DATA buffer (16 consecutive byte reads from AES_STATE)

In order to make use of the Security module presented in the previous section, I implemented a driver exposed as an Arduino library named AES. The library has the following interface:

void encryptECB(uint8_t *key, uint8_t *plaintext, uint8_t len, uint8_t *ciphertext);

This function encrypts (using AES in ECB mode) len bytes of the plaintext buffer using the given key and writes the result to the cyphertext buffer.

void decryptECB(uint8_t *key, uint8_t *ciphertext, uint8_t len, uint8_t *plaintext);

This function decrypts (using AES in ECB mode) len bytes of the ciphertext buffer using the given key and writes the result to the plaintext buffer.

void encryptCBC(uint8_t *key, uint8_t *iv, uint8_t *plaintext, uint8_t len, uint8_t *ciphertext);

This function encrypts (using AES in CBC mode) len bytes of the plaintext buffer using the given key and writes the result to the cyphertext buffer.

As it can be observed, there is no function for AES in CBC mode decryption. This is due to the lack of support in the ATmega128RFA1 Security Module.